[Freeipa-users] Getting Samba to authenticate against FreeIPA

Sun Mar 24 17:14:12 UTC 2013

That guide at techslaves.org sounds like a perfect match for our needs,
unfortunately the map and reality didn't quite match...

Point 4.3 says:

> 4.3. Test the CLI. With an “admin” (or equivalent priv) kerberos
> ticket, try creating a new group:
>
> account at ipaserver:~
> $ ipa group-add testgrp --desc="Testing the group.py CLI mods"
> ---------------------
> Added group "testgrp"
> ---------------------
>   Group name: testgrp
>   Description: Testing the group.py CLI mods
>   GID: 1234500010
>   Samba Group Type: 4

So I did. However, all I get is:

> ipa: ERROR: Unknown option: sambagrouptype

but I've followed the instructions carefully. There's, however, an added
complication here and that's that the sambaserver runs on a different
machine than the IPA-server and since it's not obvious (to me at least)
which part goes where I ran all the commands on the sambaserver. I bet
at least some of the steps would have to be run on the IPA-server.

Does anyone have an idea what went wrong? All the commands went through
without a problem until ipa group-add...

Regards

/Martin

On 03/24/2013 04:06 PM, Simo Sorce wrote:
> On Sun, 2013-03-24 at 10:03 +0600, Arthur Fayzullin wrote:
>> 24.03.2013 04:27, Martin пишет:
>>> Hello, apologize if this is a faq.
>>>
>>> We're trying to set up a file server that authenticate all users against
>>> a FreeIPA-server. The systems are up to date CentOS 6 machines and
>>> everything works just swell for logins and NFS4-mounts. However, we're
>>> completely stuck on samba.
>>>
>>> We've tried to figure out how to make a samba 3 use PAM, ldap or
>>> whatever (and that way authenticate towards FreeIPA) and right now we're
>>> trying Samba 4 because we hoped that would be simpler. So far we're out
>>> of luck.
>>>
>>> What we want is just a stand alone samba server (there's no windows
>>> servers on this network) that is connected to FreeIPA. It sounds like a
>>> pretty basic thing to get to work, but apparently that's not the case.
>>>
>>> ...help? Maybe someone has a working config they could share?
>>>
>>> /Martin
> A while ago someone made this post:
> http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration/
>
> It is not the only way to configure samba but it is a possible solution
> for your request.
>
>
>> This is about samba-sharea, but may be can help
>> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/cifs.html
>>
>
> If you are interested in client cifs just ignore point 4 and 5 of
> 11.4.2, they must be cut&paste errors from nfs client instructions, I am
> filing a bug to fix it.
>
> Simo.
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users