[Freeipa-users] Woes adding a samba server to the ipa domain
Loris Santamaria
loris at lgs.com.ve
Thu Oct 30 03:38:42 UTC 2014
El mié, 29-10-2014 a las 20:49 -0400, Dmitri Pal escribió:
> On 10/29/2014 05:01 PM, Loris Santamaria wrote:
>
> > El mié, 29-10-2014 a las 21:40 +0100, John Obaterspok escribió:
> > > Hello,
> > >
> > >
> > > I've tried this as well. My IPA is not connected to an AD. My smb.conf
> > > looks almost the same. The differences are:
> > > - I got the default workgroup set (MY or something)
> > > - No FILE:/ prefix for keytab file
> > >
> > >
> > > I had the samba and ipserver on the same box so I just had to add the
> > > cifs server and get keytab file in the same way.
> > > I was a bit surprised to see that accessing samba using "smbclient -k
> > > \\..." worked right away from a linux box. Then stopped working if I
> > > did kdestroy.
> > >
> > >
> > > But, I never got it to work from Windows. The Windows PC is not joined
> > > to any AD, it uses MIT Kerb client 4.0.1 and I successfully get tickes
> > > and can sshlogin via putty without password.
> > >
> > >
> > > Any ideas on how to get this going from Windows as well?
> > I guess you should prepare the ipa server for a windows domain trust
> > (even if you won't setup any trust with an ad domain), with
> > ipa-adtrust-install. Beware that it will overwrite your smb.conf.
> >
> > With that configuration and the steps described in
> > http://www.redhat.com/archives/freeipa-users/2013-September/msg00226.html you will be able to use the native windows kerberos libraries and you should be able to open a samba share with your kerberos credentials.
> >
> > Best regards
> >
> >
> >
> >
> Would by any chance you be able to create a HowTo solution on the
> FreeIPA wiki?
> Seems like it would be a simple cut&paste from couple mails. Thanks in
> advance!
Here it is:
http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
Best regards
--
Loris Santamaria linux user #70506 xmpp:loris at lgs.com.ve
Links Global Services, C.A. http://www.lgs.com.ve
Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:103 at lgs.com.ve
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5693 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141029/7c73036d/attachment.bin>
More information about the Freeipa-users
mailing list