[Freeipa-users] Setting up samba with IPA
Steven Jones
Steven.Jones at vuw.ac.nz
Mon Feb 17 23:34:12 UTC 2014
Can we be clear here,
Im not after SSO as such, I can sign in with the AD password but that is failing.
Otherwise if I read you correctly I cant use IPA controlled samba with AD controlled windows hosts at all?
So Im better to de-IPA samba and go back to the old samba method with a local password?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University ITS,
Level 8 Rankin Brown Building,
Wellington, NZ
6012
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com <freeipa-users-bounces at redhat.com> on behalf of Dmitri Pal <dpal at redhat.com>
Sent: Tuesday, 18 February 2014 12:04 p.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Setting up samba with IPA
On 02/17/2014 05:49 PM, Steven Jones wrote:
> Hi,
>
> So what you are saying is AD clients and IPA enabled samba servers dont work as a solution yet?
>
> Ergo I have to remove IPA off the samba server?
I think the setup when you have sync in place is a bit crafty.
I know that people made it work in the past but with some assumptions
that this is not an SSO.
I mean you can't use a Window system and access Samba FS share when
Samba FS is a member of IPA and IPA is in sync relations because user on
Windows and user in IPA are two different users though they have same
name Samba FS can't match the windows SID of the Windows user to the SID
of the IPA user because there is no SID for IPA user.
But on the other side I know that one can make Samba FS work with IPA,
there have been articles about it. I am not sure what is the expectation
about the clients in this case.
The solution that we are working on is based on the trust. This part is
not ready yet. Once ready Samba FS can be a member of the IPA domain,
IPA would trust AD and then users from AD running Windows systems would
be able to directly use Samba FS. This feature is in development right now.
> regards
>
> Steven Jones
>
> ________________________________________
> From: Alexander Bokovoy<abokovoy at redhat.com>
> Sent: Tuesday, 18 February 2014 11:21 a.m.
> To: Steven Jones
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Setting up samba with IPA
>
> On Mon, 17 Feb 2014, Steven Jones wrote:
>> I seem to have got a RHEL6 workstation doing smbclient to an IPA samba
>> enabled server OK.
>>
>>
>> Is there a way to limit some users to CIFS only in IPA?
> If you file system supports POSIX ACLs then simply set limits at the
> file system level, it should work fine.
>
> http://www.redhat.com/archives/freeipa-users/2013-April/msg00270.html
>
>> Also however my AD connected windows7 machine with winsync and passsync
>> in place to IPA wont connect. It doesnt seem to like the password....or
>> user, unsure...
> It doesn't like SID of that user and therefore doesn't think it is the
> same user. There might be other reasons too, as we still haven't settled
> down all bits to enable proper Windows integration for CIFS file
> serving.
>
> --
> / Alexander Bokovoy
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list