[Freeipa-users] IPA - Samba / Redmine / Disable Kerberos?

Wed Mar 26 11:42:29 UTC 2014

Thanks for the prompt reply.
I tried to just bind Redmine, and failed; so I assumed that it's not
possible.
Now, with that information, I'm encouraged to try again...

What about Samba?
Can you reference me to some relevant Howto/tutorial?

2014-03-26 13:28 GMT+02:00 Petr Spacek <pspacek at redhat.com>:

> On 26.3.2014 10:44, צביקה הרמתי wrote:
>
>> Hi.
>> I have a small network of CentOS6.5 servers, and installed standard IdM
>> (==FreeIPA).
>> Everything works fine.
>>
>> Now I want to use IPA for other uses:
>>
>> 1.
>> Use IPA together with Samba. I *don't* have fancy Windows servers, AD, or
>> whatever. My network is comprised of a few CentOS servers, and some
>> Windows
>> 7/8 laptops that connect to it with SSH and VNC.
>> I have installed (successfully) Samba, which should be used only for file
>> sharing between Linux and Windows. No need for other features.
>> However, in order to use Samba I have to define each user for Samba, and
>> keep separate passwords.
>>
>> I'm confident that I missed something, and Samba can be somehow integrate
>> with IPA, to use authenticate users against it.
>> But I didn't find any solution or HowTo...
>>
>> 2.
>> I'm using Redmine (issue tracking tool), that can authenticate against
>> LDPA
>> server (http://www.redmine.org/projects/redmine/wiki/RedmineLDAP).
>> Can I use IPA for this?
>>
> Sure :-) We don't have how-to specifically for Redmine, you need to map
> information from Redmine how-to to:
> http://www.freeipa.org/page/HowTo/LDAP
>
> Feel free to create Redmine page here:
> http://www.freeipa.org/page/HowTos
> (Your Fedora account should just work.)
>
>
>  It seems that in order to use IPA's LDAP database, the client must first
>> gain access from Kerberos.
>>
> No, you can use plain LDAP as usual as long as you don't want to use
> single sign-on.
>
>
>  I have no experience with Kerberos, but it seems that Redmine doesn't
>> support it.
>> Any ideas for solution?
>>
> Configure Redmine with LDAP backend as usual.
>
>
>  3.
>> (related to the previous question-)
>> Can I somehow disable the Kerberos component of IPA, using only the easy
>> LDAP solution, allowing it easier integration with other tools?
>>
> You can't "disable it" but you are not forced to use Kerberos if you don't
> want to do so. Plain LDAP bind should work for you.
>
> (Please note that Kerberos offers single sign-on and it is believed to
> provide better security so it is worth spending time on it.)
>
> --
> Petr^2 Spacek
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140326/8026faaf/attachment.htm>