[Freeipa-users] Ubuntu Samba Server Auth against IPA

Christopher Lamb christopher.lamb at ch.ibm.com
Fri Jul 31 14:55:14 UTC 2015 

Hi

We use the Samba extensions for FreeIPA. Windows 7 users connect to the
"shares" using their FreeIPA credentials. The only password mgmt problem
that we have is, that the users get no notice of password expiry until
"suddenly" their Samba user (really the FreeIPA user) password is not
accepted when trying to connect to a share. Once the password is reset (via
CLI or FreeIPA WebUi), they can access the shares again.

Chris



From:	Youenn PIOLET <piolet.y at gmail.com>
To:	"Matt ." <yamakasi.014 at gmail.com>
Cc:	"freeipa-users at redhat.com" <freeipa-users at redhat.com>
Date:	31.07.2015 16:21
Subject:	Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA
Sent by:	freeipa-users-bounces at redhat.com



Hi,
I asked the very same question a few weeks ago, but no answer yet.
http://comments.gmane.org/gmane.linux.redhat.freeipa.user/18174

The only method I see is to install samba extensions in FreeIPA's LDAP
directory, and bind samba with LDAP. There may be a lot of difficulties
with password management doing this, that's why I'd like to get a better
solution :)

Anyone?


--
Youenn Piolet
piolet.y at gmail.com


2015-07-31 16:03 GMT+02:00 Matt . <yamakasi.014 at gmail.com>:
  Hi Guys,

  I'm really struggeling getting a NON AD Samba server authing against a
  FreeIPA server:

  Ubuntu 14.04 -> Samba (no AD) / SSD 1.12.5
  CentOS 7.1 -> FreeIPA 4.1

  Now this seems to be the way:

  https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA


  But as this, which I also found on the mailinglists:

  NOTE: Only Kerberos authentication will work when accessing Samba
  shares using this method. This means that Windows clients not joined
  to Active Directory forest trusted by IPA would not be able to access
  the shares. This is related to SSSD not yet being able to handle
  NTLMSSP authentication.

  It might not be that easy to have a Samba Shares only server.

  Any idea here how to accomplish ?

  Cheers,

  Matt

  --
  Manage your subscription for the Freeipa-users mailing list:
  https://www.redhat.com/mailman/listinfo/freeipa-users
  Go to http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list