On to, 21 loka 2021, Yehuda Katz via FreeIPA-users wrote:
I was asked to set up a completely new network for a non-profit. They have a mix of Windows and Linux (mostly Ubuntu) machines. Until now I have only used FreeIPA (or RedHat IDM) in a standalone configuration. Is there any kind of best practices documentation for this situation? A discussion of a sync vs. trust approach? Any known gotchas?
Things to consider: - Windows machines cannot be enrolled into FreeIPA, they have to be enrolled into Active Directory - If users are all on Active Directory side, they can login to FreeIPA-enrolled machines through trust to Active Directory - While winsync plugin allows to synchronize users from Active Directory side to FreeIPA (they become FreeIPA users), this is of limited functionality and in general not going to live well in future as we consider deprecating this approach It used to be that non-Pro versions of Windows weren't possible to join to Active Directory. I'd rather checked what is in use before planning it. For a non-profit it is probably worth to consider deploying Samba AD as your Active Directory configuration. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
