[Freeipa-users] Setting up samba with IPA

Dmitri Pal dpal at redhat.com
Mon Feb 17 23:04:15 UTC 2014 

On 02/17/2014 05:49 PM, Steven Jones wrote:
> Hi,
>
> So what you are saying is AD clients and IPA enabled samba servers dont work as a solution yet?
>
> Ergo I have to remove IPA off the samba server?

I think the setup when you have sync in place is a bit crafty.
I know that people made it work in the past but with some assumptions 
that this is not an SSO.
I mean you can't use a Window system and access Samba FS share when 
Samba FS is a member of IPA and IPA is in sync relations because user on 
Windows and user in IPA are two different users though they have same 
name Samba FS can't match the windows SID of the Windows user to the SID 
of the IPA user because there is no SID for IPA user.
But on the other side I know that one can make Samba FS work with IPA, 
there have been articles about it. I am not sure what is the expectation 
about the clients in this case.

The solution that we are working on is based on the trust. This part is 
not ready yet. Once ready Samba FS can be a member of the IPA domain, 
IPA would trust AD and then users from AD running Windows systems would 
be able to directly use Samba FS. This feature is in development right now.

> regards
>
> Steven Jones
>
> ________________________________________
> From: Alexander Bokovoy<abokovoy at redhat.com>
> Sent: Tuesday, 18 February 2014 11:21 a.m.
> To: Steven Jones
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Setting up samba with IPA
>
> On Mon, 17 Feb 2014, Steven Jones wrote:
>> I seem to have got a RHEL6 workstation doing smbclient to an IPA samba
>> enabled server OK.
>>
>>
>> Is there a way to limit some users to CIFS only in IPA?
> If you file system supports POSIX ACLs then simply set limits at the
> file system level, it should work fine.
>
> http://www.redhat.com/archives/freeipa-users/2013-April/msg00270.html
>
>> Also however my AD connected windows7 machine with winsync and passsync
>> in place to IPA wont connect. It doesnt seem to like the password....or
>> user, unsure...
> It doesn't like SID of that user and therefore doesn't think it is the
> same user. There might be other reasons too, as we still haven't settled
> down all bits to enable proper Windows integration for CIFS file
> serving.
>
> --
> / Alexander Bokovoy
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list