[Samba] Samba4 + FreeIPA
Rowland Penny
rpenny at samba.org
Fri Nov 5 07:52:56 UTC 2021
On Thu, 2021-11-04 at 19:15 -0400, Robert Marcano via samba wrote:
> On Thu, Nov 4, 2021, 3:37 PM David Mulder via samba <
> samba at lists.samba.org>
> wrote:
>
> >
> > On 11/3/21 7:45 AM, Cyrus via samba wrote:
> > > Thanks a lot. For this environment we have a 20/80 distribution,
> > > being
> > 80%
> > > Linux servers, workstations & kiosks.
> > >
> > > Windows is indeed limited to some limited administrative user
> > > group
> > (higher
> > > management & accounting department).
> > >
> > > I'm find with the dual realm, with all the users on one side &
> > > trust
> > > between both parties.
> > >
> > > Probably it makes sense to go dual setup in this case. Sudoers &
> > > HBAC
> > feel
> > > more convenient with FreeIPAs WGUI/CLI.
> >
> > Samba sudoers and hbac are deployed via either `samba-tool gpo`
> > command
> > or Windows RSAT. It's no less convenient than the FreeIPA tools.
> >
>
> There is a reason I mentioned that this depends on the relationship
> between
> how many Linux (in reality 'unixy' OSs) vs Windows you have. If you
> are
> mainly a Linux shop with a few Windows, the need to use a Windows
> client
> for some management functions is definitely an inconvenience. Nothing
> more
> convenient that a browser GUI.
>
> Don't get me wrong, I understand that reason for the lack of open
> GUIs to
> manage Samba AD is a community issue, mainly contributions. Ah! And
> having
> to reverse engineer MS protocols and file formats.
It may just be myself, but I cannot really see the point of using
freeipa. Everything it can do, Samba can do, but you cannot say the
same in reverse, Samba can do more than freeipa.
As for GUI's (other than ADUC), then the GUI being produced by Alt
Linux is well worth looking at and it looks very familiar.
Rowland
More information about the samba
mailing list