Hi Dimitri & Jakub, Yes for us it is use case. Non-domain logins / NTLMSSP support in SSSD is the final component we seem to need to allow Windows clients from a non-trusted AD domain to access Samba shares using a username and password combination, without having to use Kerberos.
IPA and SSSD is a phenomenal body of work that has huge potential, all your work is much appreciated. Thanks, Dylan. On 12 May 2015 at 17:47, Dmitri Pal <[email protected]> wrote: > On 05/12/2015 07:03 AM, Dylan Evans wrote: >> >> Hi Jakub, >> >> It's good to know it's going to happen, let's hope it gets into 1.13 >> and everyone has a very productive summer! >> >> I've been watching IPA for a couple of years and this is the last >> thing that's preventing it from being implemented in our production >> environment. > > > So is this use case the main reason of needing NTLMSSP support or there are > some other use cases that drive this requirement? > Can you please share them? > > >> Thanks, >> >> Dylan. >> >> On 11 May 2015 at 20:42, John Obaterspok <[email protected]> >> wrote: >>> >>> I have about the same setup: >>> >>> This is the setup (everything is up-to-date): >>> - ipa-server: F21, ipa-server 4.1, samba 4.1 >>> - win-client: Windows 7 Home Premium >>> >>> I tried to enroll the win-client in the domain but failed on the windows >>> side due to home editions not being able to join a domain. >>> But I can still access shares from the win-client by user/pwd >>> >>> The only difference in my setup is that I use samba server on the >>> ipa-server >>> itself. >>> >>> -- john >>> >>> 2015-05-10 19:02 GMT+02:00 Jakub Hrozek <[email protected]>: >>>> >>>> On Thu, May 07, 2015 at 03:30:06PM +0100, Dylan Evans wrote: >>>>> >>>>> By coincidence I posted a very similar question yesterday - >>>>> https://www.redhat.com/archives/freeipa-users/2015-May/msg00103.html. >>>>> >>>>> +1 for the necessary support for out-of-domain Windows clients and >>>>> NTLMSSP. >>>>> >>>>> Is there a time-table for this? >>>> >>>> It is a nice-to-have feature for the next SSSD version (1.13, this >>>> summber), >>>> but my hopes are not high that we're going to make it. I think 1.14 is >>>> more >>>> realistic. >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >>> >>> > > > -- > Thank you, > Dmitri Pal > > Director of Engineering for IdM portfolio > Red Hat, Inc. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
