OK, looking forward to seeing your work done. Regards. F
On Wed, Mar 13, 2019 at 11:20 AM Alexander Bokovoy <[email protected]> wrote: > On ke, 13 maalis 2019, fujisan wrote: > >Hi Alexander, > >Finally succeeded to make it work with the following configuration on the > >freeipa server. > > > >[global] > > workgroup = MYDOMAIN.LOCAL > > netbios name = MYSERVER > > realm = MYDOMAIN.LOCAL > > kerberos method = dedicated keytab > > dedicated keytab file = /etc/samba/samba.keytab > > create krb5 conf = no > > security = user > > domain master = yes > > domain logons = yes > > max log size = 100000 > > log file = /var/log/samba/log.%m > > rpc_server:epmapper = external > > rpc_server:lsarpc = external > > rpc_server:lsass = external > > rpc_server:lsasd = external > > rpc_server:samr = external > > rpc_server:netlogon = external > > rpc_server:tcpip = yes > > rpc_daemon:epmd = fork > > rpc_daemon:lsasd = fork > > smb ports = 139 445 > > log level = 10 > > > >[scratch] > > path = /data/scratch > > comment = Scratch shared files > > read only = no > > browseable = yes > > guest ok = no > > create mask = 0644 > > > >I commented out the following from the global section: > > > > ;passdb backend = > >ipasam:ldapi://%2fvar%2frun%2fslapd-MYDOMAIN-LOCAL.socket > > ;disable spoolss = yes > > ;ldapsam:trusted = yes > > ;ldap ssl = off > > ;ldap suffix = dc=mydomain,dc=local > > ;ldap user suffix = cn=users,cn=accounts > > ;ldap group suffix = cn=groups,cn=accounts > > ;ldap machine suffix = cn=computers,cn=accounts > > > >Any idea why this was causing trouble? > You basically killed IPA integration here by doing it. Not resolving > users and SIDs through IPA LDAP and not setting up any other way to > resolve it. > > >Also, when i check in the properties, tab "security" in windows, of a file > >in the freeipa server's share /data/scratch, the SIDs of user and group > are > >not resolved. > >My desktop is also a samba server and the SIDs are resolved. > > > >What could be the cause of this non-resolution of the SIDs? > Everything. ;) > > We do not support yet properly running Samba file server on IPA member > (or IPA master, for that matter). I'm working on that and have some > proof of concept but it is not finished yet. > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
