<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 09/20/2013 07:33 AM, Fred van Zwieten wrote:
<blockquote
cite="mid:CALVifsY7ce7AXm=97rjExrmjWpBvsB_Lp-0JSOS_M=mtnUApHA@mail.gmail.com"
type="cite">
<div dir="ltr">Hi,<br>
<div class="gmail_quote">
<div dir="ltr">
<div><br>
</div>
<div>I wonder if it is possible to have Windows clients
(member of some domain) to connect to SAMBA shares with an
IPA account. I found various howto's voor Kerberized SAMBA
but they al use Linux as the client platform. I have tried
to set it up using a Red Hat Solution article, but I did
not get it to work.</div>
<div><br>
</div>
<div>Is it possible without using trust or synchronization
between AD and IPA? If yes, how?</div>
<span class="HOEnZb"><font color="#888888">
<div><br>
</div>
<div>
<div>
<div dir="ltr">
<div>Fred<br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</font></span></div>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
So the setup is:<br>
<br>
AD and IPA not in trust or sync<br>
There is an IPA user logging into Windows client in AD domain and
trying to access Samba share in which domain? I mean is Samba a
member server in AD domain or IPA?<br>
<br>
Anyways it would not work.<br>
<br>
What should work is: <br>
* User from AD accessing a samba share in AD domain (this is the
setup in the documentation that you refer to).<br>
* User from IPA accessing samba share in IPA domain using Linux
client (I think that has been possible in the past)<br>
<br>
Other scenarios would not work yet AFAIU because:<br>
1) IPA does not provide global catalog yet<br>
2) Samba FS and IPA integration as a member server in trust setup is
not ready to serve users from a trusted domains. There is some work
to be done there. <br>
<br>
Both are on the roadmap but not available right now.<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>