[Freeipa-devel] freeipa and samba

Tue Feb 12 00:38:56 UTC 2008

Simo Sorce wrote:
> On Mon, 2008-02-11 at 11:14 -0800, Rob Crittenden wrote:
>   
>> Simo Sorce wrote:
>>     
>>> On Sun, 2008-02-10 at 20:46 +0100, Thomas Sailer wrote:
>>>       
>>>> On Wed, 2008-02-06 at 15:25 -0500, Simo Sorce wrote:
>>>>
>>>>         
>>>>> Yes, in IPA v1.0 the concept of machine accounts still do not exist.
>>>>> For samba anyway, machine accounts are just user accounts and must be
>>>>> available via nss calls, so at all effects what you need for now is just
>>>>> regular user accounts named after the machine name.
>>>>>           
>>>> Well, machines normally live under ou=Computers, not ou=People. I think
>>>> I'll stay with smbldap-tools, until IPA has the machine account concept.
>>>>         
>>> In IPA we already have the cn=Computers container, and for users we have
>>> CN=Users. It's just that we do not have any tool to populate the
>>> cn=Computers container yet.
>>>
>>>       
>>>>> No they are more advanced tools to tweak an installation, you shouldn't
>>>>> need to use them for day to day operations though.
>>>>>           
>>>> True wrt. the configuration dialogs, but the user/group editing GUI does
>>>> not seem to be usable for IPA, as it isn't able to add sambaSam and krb
>>>> stuff.
>>>>         
>>> Yes, to manage users you should use the IPA WebUI or CLI tools.
>>>
>>>       
>>>> I have some problems with accessing the IPA gui. It works with curl, but
>>>> I couldn't get neither firefox on F8, nor IE and firefox on XP to access
>>>> the gui. They seem to do SPNEGO, but the ticket does not seem to be
>>>> delegatable. What exact browser / krb5 library versions are you using on
>>>> the client?
>>>>         
>>> It should work fine with Firefox on any Fedora/RedHat box (and probably,
>>> but not tested just any other recent Linux distro).
>>>
>>> When you connect to the server, if Firefox is not correctly configured,
>>> you should be presented with a page that will configure Firefox for you
>>> if you allow it to mess with your browser configuration (security
>>> warning dialogs and all).
>>>
>>> To make it work you need anyway to kinit admin at REALM on the client
>>> before pointing Firefox at the Web UI or using the CLI tools.
>>>
>>> Can you provide the error you get with Firefox ?
>>>
>>> Simo.
>>>
>>>       
>> And on Fedora 8 you need krb5-* >= 1.6.2-11
>>     
>
> Oh right!
> This package is still sleeping on the testing queue unfortunately, I am
> pushing to have it pushed to stable asap.
>
> To install it just do:
>
> yum install --enablerepo=updates-testing krb5-server
>
> This should bring in all the dependencies as well.
>
> Simo.
>
>   
I added a note about this to the installation doc.

-- 

David O'Brien
IPA Content Author

"We couldn't care less about comfort. We make you feel good."
Federico Minoli CEO Ducati Motor S.p.A.