[Freeipa-users] Woes adding a samba server to the ipa domain
Dmitri Pal
dpal at redhat.com
Thu Oct 30 18:35:57 UTC 2014
On 10/29/2014 11:38 PM, Loris Santamaria wrote:
> El mié, 29-10-2014 a las 20:49 -0400, Dmitri Pal escribió:
>> On 10/29/2014 05:01 PM, Loris Santamaria wrote:
>>
>>> El mié, 29-10-2014 a las 21:40 +0100, John Obaterspok escribió:
>>>> Hello,
>>>>
>>>>
>>>> I've tried this as well. My IPA is not connected to an AD. My smb.conf
>>>> looks almost the same. The differences are:
>>>> - I got the default workgroup set (MY or something)
>>>> - No FILE:/ prefix for keytab file
>>>>
>>>>
>>>> I had the samba and ipserver on the same box so I just had to add the
>>>> cifs server and get keytab file in the same way.
>>>> I was a bit surprised to see that accessing samba using "smbclient -k
>>>> \\..." worked right away from a linux box. Then stopped working if I
>>>> did kdestroy.
>>>>
>>>>
>>>> But, I never got it to work from Windows. The Windows PC is not joined
>>>> to any AD, it uses MIT Kerb client 4.0.1 and I successfully get tickes
>>>> and can sshlogin via putty without password.
>>>>
>>>>
>>>> Any ideas on how to get this going from Windows as well?
>>> I guess you should prepare the ipa server for a windows domain trust
>>> (even if you won't setup any trust with an ad domain), with
>>> ipa-adtrust-install. Beware that it will overwrite your smb.conf.
>>>
>>> With that configuration and the steps described in
>>> http://www.redhat.com/archives/freeipa-users/2013-September/msg00226.html you will be able to use the native windows kerberos libraries and you should be able to open a samba share with your kerberos credentials.
>>>
>>> Best regards
>>>
>>>
>>>
>>>
>> Would by any chance you be able to create a HowTo solution on the
>> FreeIPA wiki?
>> Seems like it would be a simple cut&paste from couple mails. Thanks in
>> advance!
> Here it is:
>
> http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
>
> Best regards
>
>
Thanks!
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141030/f480c147/attachment.htm>
More information about the Freeipa-users
mailing list