[Samba] Samba4 + FreeIPA

Cyrus cyruspy at gmail.com
Wed Nov 3 13:45:57 UTC 2021 

Thanks a lot. For this environment we have a 20/80 distribution, being 80%
Linux servers, workstations & kiosks.

Windows is indeed limited to some limited administrative user group (higher
management & accounting department).

I'm find with the dual realm, with all the users on one side & trust
between both parties.

Probably it makes sense to go dual setup in this case. Sudoers & HBAC feel
more convenient with FreeIPAs WGUI/CLI.

Regards,
CI.-

On Wed, Nov 3, 2021, 10:10 Robert Marcano via samba <samba at lists.samba.org>
wrote:

> On 11/3/21 7:07 AM, Cyrus via samba wrote:
> > Good morning,
> >
> > I'm in the need to implement an Identity service for a mixed environment
> > with Windows workstations & Linux systems with a common set of users.
> >
> > Would it be possible to implement Samba4 for the MS Windows realm and
> > FreeIPA for the linux machines (where I expect to make use of HBAC &
> > sudoers support)?.
>
> Yes, it is possible, but you will not get a single realm, you will have
> at least two and will need to setup cross realm trusts.
>
> As another replies have stated, you can do much of what you need with
> Samba alone.
>
> Unless you Linux clients and servers outnumber your Windows
> workstations, going with Samba AD alone is probably your best bet,
> because you are already immersed on the Windows client world, you will
> not have too much problem with having the need to use a Windows client
> to manage some of Samba AD features.
>
> On the other hand, if your fleet of machines is mainly Linux, like some
> of my installations where Windows is restricted to some management or
> special users that require it, while the other majority is full of OLTP
> application users running Linux. I would go with the dual installation,
> there are features that FreeIPA gives on these environments like an
> integrated Certificate authority and automated certificate distribution
> and renewal, that will requiredmanual integration on a Samba AD
> installation.
>
> >
> > Would make sense to have all the users in Samba4 or the other way around
> > (all users in FreeIPA).
> >
> > Any advice would be appreciated.
> >
> > Regards,
> > CI.-
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list