[Freeipa-users] Ubuntu Samba Server Auth against IPA
Matt .
yamakasi.014 at gmail.com
Fri Aug 7 21:27:14 UTC 2015
Hi Alexander,
Yes this is know, but it's not usable yet, at least not on an Ubuntu
Samba server as far as I know ?
If so, maybe you can help us out here to clear this up how to do it.
Thanks!
Matt
2015-08-07 23:09 GMT+02:00 Alexander Bokovoy <abokovoy at redhat.com>:
> On Thu, 06 Aug 2015, Christopher Lamb wrote:
>>
>> Hi Matt
>>
>> As far as I can make out, there are at least 2 viable Samba / FreeIPA
>> integration paths.
>>
>> The route I took is suited where there is no Active Directory involved: In
>> my case all the Windows, OSX and Linux clients are islands that sit on the
>> same network.
>>
>> The route that Youenn has taken (unless I have got completely the wrong
>> end
>> of the stick) requires Active Directory in the architecture.
>
> Yes, you are at the wrong end of the stick. You don't need AD in the
> architecture here. You can reuse IPA design for AD integration via trust
> for normal Samba integration but use ipasam.so instead of ldapsam.so.
> This is what Youenn did. The only way we don't support it (yet) is
> because we think doing a longer term solution via SSSD and NTLMSSP
> support is better scalability vise -- your SSSD client is already having
> LDAP connection and is already holding identity mappings in the cache so
> there is no need to run separate LDAP connection in smbd/winbindd for
> that and cache the same data in a different way.
>
> --
> / Alexander Bokovoy
More information about the Freeipa-users
mailing list