[Freeipa-users] FreeIPA and Samba
Loris Santamaria
loris at lgs.com.ve
Wed Oct 12 01:47:51 UTC 2016
If you just need to join a handful of windows machines to a freeIPA
domain, try with these instructions:
https://www.redhat.com/archives/freeipa-users/2013-September/msg00226.h
tml
Best regards
El mar, 11-10-2016 a las 17:43 -0700, Alan Latteri escribió:
> > > > > I am trying to get this to work, but our Samba server is not the same
machine as out IPA server, and these instructions seem to assume
that. Any ideas? All I need is the 1 windows machine in our network
to be able to access our linux based server, using the same user/pass
as that of our IPA authenticated linux machines.
>
> > > > On Oct 10, 2016, at 1:35 PM, Степаненко Алексей <a.stepanenko at gw.sp
b.ru> wrote:
> >
> >
> >
> >
> > I read again the topic
> > > > http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Se
rver_With_IPA/NTMLSSP
> >
> > > > It works exactly as I wanted ipa-adtrust-install created next
configuration:
> >
> >
> >
> >
> > $ net conf list
> >
> > [global]
> >
> > workgroup = WORKGROUP
> >
> > netbios name = SMB
> >
> > realm = GW.SPB.RU
> >
> > kerberos method = dedicated keytab
> >
> > dedicated keytab file = FILE:/etc/samba/samba.keytab
> >
> > create krb5 conf = no
> >
> > security = user
> >
> > domain master = yes
> >
> > domain logons = yes
> >
> > log level = 1
> >
> > max log size = 100000
> >
> > log file = /var/log/samba/log.%m
> >
> > passdb backend =
> > ipasam:ldapi://%2fvar%2frun%2fslapd-GW-SPB-RU.socket
> >
> > disable spoolss = yes
> >
> > ldapsam:trusted = yes
> >
> > ldap ssl = off
> >
> > ldap suffix = dc=gw,dc=spb,dc=ru
> >
> > ldap user suffix = cn=users,cn=accounts
> >
> > ldap group suffix = cn=groups,cn=accounts
> >
> > ldap machine suffix = cn=computers,cn=accounts
> >
> > rpc_server:epmapper = external
> >
> > rpc_server:lsarpc = external
> >
> > rpc_server:lsass = external
> >
> > rpc_server:lsasd = external
> >
> > rpc_server:samr = external
> >
> > rpc_server:netlogon = external
> >
> > rpc_server:tcpip = yes
> >
> > rpc_daemon:epmd = fork
> >
> > rpc_daemon:lsasd = fork
> >
> >
> >
> > But I don't understand why it wasn't put to smb.conf directly.
> >
> >
> >
> > The second problem is 'passdb backend'. I didn't find any
> > > > documentation about this module. An attempt to replace a file
socket
> > > > on net connection was failed. And I had to make LDAP
replication. It
> > was easy, but "
> >
> > ipa-replica-prepare" installed whole IPA server (tomcat, java,
> > ldap), not only ldap-server. I need to continue to read
> > documentation. However the problem was solved.
> >
> >
> >
> > 06.10.2016 23:51, Степаненко Алексей
> > пишет:
> >
> >
> >
> > > Thank you for your reply.
> > >
> > >
> > > > > > I've got Samba server for a company, accounts are created
by hand.
> > > Clients are different windows or linux desktops.
> > >
> > >
> > >
> > > > > > I want to install FreeIPA and have one area for managing
accounts
> > > > > > (SMB, SSH-access for others servers). Now, I prepare clean
samba
> > > > > > installation for testing. It would be great to use FreeIPA
as
> > > authorization server for samba.
> > >
> > >
> > >
> > > > > > I was looking for information about samba + freeIPA, but I
found
> > > only this document. Maybe, I miss obvious things.
> > >
> > >
> > >
> > >
> > >
> > > 06.10.2016 20:31, Loris Santamaria пишет:
> > >
> > > > The document you are linking to explains
> > > > how to configure a samba file
> > > >
> > > > > > > > server in a freeipa domain, which is one of many ways
you can
> > > > configure
> > > >
> > > > and use a samba server.
> > > >
> > > >
> > > >
> > > > > > > > What do you want to achieve with samba, and what is
your current
> > > > setup?
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > > > > > El jue, 06-10-2016 a las 19:23 +0300, Степаненко
Алексей
> > > > escribió:
> > > >
> > > > > Hello.
> > > > >
> > > > >
> > > > > I've read the topic about FreeIPA and SAMBA
> > > > >
> > > > > > > > > > http://www.freeipa.org/page/Howto/Integrating_a_Sam
ba_File_Server_Wit
> > > > >
> > > > >
> > > > > h_IPA
> > > > >
> > > > >
> > > > >
> > > > > > > > > > If I understand clearly, samba's client must be
present in
> > > > >
> > > > > FreeIPA AD.
> > > > >
> > > > > > > > > > Unfortunately, it does not work for me. I can't
join some work
> > > > >
> > > > >
> > > > > desktops
> > > > >
> > > > > > > > > > to AD. Is it possible to make Samba auth trough
LDAP IPA ?
> > > > > Samba has
> > > > >
> > > > > ldap support
> > > > >
> > > > >
> > > > >
> > > > > ldap admin dn
> > > > >
> > > > > ldap group suffix
> > > > >
> > > > > ldap idmap suffix
> > > > >
> > > > > ldap machine suffix
> > > > >
> > > > > ldap passwd sync
> > > > >
> > > > > ldap suffix
> > > > >
> > > > > ldap user suffix
> > > > >
> > > > >
> > > > >
> > > > > Does it work with IPA ?
> > > > >
> > > > >
> > > > >
> > > > > Thanks.
> > > > >
> > > > >
> > > > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > Go to http://freeipa.org for more info on the project
>
--
Loris Santamaria linux user #70506 xmpp:loris at lgs.com.ve
Links Global Services, C.A. http://www.lgs.com.ve
Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:103 at lgs.com.ve
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161011/3da9e86e/attachment.htm>
More information about the Freeipa-users
mailing list