[Freeipa-users] User auth for Samba 3 file server against IPA 3.0.0

dbischof at hrz.uni-kassel.de dbischof at hrz.uni-kassel.de
Mon Aug 11 19:29:01 UTC 2014 

Hi,

On Sun, 10 Aug 2014, Dmitri Pal wrote:
> On 07/21/2014 10:15 AM, dbischof at hrz.uni-kassel.de wrote:
>> On Wed, 16 Jul 2014, Dmitri Pal wrote:
>>> On 07/16/2014 07:16 AM, dbischof at hrz.uni-kassel.de wrote:
>>>> I have IPA running on a CentOS 6 server. This server also acts as 
>>>> NFS- and Samba server. My Linux clients (openSUSE 13.1) work fine 
>>>> (NFS, automount, user auth for ssh and display manager).
>>>> 
>>>> Since I also have some Windows users, I want them to be able to mount 
>>>> their homes via Samba using their IPA password. Just that, no AD or 
>>>> other fancy stuff.
>>> 
>>> Support of Windows users is still where it was. Code might have 
>>> changed so the solution might not apply any more cleanly. Our general 
>>> vision is that windows users belong to Windows and have to be either 
>>> in AD or in Samba4. As soon as Samba 4 supports cross forest trusts we 
>>> will make it supported. Then we will be able to support cases like you 
>>> describe.
>>> 
>>> Also right now Samba FS as a member of IPA domain does not work well. 
>>> It should work better with SSSD 1.12.1 and IPA 4.1 when we make sure 
>>> that all parts are in place but that would still have some problems 
>>> when one has to come from windows client as there is no SSSD 
>>> equivalent for windows clients.
>>> 
>>> Bottom line: no, there is no better info, sorry.
>> 
>> Bummer. Just to make sure: I don't want my Windows users to be able to 
>> log on to their systems using IPA auth, they all have local accounts. I 
>> just want them to be able to manually mount their home shares.
>
> Sorry for a delayed response, I am slowly catching up on these threads. 
> Mounting a share requires authentication with the account that Samba FS 
> server knows about. Samba FS server until now could have been joined to 
> AD only. Samba 4 DC can be used as an alternative of AD. But in both 
> cases Samba FS yet can't be a member of the IPA domain. We are working 
> on it. So once it is done you might be able to manually mount shares 
> using the accounts managed by IPA. It is a question of couple months 
> really so may be you can wait for this functionality to emerge and try 
> it?

will that feature (Samba shares w/ IPA accounts) be available for IPA 3.0 
as in RHEL/CentOS6 or for IPA4 only? Waiting another couple of months 
would be perfectly ok for me, if I could then just update the IPA package 
and do some additional configuration to make it work. I'd happily take 
part in testing the feature in advance, too.


Mit freundlichen Gruessen/With best regards,

--Daniel.

More information about the Freeipa-users mailing list