<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div><br></div><div><div>Thank you,</div><div><br></div><div>i found an old post from you with this smb.conf:</div><div><br></div><div>security = user<br>passdb backend = ldapsam:ldap://<a href="http://ldap.my.example.com">ldap.my.example.com</a><br><br>ldap suffix = dc=my,dc=example,dc=com<br><br>ldap admin dn = cn=Directory Manager<br>ldap ssl = off</div><div><br></div><div>Is this still working with Samba 4.x und IPA 4.x?</div><div>I will try it soon.</div><div><br></div><div>Will "ipa-adtrust-install --add-sids" do all the config </div><div>i need for this? I think, your hint with techslaves is</div><div>good, but not uptodate.</div><div><br></div><div>Detlev</div><div><br></div><div>P.S.: Yes, i want the same, this clients are not a member of a domain ...</div></div><div><br></div><div>
<div><span class="Apple-style-span" style="font-family: Courier; font-size: small;">--</span><span class="Apple-style-span" style="font-family: Courier; font-size: small;"><br></span><span class="Apple-style-span" style="font-family: Courier; font-size: small;"> Detlev | Institut fuer Mikroelektronische Systeme</span><span class="Apple-style-span" style="font-family: Courier; font-size: small;"><br></span><span class="Apple-style-span" style="font-family: Courier; font-size: small;"> Habicht | D-30167 Hannover +49 511 76219662 <a href="mailto:habicht@ims.uni-hannover.de">habicht@ims.uni-hannover.de</a></span><span class="Apple-style-span" style="font-family: Courier; font-size: small;"><br></span><span class="Apple-style-span" style="font-family: Courier; font-size: small;"> --------+-------- Handy +49 172 5415752 ---------------------------</span></div><div><br></div><br class="Apple-interchange-newline">
</div>
<br><div><div>Am 16.06.2016 um 12:52 schrieb Christopher Lamb <<a href="mailto:christopher.lamb@ch.ibm.com">christopher.lamb@ch.ibm.com</a>>:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div><p>Hi Detlev<br><br>If I have understood you correctly, you want to let Windows users access Samba "shares" using their IPA username/passwords?<br><br>If so it is possible. We have both Windows and OSX workstations accessing unix fileshares like that.<br><br>We did it more or less along the lines described here: <a href="http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration/">http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration/</a><br><br>If you search the archives of this forum with FreeIPA Samba Lamb you will find some previous threads on this topic.<br><br>Chris<br><br><span><graycol.gif></span><font color="#424282">Detlev Habicht ---06/16/2016 10:49:49---Hi, first i thought, it is an awkward question, but my smart colleague here also</font><br><br><font size="2" color="#5F5F5F">From: </font><font size="2">Detlev Habicht <<a href="mailto:detlev.habicht@ims.uni-hannover.de">detlev.habicht@ims.uni-hannover.de</a>></font><br><font size="2" color="#5F5F5F">To: </font><font size="2"><a href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a></font><br><font size="2" color="#5F5F5F">Date: </font><font size="2">06/16/2016 10:49</font><br><font size="2" color="#5F5F5F">Subject: </font><font size="2">[Freeipa-users] IPA, Samba and how can a Windows client access it</font><br><font size="2" color="#5F5F5F">Sent by: </font><font size="2"><a href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a></font><br></p><hr width="100%" size="2" align="left" noshade="" style="color:#8091A5; "><br><br><br><font size="4">Hi,</font><br><br><font size="4">first i thought, it is an awkward question, but my smart colleague here also</font><br><font size="4">cannot help me, so i try it:</font><br><br><font size="4">I read this and i have installed it:</font><br><br><font size="4">"Howto/Integrating a Samba File Server With IPA"</font><br><a href="http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA"><u><font size="4" color="#0000FF">http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA</font></u></a><br><br><font size="4">This is working as described. But this works only for Linux so far.</font><br><br><font size="4">We are not able to find a configuration, so a single Windows client have access</font><br><font size="4">to the Samba Server. Only with his IPA account (username and password)!</font><br><font size="4">I don’t want to use something like trusted AD. As i said, for the Windows clients</font><br><font size="4">i want only to use an username and password for Samba, using IPA.</font><br><br><font size="4">Well, this is the configuration as described in the docu:</font><br><br><font size="4">[global]</font><br><font size="4"> workgroup = MY</font><br><font size="4"> realm = MY.REALM</font><br><font size="4"> dedicated keytab file = FILE:/etc/samba/samba.keytab</font><br><font size="4"> kerberos method = dedicated keytab</font><br><font size="4"> log file = /var/log/samba/log.%m</font><br><font size="4"> security = ads</font><br><br><font size="4">Any idea what i can do for my wishes?</font><br><br><font size="4">Thank you!</font><br><br><font size="4">Detlev</font><br><br><br><font face="Courier">--<br> Detlev | Institut fuer Mikroelektronische Systeme<br> Habicht | D-30167 Hannover +49 511 76219662 </font><a href="mailto:habicht@ims.uni-hannover.de"><u><font color="#0000FF" face="Courier">habicht@ims.uni-hannover.de</font></u></a><font face="Courier"><br> --------+-------- Handy +49 172 5415752 ---------------------------</font><br><br><br><tt>-- <br>Manage your subscription for the Freeipa-users mailing list:<br></tt><tt><a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></tt><tt><br>Go to </tt><tt><a href="http://freeipa.org/">http://freeipa.org</a></tt><tt> for more info on the project</tt><br><br>
</div>
</blockquote></div><br></body></html>