On ke, 13 maalis 2019, fujisan wrote:
Hi Alexander, Finally succeeded to make it work with the following configuration on the freeipa server.[global] workgroup = MYDOMAIN.LOCAL netbios name = MYSERVER realm = MYDOMAIN.LOCAL kerberos method = dedicated keytab dedicated keytab file = /etc/samba/samba.keytab create krb5 conf = no security = user domain master = yes domain logons = yes max log size = 100000 log file = /var/log/samba/log.%m rpc_server:epmapper = external rpc_server:lsarpc = external rpc_server:lsass = external rpc_server:lsasd = external rpc_server:samr = external rpc_server:netlogon = external rpc_server:tcpip = yes rpc_daemon:epmd = fork rpc_daemon:lsasd = fork smb ports = 139 445 log level = 10 [scratch] path = /data/scratch comment = Scratch shared files read only = no browseable = yes guest ok = no create mask = 0644 I commented out the following from the global section: ;passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-MYDOMAIN-LOCAL.socket ;disable spoolss = yes ;ldapsam:trusted = yes ;ldap ssl = off ;ldap suffix = dc=mydomain,dc=local ;ldap user suffix = cn=users,cn=accounts ;ldap group suffix = cn=groups,cn=accounts ;ldap machine suffix = cn=computers,cn=accounts Any idea why this was causing trouble?
You basically killed IPA integration here by doing it. Not resolving users and SIDs through IPA LDAP and not setting up any other way to resolve it.
Also, when i check in the properties, tab "security" in windows, of a file in the freeipa server's share /data/scratch, the SIDs of user and group are not resolved. My desktop is also a samba server and the SIDs are resolved. What could be the cause of this non-resolution of the SIDs?
Everything. ;) We do not support yet properly running Samba file server on IPA member (or IPA master, for that matter). I'm working on that and have some proof of concept but it is not finished yet. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
