[Freeipa-users] Using FreeIPA as password backend for Samba
Tomasz Z. Napierala
tomasz.napierala at allegro.pl
Thu Oct 1 12:06:03 UTC 2009
Dnia 2009-09-23, śro o godzinie 20:46 +0200, Loris Santamaria pisze:
> We integrate freeipa and samba 3 having freeipa generating automatically
> the sambaSID for users and groups.
>
> First step, you need to modify cn=ipaconfig to have freeipa add the
> appropriate objectclasses:
>
> ldapmodify <<EOF
> dn: cn=ipaconfig,cn=etc,dc=yourdomain
> changetype: modify
> add: ipaUserObjectClasses
> ipaUserObjectClasses: sambaSAMAccount
> -
> add: ipaGroupObjectClasses
> ipaGroupObjectClasses: sambaGroupMapping
> EOF
That's pretty straightforward and clear
> Second you may configure the ipa-dna (or dna) plugin to generate
> sambasids for users and groups. Something like (using 389's dna plugin):
[cut]
> NOTE 1, you have to change the dnaprefix attribute to match the sambaSID
> of your domain, which you can get with the command "net rpc getlocalsid"
Does it mean, that I can only have one Samba server in Kerberos realm?
This is quite important, because we have about 10 development servers,
and each of them is running it's own Samba server. I'd like to sync
passwords on all servers, would it be possible?
P.S. Loris, sorry for off-list message :/
Regards,
--
Tomasz Napierała
Systems Architecture Engineer,
IT Infrastructure Department
Allegro Team
http://www.allegro.pl/
QXL Poland sp. z o.o.
ul. Marcelińska 90, 60-324 Poznań
NIP 779-21-25-257;
Sąd Rejonowy Poznań - Nowe Miasto i Wilda w Poznaniu, Wydział VIII
Gospodarczy
KRS nr 0000104322
Kapitał zakładowy: 1.046.000 zł.
More information about the Freeipa-users
mailing list