Steven Jones wrote:
Control samba with IPA, aka IPA controlling say ssh, so hbacl control between a
samba user group and a samba host group per samba share.
So redhat linux clients to redhat linux samba server (rhel6.2's)
I need to automount smb shares for linux users who are in IPA.
So far I have kerberos going, but I cant control a samba share based on IPA
groups....or even users...so far it seems to be valid users = guest1 in the
smb.conf, which is close to useless.
I need the control of the share(s) valid users = ipaserver/sambagroup/user1,2,3
etc type of thing, can this be done?
I know next to nothing about Samba but I don't think anyone has tried
any of this before. In your tests to date where are you storing your
Samba users, in IPA? You added the objectclasses to the users, assigned
a SID and all that?
How/where does one define the kind of controls you're looking for? We
don't provide anything like that in IPA now.
IPA can provide automount files, so I presume you can store your Samba
maps there, as for access control that would be done by automount itself.
A useable alternative would be a IPA kerberos ticket to login and use AD for
group control, clunky but centralised...I know in ipav3? domain trusts will be
possible to look up AD groups......but really I want to use IPA s groups as I
have linux users who do not want to be / are not in AD....
I don't know, I barely grok what it is you're asking (gladly ignorant of
Freeipa-users mailing list