[Freeipa-users] Woes adding a samba server to the ipa domain
John Obaterspok
john.obaterspok at gmail.com
Sun Nov 2 18:54:10 UTC 2014
Hello,
Now I'm able to access samba network share from Win PC using my ipa user &
password. But I need to enter it each time.
I have still not been able to logon to Win7 PC with my IPA user. Currently
I get "No mapping between account names and security IDs was done" when I
try to login.
What I've done is this:
1. Created a dns entry for winpc + a host entry in web-ui,
2. On the IPA server I ran "ipa-getkeytab -s <ipa.fqdn> -p
host/<ipa.fqdn> -e arcfour-hmac -k krb5.keytab.<winpc> -P
What I'm I suppose to do with the krb5.keytab.<winpc> file? Can't see any
mention of this?
On the Win PC I did:
1. ksetup /setdomain [REALM NAME]
2. ksetup /addkdc [REALM NAME] [ipa.fqdn]
3. ksetup /addkpasswd [REALM NAME] [ipa.fqdn]
4. ksetup /setcomputerpassword [MACHINE_PASSWORD]
5. ksetup /mapuser * *
-- john
2014-10-29 22:01 GMT+01:00 Loris Santamaria <loris at lgs.com.ve>:
> El mié, 29-10-2014 a las 21:40 +0100, John Obaterspok escribió:
> > Hello,
> >
> >
> > I've tried this as well. My IPA is not connected to an AD. My smb.conf
> > looks almost the same. The differences are:
> > - I got the default workgroup set (MY or something)
> > - No FILE:/ prefix for keytab file
> >
> >
> > I had the samba and ipserver on the same box so I just had to add the
> > cifs server and get keytab file in the same way.
> > I was a bit surprised to see that accessing samba using "smbclient -k
> > \\..." worked right away from a linux box. Then stopped working if I
> > did kdestroy.
> >
> >
> > But, I never got it to work from Windows. The Windows PC is not joined
> > to any AD, it uses MIT Kerb client 4.0.1 and I successfully get tickes
> > and can sshlogin via putty without password.
> >
> >
> > Any ideas on how to get this going from Windows as well?
>
> I guess you should prepare the ipa server for a windows domain trust
> (even if you won't setup any trust with an ad domain), with
> ipa-adtrust-install. Beware that it will overwrite your smb.conf.
>
> With that configuration and the steps described in
> http://www.redhat.com/archives/freeipa-users/2013-September/msg00226.html
> you will be able to use the native windows kerberos libraries and you
> should be able to open a samba share with your kerberos credentials.
>
> Best regards
>
>
> --
> Loris Santamaria linux user #70506 xmpp:loris at lgs.com.ve
> Links Global Services, C.A. http://www.lgs.com.ve
> Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:103 at lgs.com.ve
> ------------------------------------------------------------
> "If I'd asked my customers what they wanted, they'd have said
> a faster horse" - Henry Ford
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141102/a38e76f0/attachment.htm>
More information about the Freeipa-users
mailing list