[Freeipa-users] FreeIPA and Samba
Alan Latteri
alan at instinctualsoftware.com
Wed Oct 12 00:43:21 UTC 2016
I am trying to get this to work, but our Samba server is not the same machine as out IPA server, and these instructions seem to assume that. Any ideas? All I need is the 1 windows machine in our network to be able to access our linux based server, using the same user/pass as that of our IPA authenticated linux machines.
> On Oct 10, 2016, at 1:35 PM, Степаненко Алексей <a.stepanenko at gw.spb.ru> wrote:
>
> I read again the topic http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP <http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP>
> It works exactly as I wanted
>
> ipa-adtrust-install created next configuration:
> $ net conf list
> [global]
> workgroup = WORKGROUP
> netbios name = SMB
> realm = GW.SPB.RU
> kerberos method = dedicated keytab
> dedicated keytab file = FILE:/etc/samba/samba.keytab <file:///etc/samba/samba.keytab>
> create krb5 conf = no
> security = user
> domain master = yes
> domain logons = yes
> log level = 1
> max log size = 100000
> log file = /var/log/samba/log.%m
> passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-GW-SPB-RU.socket
> disable spoolss = yes
> ldapsam:trusted = yes
> ldap ssl = off
> ldap suffix = dc=gw,dc=spb,dc=ru
> ldap user suffix = cn=users,cn=accounts
> ldap group suffix = cn=groups,cn=accounts
> ldap machine suffix = cn=computers,cn=accounts
> rpc_server:epmapper = external
> rpc_server:lsarpc = external
> rpc_server:lsass = external
> rpc_server:lsasd = external
> rpc_server:samr = external
> rpc_server:netlogon = external
> rpc_server:tcpip = yes
> rpc_daemon:epmd = fork
> rpc_daemon:lsasd = fork
>
> But I don't understand why it wasn't put to smb.conf directly.
>
> The second problem is 'passdb backend'. I didn't find any documentation about this module. An attempt to replace a file socket on net connection was failed. And I had to make LDAP replication. It was easy, but " ipa-replica-prepare" installed whole IPA server (tomcat, java, ldap), not only ldap-server. I need to continue to read documentation. However the problem was solved.
>
> 06.10.2016 23:51, Степаненко Алексей пишет:
>> Thank you for your reply.
>>
>> I've got Samba server for a company, accounts are created by hand. Clients are different windows or linux desktops.
>>
>> I want to install FreeIPA and have one area for managing accounts (SMB, SSH-access for others servers). Now, I prepare clean samba installation for testing. It would be great to use FreeIPA as authorization server for samba.
>>
>> I was looking for information about samba + freeIPA, but I found only this document. Maybe, I miss obvious things.
>>
>>
>> 06.10.2016 20:31, Loris Santamaria пишет:
>>> The document you are linking to explains how to configure a samba file
>>> server in a freeipa domain, which is one of many ways you can configure
>>> and use a samba server.
>>>
>>> What do you want to achieve with samba, and what is your current setup?
>>>
>>>
>>> El jue, 06-10-2016 a las 19:23 +0300, Степаненко Алексей escribió:
>>>> Hello.
>>>>
>>>> I've read the topic about FreeIPA and SAMBA
>>>> http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wit <http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wit>
>>>> h_IPA
>>>>
>>>> If I understand clearly, samba's client must be present in
>>>> FreeIPA AD.
>>>> Unfortunately, it does not work for me. I can't join some work
>>>> desktops
>>>> to AD. Is it possible to make Samba auth trough LDAP IPA ? Samba has
>>>> ldap support
>>>>
>>>> ldap admin dn
>>>> ldap group suffix
>>>> ldap idmap suffix
>>>> ldap machine suffix
>>>> ldap passwd sync
>>>> ldap suffix
>>>> ldap user suffix
>>>>
>>>> Does it work with IPA ?
>>>>
>>>> Thanks.
>>>>
>>
>>
>>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161011/a974d71c/attachment.htm>
More information about the Freeipa-users
mailing list