[Freeipa-users] Re: ipa-user backend for samba
mahen
mahendra at latticenetworks.com
Fri Mar 20 09:19:41 UTC 2009
Hi,
In both the cases( ipa-user @ ipa-server and ipa-user @ ipa-client)
smbclient -k works fine.
mahendra
On Fri, 2009-03-20 at 12:12 +0300, Konstantin Kozlov wrote:
> Hi,
>
> mahen wrote:
> > Hi,
> > well these are the steps....
> >
> > 1. ipaserver as server
> > 2. sambaserver + ipaclient as smbserver
> > 3. winXP ipa-client as ipa-client
> >
> > In IPA-Server:
> > ipa-addservice cifs/sambaserver.example.com
> >
> > In SambaServer:
> > kinit admin at EXAMPLE.COM
> > ipa-getkeytab -s ipaserver.example.com -p cifs/sambaserver.example.com
> > -k /etc/krb5.keytab
> >
> > The two key paramters of smb.conf related to kerberos are
> > realm = EXAMPLE.COM
> > use kerberos keytab = yes.
> >
> > SAMBASERVER WORKS FINE AS AN IPA-CLIENT.
> >
> What happens when you log into ipaserver as ipauser and try smbclient?
> What happens when you log into ipaclient as ipauser and try smbclient?
> Kostya
>
> >
> > Please let me know if i have missed out any configuration.
> >
> > Thanks.
> > mahendra
> >
> > On Fri, 2009-03-20 at 11:10 +0300, Konstantin Kozlov wrote:
> >> Hi,
> >>
> >> it works for me.
> >>
> >> mahen wrote:
> >>> Hi,
> >>> Can I use IPA users as backend for samba i.e. can I access samba share
> >>> from windows system (XP) using ipa user authentication.
> >>>
> >> I am using it that way.
> >>
> >>> My settings are exactly the way it has been specified in the given
> >>> document.
> >>> http://www.dlt.com/sr/PDF/redhat/Securing_Samba_with_IPA-1.0.pdf
> >>>
> >>> I think "passdb" parameter of smb.conf should point to IPA user database
> >>> but don't know how to do that.
> >>>
> >> Well, samba is looking in Kerberos that is looking in LDAP, so my
> >> understanding is that 'passdb' is not used.
> >>
> >>> currently it is pointing to smbpasswd as per the above document.
> >>> With the current setup, I can access samba shares with smbclient -L
> >>> sambaserver.example.com command.
> >>>
> >> Under ipa-user? What kerberos ticket do you have in that case? From what
> >> machine?
> >>
> >>> But smbclient -k -L sambaserver.example.com gives me error.
> >>> "cli_session_setup_blob: receive failed (NT_STATUS_LOGON_FAILURE)
> >>> session setup failed: NT_STATUS_LOGON_FAILURE"
> >>>
> >> Well I am not very good specialist in samba but I think you must check
> >> the following:
> >>
> >> 1. firewalls
> >> 2. time sync
> >> 3. kerberos tickets
> >> 4. increase samba logging and look in samba logs
> >> 5. do you have a coorect principal in ipa?
> >>
> >> regards,
> >>
> >> Kostya
> >>
> >>> please help.
> >>>
> >>> Thanks....
> >>> Mahendra
> >>>
> >>>
> >>
> >
> >
>
>
More information about the Freeipa-users
mailing list