[Freeipa-users] FreeIPA and Samba
Степаненко Алексей
a.stepanenko at gw.spb.ru
Mon Oct 10 20:35:20 UTC 2016
I read again the topic
http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP
It works exactly as I wanted
ipa-adtrust-install created next configuration:
$ net conf list
[global]
workgroup = WORKGROUP
netbios name = SMB
realm = GW.SPB.RU
kerberos method = dedicated keytab
dedicated keytab file = FILE:/etc/samba/samba.keytab
create krb5 conf = no
security = user
domain master = yes
domain logons = yes
log level = 1
max log size = 100000
log file = /var/log/samba/log.%m
passdb backend =
ipasam:ldapi://%2fvar%2frun%2fslapd-GW-SPB-RU.socket
disable spoolss = yes
ldapsam:trusted = yes
ldap ssl = off
ldap suffix = dc=gw,dc=spb,dc=ru
ldap user suffix = cn=users,cn=accounts
ldap group suffix = cn=groups,cn=accounts
ldap machine suffix = cn=computers,cn=accounts
rpc_server:epmapper = external
rpc_server:lsarpc = external
rpc_server:lsass = external
rpc_server:lsasd = external
rpc_server:samr = external
rpc_server:netlogon = external
rpc_server:tcpip = yes
rpc_daemon:epmd = fork
rpc_daemon:lsasd = fork
But I don't understand why it wasn't put to smb.conf directly.
The second problem is 'passdb backend'. I didn't find any documentation
about this module. An attempt to replace a file socket on net connection
was failed. And I had to make LDAP replication. It was easy, but "
ipa-replica-prepare" installed whole IPA server (tomcat, java, ldap),
not only ldap-server. I need to continue to read documentation. However
the problem was solved.
06.10.2016 23:51, Степаненко Алексей пишет:
> Thank you for your reply.
>
> I've got Samba server for a company, accounts are created by hand.
> Clients are different windows or linux desktops.
>
> I want to install FreeIPA and have one area for managing accounts
> (SMB, SSH-access for others servers). Now, I prepare clean samba
> installation for testing. It would be great to use FreeIPA as
> authorization server for samba.
>
> I was looking for information about samba + freeIPA, but I found only
> this document. Maybe, I miss obvious things.
>
>
> 06.10.2016 20:31, Loris Santamaria пишет:
>> The document you are linking to explains how to configure a samba file
>> server in a freeipa domain, which is one of many ways you can configure
>> and use a samba server.
>>
>> What do you want to achieve with samba, and what is your current setup?
>>
>>
>> El jue, 06-10-2016 a las 19:23 +0300, Степаненко Алексей escribió:
>>> Hello.
>>>
>>> I've read the topic about FreeIPA and SAMBA
>>> http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wit
>>> h_IPA
>>>
>>> If I understand clearly, samba's client must be present in
>>> FreeIPA AD.
>>> Unfortunately, it does not work for me. I can't join some work
>>> desktops
>>> to AD. Is it possible to make Samba auth trough LDAP IPA ? Samba has
>>> ldap support
>>>
>>> ldap admin dn
>>> ldap group suffix
>>> ldap idmap suffix
>>> ldap machine suffix
>>> ldap passwd sync
>>> ldap suffix
>>> ldap user suffix
>>>
>>> Does it work with IPA ?
>>>
>>> Thanks.
>>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161010/9678afcf/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3709 bytes
Desc: �������������������������� ������������ S/MIME
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161010/9678afcf/attachment.p7s>
More information about the Freeipa-users
mailing list