Not worried about Windows 10 Home. All the machines have Pro. I also have no issues running real Windows Server domain controllers.
I do want to be able to use policy features in IPA like HBAC, sudo rules, etc. Will a trust without synced local users cause any issues with that? - Y Sent from a device with a very small keyboard and hyperactive autocorrect. On Fri, Oct 22, 2021, 12:42 AM Jonathan Aquilina <[email protected]> wrote: > Hi Guys, > > Long time lurker. I can confirm in order to join an AD domain you need at > least win 10 Pro > > The below using Samba isn’t a bad idea in all fairness. The question > becomes though how would you join an windows 10 home machine to the samba > AD controller? > > Regards, > Jonathan > > -----Original Message----- > From: Alexander Bokovoy via FreeIPA-users < > [email protected]> > Sent: 22 October 2021 06:32 > To: FreeIPA users list <[email protected]> > Cc: Yehuda Katz <[email protected]>; Alexander Bokovoy < > [email protected]> > Subject: [Freeipa-users] Re: Recommendations for completely new IPA and AD > > On to, 21 loka 2021, Yehuda Katz via FreeIPA-users wrote: > >I was asked to set up a completely new network for a non-profit. They > >have a mix of Windows and Linux (mostly Ubuntu) machines. Until now I > >have only used FreeIPA (or RedHat IDM) in a standalone configuration. > >Is there any kind of best practices documentation for this situation? A > >discussion of a sync vs. trust approach? Any known gotchas? > > Things to consider: > - Windows machines cannot be enrolled into FreeIPA, they have to be > enrolled into Active Directory > > - If users are all on Active Directory side, they can login to > FreeIPA-enrolled machines through trust to Active Directory > > - While winsync plugin allows to synchronize users from Active > Directory side to FreeIPA (they become FreeIPA users), this is of > limited functionality and in general not going to live well in future > as we consider deprecating this approach > > It used to be that non-Pro versions of Windows weren't possible to join to > Active Directory. I'd rather checked what is in use before planning it. > > For a non-profit it is probably worth to consider deploying Samba AD as > your Active Directory configuration. > > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering Red Hat Limited, Finland > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://link.edgepilot.com/s/353e228f/dztk3XYEi0aFWaiQj6NYgQ?u=https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://link.edgepilot.com/s/5d76def5/Td4UrtlZ6EOnNh9n6-3LKQ?u=https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://link.edgepilot.com/s/272b5696/8xmEHAzD_kibpiI-63hpXQ?u=https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://link.edgepilot.com/s/0f57d6da/-ls6zhlc-0uuBKO_6RvycA?u=https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
