[Freeipa-users] User auth for Samba 3 file server against IPA 3.0.0
dbischof at hrz.uni-kassel.de
dbischof at hrz.uni-kassel.de
Mon Aug 11 19:29:01 UTC 2014
Hi,
On Sun, 10 Aug 2014, Dmitri Pal wrote:
> On 07/21/2014 10:15 AM, dbischof at hrz.uni-kassel.de wrote:
>> On Wed, 16 Jul 2014, Dmitri Pal wrote:
>>> On 07/16/2014 07:16 AM, dbischof at hrz.uni-kassel.de wrote:
>>>> I have IPA running on a CentOS 6 server. This server also acts as
>>>> NFS- and Samba server. My Linux clients (openSUSE 13.1) work fine
>>>> (NFS, automount, user auth for ssh and display manager).
>>>>
>>>> Since I also have some Windows users, I want them to be able to mount
>>>> their homes via Samba using their IPA password. Just that, no AD or
>>>> other fancy stuff.
>>>
>>> Support of Windows users is still where it was. Code might have
>>> changed so the solution might not apply any more cleanly. Our general
>>> vision is that windows users belong to Windows and have to be either
>>> in AD or in Samba4. As soon as Samba 4 supports cross forest trusts we
>>> will make it supported. Then we will be able to support cases like you
>>> describe.
>>>
>>> Also right now Samba FS as a member of IPA domain does not work well.
>>> It should work better with SSSD 1.12.1 and IPA 4.1 when we make sure
>>> that all parts are in place but that would still have some problems
>>> when one has to come from windows client as there is no SSSD
>>> equivalent for windows clients.
>>>
>>> Bottom line: no, there is no better info, sorry.
>>
>> Bummer. Just to make sure: I don't want my Windows users to be able to
>> log on to their systems using IPA auth, they all have local accounts. I
>> just want them to be able to manually mount their home shares.
>
> Sorry for a delayed response, I am slowly catching up on these threads.
> Mounting a share requires authentication with the account that Samba FS
> server knows about. Samba FS server until now could have been joined to
> AD only. Samba 4 DC can be used as an alternative of AD. But in both
> cases Samba FS yet can't be a member of the IPA domain. We are working
> on it. So once it is done you might be able to manually mount shares
> using the accounts managed by IPA. It is a question of couple months
> really so may be you can wait for this functionality to emerge and try
> it?
will that feature (Samba shares w/ IPA accounts) be available for IPA 3.0
as in RHEL/CentOS6 or for IPA4 only? Waiting another couple of months
would be perfectly ok for me, if I could then just update the IPA package
and do some additional configuration to make it work. I'd happily take
part in testing the feature in advance, too.
Mit freundlichen Gruessen/With best regards,
--Daniel.
More information about the Freeipa-users
mailing list