[Freeipa-users] User auth for Samba 3 file server against IPA 3.0.0

[dbischof at hrz.uni-kassel.de]

Dmitri,

thanks for your answer.

On Wed, 16 Jul 2014, Dmitri Pal wrote:

> On 07/16/2014 07:16 AM, dbischof at hrz.uni-kassel.de wrote:
>> I have IPA running on a CentOS 6 server. This server also acts as NFS- 
>> and Samba server. My Linux clients (openSUSE 13.1) work fine (NFS, 
>> automount, user auth for ssh and display manager).
>> 
>> Since I also have some Windows users, I want them to be able to mount 
>> their homes via Samba using their IPA password. Just that, no AD or 
>> other fancy stuff.
>
> Support of Windows users is still where it was. Code might have changed 
> so the solution might not apply any more cleanly. Our general vision is 
> that windows users belong to Windows and have to be either in AD or in 
> Samba4. As soon as Samba 4 supports cross forest trusts we will make it 
> supported. Then we will be able to support cases like you describe.
>
> Also right now Samba FS as a member of IPA domain does not work well. It 
> should work better with SSSD 1.12.1 and IPA 4.1 when we make sure that 
> all parts are in place but that would still have some problems when one 
> has to come from windows client as there is no SSSD equivalent for 
> windows clients.
>
> Bottom line: no, there is no better info, sorry.

Bummer. Just to make sure: I don't want my Windows users to be able to log 
on to their systems using IPA auth, they all have local accounts. I just 
want them to be able to manually mount their home shares.

Since I'm still more or less testing stuff, I wonder where to go from 
here. Before biting the bullet having separate Samba accounts: Would it 
help to switch to Samba 4? This post

https://www.redhat.com/archives/freeipa-users/2013-April/msg00248.html

suggests that it's possible. Somebody out there did it successfully?

>> [1] http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration/


Mit freundlichen Gruessen/With best regards,

--Daniel.