[Freeipa-users] samba & IPA

[Rob Crittenden]

Steven Jones wrote:
> Hi,
>
> Control samba with IPA, aka IPA controlling say ssh, so hbacl control between a samba user group and a samba host group per samba share.
>
> So redhat linux clients to redhat linux samba server (rhel6.2's)
>
> I need to automount smb shares for linux users who are in IPA.
>
> So far I have kerberos going, but I cant control a samba share based on IPA groups....or even users...so far it seems to be valid users = guest1 in the smb.conf, which is close to useless.
>
> I need the control of the share(s) valid users = ipaserver/sambagroup/user1,2,3 etc type of thing, can this be done?

I know next to nothing about Samba but I don't think anyone has tried 
any of this before. In your tests to date where are you storing your 
Samba users, in IPA? You added the objectclasses to the users, assigned 
a SID and all that?

How/where does one define the kind of controls you're looking for? We 
don't provide anything like that in IPA now.

IPA can provide automount files, so I presume you can store your Samba 
maps there, as for access control that would be done by automount itself.

> A useable alternative would be a IPA kerberos ticket to login and use AD for group control, clunky but centralised...I know in ipav3? domain trusts will be possible to look up AD groups......but really I want to use IPA s groups as I have linux users who do not want to be / are not in AD....

I don't know, I barely grok what it is you're asking (gladly ignorant of 
AD).

regards

rob