<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I read again the topic
<a class="moz-txt-link-freetext"
href="http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP">http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP</a><br>
It works exactly as I wanted</p>
<p> ipa-adtrust-install created next configuration:<br>
</p>
<p>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</p>
$ net conf list<br>
[global]<br>
workgroup = WORKGROUP<br>
netbios name = SMB<br>
realm = GW.SPB.RU<br>
kerberos method = dedicated keytab<br>
dedicated keytab file = <a class="moz-txt-link-freetext"
href="FILE:/etc/samba/samba.keytab">FILE:/etc/samba/samba.keytab</a><br>
create krb5 conf = no<br>
security = user<br>
domain master = yes<br>
domain logons = yes<br>
log level = 1<br>
max log size = 100000<br>
log file = /var/log/samba/log.%m<br>
passdb backend =
ipasam:ldapi://%2fvar%2frun%2fslapd-GW-SPB-RU.socket<br>
disable spoolss = yes<br>
ldapsam:trusted = yes<br>
ldap ssl = off<br>
ldap suffix = dc=gw,dc=spb,dc=ru<br>
ldap user suffix = cn=users,cn=accounts<br>
ldap group suffix = cn=groups,cn=accounts<br>
ldap machine suffix = cn=computers,cn=accounts<br>
rpc_server:epmapper = external<br>
rpc_server:lsarpc = external<br>
rpc_server:lsass = external<br>
rpc_server:lsasd = external<br>
rpc_server:samr = external<br>
rpc_server:netlogon = external<br>
rpc_server:tcpip = yes<br>
rpc_daemon:epmd = fork<br>
rpc_daemon:lsasd = fork<br>
<br>
But I don't understand why it wasn't put to smb.conf directly.<br>
<br>
The second problem is 'passdb backend'. I didn't find any
documentation about this module. An attempt to replace a file socket
on net connection was failed. And I had to make LDAP replication. It
was easy, but "
<meta http-equiv="content-type" content="text/html; charset=utf-8">
ipa-replica-prepare" installed whole IPA server (tomcat, java,
ldap), not only ldap-server. I need to continue to read
documentation. However the problem was solved. <br>
<br>
<div class="moz-cite-prefix">06.10.2016 23:51, Степаненко Алексей
пишет:<br>
</div>
<blockquote
cite="mid:ff9d93a0-a3e8-e989-3c4a-4e832c46427d@gw.spb.ru"
type="cite">Thank you for your reply. <br>
<br>
I've got Samba server for a company, accounts are created by hand.
Clients are different windows or linux desktops. <br>
<br>
I want to install FreeIPA and have one area for managing accounts
(SMB, SSH-access for others servers). Now, I prepare clean samba
installation for testing. It would be great to use FreeIPA as
authorization server for samba. <br>
<br>
I was looking for information about samba + freeIPA, but I found
only this document. Maybe, I miss obvious things. <br>
<br>
<br>
06.10.2016 20:31, Loris Santamaria пишет: <br>
<blockquote type="cite">The document you are linking to explains
how to configure a samba file <br>
server in a freeipa domain, which is one of many ways you can
configure <br>
and use a samba server. <br>
<br>
What do you want to achieve with samba, and what is your current
setup? <br>
<br>
<br>
El jue, 06-10-2016 a las 19:23 +0300, Степаненко Алексей
escribió: <br>
<blockquote type="cite">Hello. <br>
<br>
I've read the topic about FreeIPA and SAMBA <br>
<a class="moz-txt-link-freetext"
href="http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wit">http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wit</a>
<br>
h_IPA <br>
<br>
If I understand clearly, samba's client must be present in <br>
FreeIPA AD. <br>
Unfortunately, it does not work for me. I can't join some work
<br>
desktops <br>
to AD. Is it possible to make Samba auth trough LDAP IPA ?
Samba has <br>
ldap support <br>
<br>
ldap admin dn <br>
ldap group suffix <br>
ldap idmap suffix <br>
ldap machine suffix <br>
ldap passwd sync <br>
ldap suffix <br>
ldap user suffix <br>
<br>
Does it work with IPA ? <br>
<br>
Thanks. <br>
<br>
</blockquote>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>