[Freeipa-users] authenticate samba 3 or 4 with freeipa: building ipasam.so on Ubuntu

Petr Spacek pspacek at redhat.com
Fri Mar 28 11:32:25 UTC 2014 

On 28.3.2014 09:56, Sandor Juhasz wrote:
> Hello,
>
> i am ok to compile it myself, looking for source code. I hope that way i will be able to avoid messing
> around with the ldap tree. Any help/documentation is appreciated.

Basically, documentation on
http://www.freeipa.org/page/Contribute/Code and linked pages apply to your 
situation.

You will face dependency problems because you are going to build it on Ubuntu. 
Don't give up and persist :-)

I would recommend you a non-standard procedure:
- clone the git repo: $ git clone git://git.fedorahosted.org/git/freeipa.git
- enter the cloned tree: $ cd freeipa.git
- $ make version-update
-- This command will fail (for sure) because of dependency problems. However, 
it could be enough to proceed with ipasam build. You just need to generate 
version.h and similar "useless" files.

- Enter "daemons" sub-directory in the cloned tree: $ cd daemons
- $ autoreconf -fiv
- $ ./configure
- $ make

This should build freeipa.git/daemons/ipa-sam/.libs/ipasam.so library without 
building rest of FreeIPA so dependency problems should be limited only to this 
sub-tree.

Note that this procedure is completely untested.

Please let us know if it worked for you or not. I'm curious! :-)

Petr^2 Spacek

>
>
> Thanks.
>
> s
>
> ----- Original Message -----
>
> From: "Petr Spacek" <pspacek at redhat.com>
> To: freeipa-users at redhat.com
> Sent: Thursday, March 27, 2014 5:51:23 PM
> Subject: Re: [Freeipa-users] authenticate samba 3 or 4 with freeipa
>
> On 27.3.2014 14:36, Sandor Juhasz wrote:
>> Hello,
>>
>> what is the best practice to authenticate samba file sharing with freeipa as auth service.
>> Either version 3 or 4 of samba is fine, as we are looking for this only for filesharing and not
>> domain service.
>> Our ipa service is hosted on CentOS 6.5.
>> The samba service is preferred to be hosted on Ubuntu Precise (12.04), later the new LTS.
>>
>> Found 3 methods, but all seem to have their issues.
>>
>>
>> 1. LDAP, ldapsam passdb backend. -> needs ldap schema modification to include fields (sambaSAMAccount, sambaGroupMapping, samabaSID) and have IPA populate those with dna plugin
>> 2. IPA, ipasam passdb backend -> did not find a working version from ipasam.so for ubuntu, mostly i did not find any
> The only how-to I'm aware of is:
> http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration/
>
> If you insist on Ubuntu you need to get ipasam somewhere, most likely to
> compile it yourself.
>
> Let us know if you are going to compile it, we can provide you some guidance.
>
> See the thread 'IPA - Samba / Redmine / Disable Kerberos?'.

More information about the Freeipa-users mailing list