[Freeipa-users] IPA - Samba / Redmine / Disable Kerberos?
Petr Spacek
pspacek at redhat.com
Wed Mar 26 11:28:00 UTC 2014
On 26.3.2014 10:44, צביקה הרמתי wrote:
> Hi.
> I have a small network of CentOS6.5 servers, and installed standard IdM
> (==FreeIPA).
> Everything works fine.
>
> Now I want to use IPA for other uses:
>
> 1.
> Use IPA together with Samba. I *don't* have fancy Windows servers, AD, or
> whatever. My network is comprised of a few CentOS servers, and some Windows
> 7/8 laptops that connect to it with SSH and VNC.
> I have installed (successfully) Samba, which should be used only for file
> sharing between Linux and Windows. No need for other features.
> However, in order to use Samba I have to define each user for Samba, and
> keep separate passwords.
>
> I'm confident that I missed something, and Samba can be somehow integrate
> with IPA, to use authenticate users against it.
> But I didn't find any solution or HowTo...
>
> 2.
> I'm using Redmine (issue tracking tool), that can authenticate against LDPA
> server (http://www.redmine.org/projects/redmine/wiki/RedmineLDAP).
> Can I use IPA for this?
Sure :-) We don't have how-to specifically for Redmine, you need to map
information from Redmine how-to to:
http://www.freeipa.org/page/HowTo/LDAP
Feel free to create Redmine page here:
http://www.freeipa.org/page/HowTos
(Your Fedora account should just work.)
> It seems that in order to use IPA's LDAP database, the client must first
> gain access from Kerberos.
No, you can use plain LDAP as usual as long as you don't want to use single
sign-on.
> I have no experience with Kerberos, but it seems that Redmine doesn't
> support it.
> Any ideas for solution?
Configure Redmine with LDAP backend as usual.
> 3.
> (related to the previous question-)
> Can I somehow disable the Kerberos component of IPA, using only the easy
> LDAP solution, allowing it easier integration with other tools?
You can't "disable it" but you are not forced to use Kerberos if you don't
want to do so. Plain LDAP bind should work for you.
(Please note that Kerberos offers single sign-on and it is believed to provide
better security so it is worth spending time on it.)
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list