[Freeipa-users] Ubuntu Samba Server Auth against IPA

Matt . yamakasi.014 at gmail.com
Fri Jul 31 14:57:07 UTC 2015 

Hi,

This is nice to have confirmed.

Is it possible for you to descrive what you do ? It might be handy to
add this to the IPA documentation also with some explanation why...

Cheers,

Matt

2015-07-31 16:55 GMT+02:00 Christopher Lamb <christopher.lamb at ch.ibm.com>:
> Hi
>
> We use the Samba extensions for FreeIPA. Windows 7 users connect to the
> "shares" using their FreeIPA credentials. The only password mgmt problem
> that we have is, that the users get no notice of password expiry until
> "suddenly" their Samba user (really the FreeIPA user) password is not
> accepted when trying to connect to a share. Once the password is reset (via
> CLI or FreeIPA WebUi), they can access the shares again.
>
> Chris
>
>
>
> From:   Youenn PIOLET <piolet.y at gmail.com>
> To:     "Matt ." <yamakasi.014 at gmail.com>
> Cc:     "freeipa-users at redhat.com" <freeipa-users at redhat.com>
> Date:   31.07.2015 16:21
> Subject:        Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA
> Sent by:        freeipa-users-bounces at redhat.com
>
>
>
> Hi,
> I asked the very same question a few weeks ago, but no answer yet.
> http://comments.gmane.org/gmane.linux.redhat.freeipa.user/18174
>
> The only method I see is to install samba extensions in FreeIPA's LDAP
> directory, and bind samba with LDAP. There may be a lot of difficulties
> with password management doing this, that's why I'd like to get a better
> solution :)
>
> Anyone?
>
>
> --
> Youenn Piolet
> piolet.y at gmail.com
>
>
> 2015-07-31 16:03 GMT+02:00 Matt . <yamakasi.014 at gmail.com>:
>   Hi Guys,
>
>   I'm really struggeling getting a NON AD Samba server authing against a
>   FreeIPA server:
>
>   Ubuntu 14.04 -> Samba (no AD) / SSD 1.12.5
>   CentOS 7.1 -> FreeIPA 4.1
>
>   Now this seems to be the way:
>
>   https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
>
>
>   But as this, which I also found on the mailinglists:
>
>   NOTE: Only Kerberos authentication will work when accessing Samba
>   shares using this method. This means that Windows clients not joined
>   to Active Directory forest trusted by IPA would not be able to access
>   the shares. This is related to SSSD not yet being able to handle
>   NTLMSSP authentication.
>
>   It might not be that easy to have a Samba Shares only server.
>
>   Any idea here how to accomplish ?
>
>   Cheers,
>
>   Matt
>
>   --
>   Manage your subscription for the Freeipa-users mailing list:
>   https://www.redhat.com/mailman/listinfo/freeipa-users
>   Go to http://freeipa.org for more info on the project
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>

More information about the Freeipa-users mailing list