[Freeipa-users] Logging into Samba shares from non-domain trust Win7 PCs using IPA for Samba password auth.
Dylan Evans
devans01 at gmail.com
Wed May 6 11:42:31 UTC 2015
Hi,
The goal is to have a common password to give users access to a Linux
system via PuTTY/SSH and Samba file-shares where currently for
historical reasons we have 2 passwords, which is a real PITA.
The PuTTY logins work great but I need to get the logins for the
Samba4 shares working from Win7 PCs that aren't part of a domain
trust. I know it sounds wrong but it needs to be done this way for
system segregation.
I followed the instructions at
http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
to get Samba4 set up to talk to IPA and it works great for Linux boxes
on the domain using "smbclient -k". However I'm stuck trying to get
non-domain Win7 boxes access to the shares. I've tried different
domain\username combinations but not struck the right one. I presume I
need to get some sort of non-Kerberos login method worked out, but I'm
stuck.
The Samba4 box is running CentOS Linux release 7.1.1503 with samba
4.1.12-21, ipa 4.1.0-18 and sssd 1.12.2-58.
smb.conf:
[global]
workgroup = UNIX
realm = UNIX.EXAMPLE.COM
dedicated keytab file = FILE:/etc/samba/samba.keytab
kerberos method = dedicated keytab
log level = 2
log file = /var/log/samba/log.%m
security = ads
[Test_Share]
path = /export/Test_Share
writeable = yes
browsable = yes
write list = @TestGroup
force group = TestGroup
If anyone's interested I can add logs.
Thanks,
Dylan.
More information about the Freeipa-users
mailing list