2013/9/12 Dmitri Pal <d...@redhat.com> > On 09/11/2013 11:27 PM, Christovam Paynes Silva wrote: > > > > > 2013/9/11 Dmitri Pal <d...@redhat.com> > >> On 09/11/2013 04:02 PM, Christovam Paynes Silva wrote: >> >> It is a pity! >> Thank you! >> >> >> >> >> I did not get a feeling that we understand the whole picture correctly >> to say that we provided the full answer.. >> >> What I get from the description: >> 1) Presence of Windows Clients = 100 >> > > Correct! > > >> 2) Presence of AD to rule them >> > > Correct! > > 3) Presence of users (I deduce in AD too, but unclear) = 1000 >> > > Correct! Users are wirelessly. Use windows and linux without domain. > > >> Intent: use open source technologies instead of proprietary solution. >> > > That's right! > > >> >> What is not clear: >> a) Are the users that come through the portal the same users that use >> Windows Clients or not? Is there an overlap? >> > > Users are via wireless. Authenticate users on a "captive portal" with > Squid. Customers are windows, linux and without domain. > > >> b) Is there any kind of Linux servers/machines in the picture? >> > > This question was not clear to me. > > > FreeIPA is a domain controller for Linux/UNIX systems. It main value it to > manage Linux environment inside your enterprise. It can manage users and > groups too as any directory can. It can also authenticate users but its > value is in creating a integrated Linux environment in terms of identity > management. It seems that the setup you have does not actually have such > Linux environment, i.e. Linux machines to join to IPA domain and manage. > The question was: "Do you have Linux systems to manage?". > > >
I have 5 servers. But that's just me working on them. I believe we do not need the IPA. I appreciate the attention. Thank you. > > >> >> If you do not have Linux systems and all users can be stored in one place >> it might be that you do not need FreeIPA. It might be that you can solve >> the problem by using Samba4 instead of AD, connecting your clients to it, >> putting your external portal users into a special OU in Samba4, configuring >> FreeRADIUS to use this OU for authentication. Configure your portal to use >> RADIUS. >> > > > Sorry, I may not have understood the concept of FreeIPA. > > I would like to continue using the AD, because of Group Policy Objects > (GPO). > > > You need to check whether Samba 4 supports GPO and to what extent. > > http://wiki.samba.org/index.php/FAQ#Is_it_possible_to_set_user_specific_password_policies_in_Samba4_.28e._g._on_a_OU-base.29.3F > > > It has the ability to authenticate email services, applications, among > others directly in Samba4? > > > Yes as with any LDAP server but if you are planning to use AD than you do > not need Samba 4 either. > You then point your mail service and applications to AD directly. > Most of modern applications have some sort of LDAP integration for > identity lookup and authentication. That means you would be able to point > them to prety much any directory: AD, Samba4, IPA, 389 ... > > > > > > > >> >> HTH >> >> Thanks >> Dmitri >> >> >> >> >> >> 2013/9/11 Simo Sorce <s...@redhat.com> >> >>> On Wed, 2013-09-11 at 16:37 -0300, Christovam Paynes Silva wrote: >>> > Hello Simo, thanks for the feedback. >>> > I would use the Samba4 with AD and authenticate my clients windows in >>> > FreeIPA. >>> > Is this possible? >>> >>> It is not possible at this point to combine Samba4 AD and freeIPA. >>> >>> Simo. >>> > >>> > 2013/9/11 Simo Sorce <s...@redhat.com> >>> > On Wed, 2013-09-11 at 14:06 -0300, Christovam Paynes Silva >>> > wrote: >>> > > Hello! >>> > > >>> > > >>> > > First I apologize if this topic is redundant. >>> > > >>> > > >>> > > I'm looking on the implementation of FreeIPA . Looking for >>> > the >>> > > forums , have some comments that authentication does not >>> > work with >>> > > Samba4 . Elsewhere say that that possibility exists . Today >>> > we have >>> > > nearly 200 computers in the domain with the "Active >>> > Directory" and one >>> > > wireless "captive portal" with 1000 + proxy users . >>> > > >>> > > I would like to see if the following scenario is possible : >>> > > 1 - Integrating Samba4 with "Active Directory" , to use >>> > their GPO and >>> > > authenticate network users through the FreeIPA . >>> > > 2 - Authenticate proxy servers in FreeIPA . >>> > > 3 - And if it is possible some integration with FreeRADIUS >>> > > >>> > >>> > >>> > Hi Christovam, it is a bit unclear what you mean by >>> > integrating here. >>> > >>> > Is your intent to use Samba4 as an AD domain controller for >>> > your Windows >>> > client s and IPA for your servers ? >>> > >>> > If that's the case unfortunately this is not possible at the >>> > moment as >>> > samba4 does not yet support Forest level trusts. >>> > A Microsoft AD server can be used this way instead. >>> > >>> > Simo. >>> > >>> > -- >>> > Simo Sorce * Red Hat, Inc * New York >>> > >>> > >>> > >>> >>> >>> -- >>> Simo Sorce * Red Hat, Inc * New York >>> >>> >> >> >> _______________________________________________ >> Freeipa-users mailing >> listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users >> >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager for IdM portfolio >> Red Hat Inc. >> >> >> ------------------------------- >> Looking to carve out IT costs?www.redhat.com/carveoutcosts/ >> >> > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs?www.redhat.com/carveoutcosts/ > >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users