On Mon, May 13, 2019 at 01:06:10PM +0300, Alexander Bokovoy via FreeIPA-users wrote:
On ma, 13 touko 2019, Dirk Streubel via FreeIPA-users wrote:
>does somebody now if it now possible to build a Trust between Samba 4.10 with
MIT-Kerberos and Freeipa Version 4.7.
>The last entry about this thing is about a year old.
>Maybe someone here in this List have new Information for me.
You may try with versions in Fedora 30 (updates). It includes FreeIPA
4.7.90.pre1 which has some improvements in this area.
Just to be sure: this is about AD users from a Samba-based domain
accessing FreeIPA resources. The other way around (i.e. IPA users
logging into Windows systems) is not expected to work, right?
AFAICT, it still hinges on the availability of a Global Catalog
implementation on the IPA side. Correct?
Is your 2017 SambaXP talk[1] still an accurate description of what would
need to happen to make this work?
Thanks,
Lars
[1]
https://talks.vda.li/talks/2017/SambaXP/freeipa_gc.pdf