[Freeipa-users] Ubuntu Samba Server Auth against IPA
Alexander Bokovoy
abokovoy at redhat.com
Fri Aug 7 21:09:28 UTC 2015
On Thu, 06 Aug 2015, Christopher Lamb wrote:
>Hi Matt
>
>As far as I can make out, there are at least 2 viable Samba / FreeIPA
>integration paths.
>
>The route I took is suited where there is no Active Directory involved: In
>my case all the Windows, OSX and Linux clients are islands that sit on the
>same network.
>
>The route that Youenn has taken (unless I have got completely the wrong end
>of the stick) requires Active Directory in the architecture.
Yes, you are at the wrong end of the stick. You don't need AD in the
architecture here. You can reuse IPA design for AD integration via trust
for normal Samba integration but use ipasam.so instead of ldapsam.so.
This is what Youenn did. The only way we don't support it (yet) is
because we think doing a longer term solution via SSSD and NTLMSSP
support is better scalability vise -- your SSSD client is already having
LDAP connection and is already holding identity mappings in the cache so
there is no need to run separate LDAP connection in smbd/winbindd for
that and cache the same data in a different way.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list