On Wed, 2016-07-06 at 22:54 -0400, Adrian HY wrote:
> William, thanks for your quick response. My principal preference for 389-ds
> is the multimaster replication. I need some Windows users can authenticate
> in 389-ds but not using third-party software such as pGina.
If you want to authenticate windows hosts without pGina, you will
require a MS ADDC, or Samba4 acting as an ADDC. You cannot use 389-ds
for this purpose I am sorry.
Samba 4 and MS ADDC both are capable of multiple master replication and
complex topologies. Please see:
https://technet.microsoft.com/en-us/library/cc755994%28v=ws.10%29.aspx
https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory
>
> I know that 389-ds is just a directory but I read this post (
> http://directory.fedoraproject.org/docs/389ds/howto/howto-samba.html) and I
> would like to know if the solution can be valid or if there is another
> alternative.
That blog is related to using a samba install to authenticate users to
shares against 389-ds where an AD domain is not available.
I hope that this helps you,
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
No comments:
Post a Comment