[Freeipa-users] ipa <-> samba
Torsten Scholak
torsten.scholak at googlemail.com
Wed Apr 30 20:17:58 UTC 2014
Hi there,
I am considering to set up a smb2 server intended for certain windows machines and macs that are not member of the kerberos realm and hence not single sign-on enabled (read: guest machines).
The server for the smb service runs a fresh Fedora 20 and is also holding an ipa replica.
Let me strees that I don't need a domain controller nor the synchronization to one, just a way to allow samba to lookup and authenticate against credentials provided by freeipa. This is just a pet project in a non-production environment (home).
I searched around a bit and found a number of guides and mailing list posts, e.g.
https://www.mail-archive.com/freeipa-users@redhat.com/msg04928.html
However, information tends to be scarce, scattered, and incomplete. Since most of it is rather old, I worry that it is horribly outdated.
Today, how would I go about this?
Is this configuration at all supported?
Do I get samba 3 or samba 4 for that job?
Do I use ldapsam as passdb backend?
Do I need to extend the schema?
Which attributes/objectclasses do users and groups have to have in order to work with samba?
Do they have to be converted to posix objects?
What is ipa-sam? Is there any documentation for ipa-sam?
I'm not requesting a full step-by-step tutorial here, I just hope someone can point me in the right direction.
Best,
Torsten
More information about the Freeipa-users
mailing list