[Freeipa-users] User auth for Samba 3 file server against IPA 3.0.0
dbischof at hrz.uni-kassel.de
dbischof at hrz.uni-kassel.de
Mon Jul 21 14:15:19 UTC 2014
Dmitri,
thanks for your answer.
On Wed, 16 Jul 2014, Dmitri Pal wrote:
> On 07/16/2014 07:16 AM, dbischof at hrz.uni-kassel.de wrote:
>> I have IPA running on a CentOS 6 server. This server also acts as NFS-
>> and Samba server. My Linux clients (openSUSE 13.1) work fine (NFS,
>> automount, user auth for ssh and display manager).
>>
>> Since I also have some Windows users, I want them to be able to mount
>> their homes via Samba using their IPA password. Just that, no AD or
>> other fancy stuff.
>
> Support of Windows users is still where it was. Code might have changed
> so the solution might not apply any more cleanly. Our general vision is
> that windows users belong to Windows and have to be either in AD or in
> Samba4. As soon as Samba 4 supports cross forest trusts we will make it
> supported. Then we will be able to support cases like you describe.
>
> Also right now Samba FS as a member of IPA domain does not work well. It
> should work better with SSSD 1.12.1 and IPA 4.1 when we make sure that
> all parts are in place but that would still have some problems when one
> has to come from windows client as there is no SSSD equivalent for
> windows clients.
>
> Bottom line: no, there is no better info, sorry.
Bummer. Just to make sure: I don't want my Windows users to be able to log
on to their systems using IPA auth, they all have local accounts. I just
want them to be able to manually mount their home shares.
Since I'm still more or less testing stuff, I wonder where to go from
here. Before biting the bullet having separate Samba accounts: Would it
help to switch to Samba 4? This post
https://www.redhat.com/archives/freeipa-users/2013-April/msg00248.html
suggests that it's possible. Somebody out there did it successfully?
>> [1] http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration/
Mit freundlichen Gruessen/With best regards,
--Daniel.
More information about the Freeipa-users
mailing list