[Freeipa-users] Integrating Freeipa with Samba server through ldapsam or ipasam ? How to compile ipasam separetely on Centos 7 ?

Israel Miranda programadorlinux at gmail.com
Wed Feb 11 01:39:07 UTC 2015 

I have a freeipa installation of v4 on Fedora 21.
I have a separate fileserver with freeipa packages installed from
mkosek-freeipa-epel-7.repo on centos 7.

I have:
* created sambaSAMAccount,sambaGroupMapping UserObjects
* created an entry for DNA	 plugin to populate them
cn=SambaGroupSid,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config
* added a CoS template for sambaGroupType
* added a CoS definition for sambaGroupType
* used ipa-adtrust-install to create and populate ipaNTHash
* checked with the creation of these attributes with an ldap browser all ok
* put the fileserver machine on the domain
* added necessary permission, previleges and roles
* installed kerberos keytab on the fileserver
* was able to retrieve ipaNTHash attribute with the keytab from samba server

and now the only thing missing is to integrate the fileserver with the
ipaserver.
I don´t mind in using ipasam, but to install in on my centos7
fileserver, which only has samba installed and nothing else, it also
pulls the whole freeipa-server package, and this is overkill just to
get ipasam.so. So I'd like some help in compiling it separately.
I am using standard samba server distributed with centos 7.

So I tried to use  passdb backend = ldapsam:ldap//ipaserver
but samba tries to bind using admin user, and doesn't use keytab, even
though I put
        dedicated keytab file = FILE:/etc/samba/samba.keytab
        kerberos method = dedicated keytab
in smb.conf.

So please help me in getting these two things done:

1. use samba with freeipa through ldap( I know it is worse than
ipasam, but would be nice to know how to integrate freeipa with samba
with ldap on systems where ipasam might not be available )

2. compile an ipasam.so module so we can work on creating an rpm
package in the future, since it is necessary to install ipasam.so
separately.

Kudos for the development team for this amazing software.

Thanks in advance


Free software philosophy :

Information is for free.
People are not.
Contributors are priceless.


Filosofia de software livre:

Informação é de graça.
Pessoas não são.
Contribuidores não tem preço.


Israel Vinícius Miranda

More information about the Freeipa-users mailing list