[Freeipa-users] Woes adding a samba server to the ipa domain
Dmitri Pal
dpal at redhat.com
Wed Oct 29 12:27:32 UTC 2014
On 10/29/2014 08:15 AM, John Obaterspok wrote:
> Hello,
>
> I might be interested in this as well. Does this mean it would be
> possible for a windows client to access samba FS through IPA provided
> credentials?
> Currently my Windows PC gets IPA ticket (through MIT kerberos
> application) and can use this ticket to login to Linux server via
> putty. I would jump up and down if I could access samba FS in the same
> way from Windows:)
>
> (I got sssd 1.12.1 and freeipa 4.1 running on F20)
>
I suspect that if you deploy Samba FS with SSSD configured as a member
server of the IPA domain it should be possible.
> -- john
>
> 2014-10-23 12:32 GMT+02:00 Sumit Bose <sbose at redhat.com
> <mailto:sbose at redhat.com>>:
>
> On Tue, Oct 21, 2014 at 07:49:11AM -0430, Loris Santamaria wrote:
> > El lun, 20-10-2014 a las 21:19 -0400, Dmitri Pal escribió:
> > > On 10/20/2014 09:15 AM, Loris Santamaria wrote:
> >
> > [...]
> >
> > > >
> > > > Trying to join the server to the domain (net rpc join -U
> domainadmin -S
> > > > ipaserver) fails, and it causes a samba crash on the ipa server.
> > > > Investigating the cause of the crash I found that pdbedit
> crashes as
> > > > well (backtrace attached). I couldn't get a meaningful
> backtrace from
> > > > the samba crash however I attached it as well.
> > > >
> > > > Seems to me that the samba ipasam backend on ipa doesn't
> like something
> > > > in the host or the "domain computers" group object in ldap,
> but I cannot
> > > > see what could be the problem. Perhaps someone more familiar
> with the
> > > > ipasam code can spot it quickly.
> >
> > > Do I get it right that you really looking for
> > > https://fedorahosted.org/sssd/ticket/1588 that was just released
> > > upstream?
> > > It would be cool if you can try using SSSD 1.12.1 under Samba
> FS in
> > > the use case you have and provide feedback on how it works for
> you.
> > >
> > > AFAIU you install Samba FS and then use ipa-client to
> configure SSSD
> > > under it and it should work.
> > > If not we probably should document it (but I do not see any
> special
> > > design page which leads me to the above expectation).
> >
> > Ok, I'll happily try sssd 1.12.1.
> >
> > Just a question, in smb.conf one should use "security = domain" or
> > "security = ads"?
>
> 'ads' because we want to use Kerberos. But there some other
> configuration options which needs attention, e.g. you have to create a
> keytab for the cifs service and make it available to samba. I'll
> try to
> set up an small howto page listing the needed steps and come back
> to you
> early next week.
>
> bye,
> Sumit
>
> >
> > Best regards
> >
> > --
> > Loris Santamaria linux user #70506 xmpp:loris at lgs.com.ve
> <mailto:xmpp%3Aloris at lgs.com.ve>
> > Links Global Services, C.A. http://www.lgs.com.ve
> > Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:103 at lgs.com.ve
> <mailto:sip%3A103 at lgs.com.ve>
> > ------------------------------------------------------------
> > "If I'd asked my customers what they wanted, they'd have said
> > a faster horse" - Henry Ford
>
>
>
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go To http://freeipa.org for more info on the project
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
>
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141029/02d3e72b/attachment.htm>
More information about the Freeipa-users
mailing list