Steven Jones wrote:

Control samba with IPA, aka IPA controlling say ssh, so hbacl control between a 
samba user group and a samba host group per samba share.

So redhat linux clients to redhat linux samba server (rhel6.2's)

I need to automount smb shares for linux users who are in IPA.

So far I have kerberos going, but I cant control a samba share based on IPA 
groups....or even far it seems to be valid users = guest1 in the 
smb.conf, which is close to useless.

I need the control of the share(s) valid users = ipaserver/sambagroup/user1,2,3 
etc type of thing, can this be done?

I know next to nothing about Samba but I don't think anyone has tried any of this before. In your tests to date where are you storing your Samba users, in IPA? You added the objectclasses to the users, assigned a SID and all that?

How/where does one define the kind of controls you're looking for? We don't provide anything like that in IPA now.

IPA can provide automount files, so I presume you can store your Samba maps there, as for access control that would be done by automount itself.

A useable alternative would be a IPA kerberos ticket to login and use AD for 
group control, clunky but centralised...I know in ipav3? domain trusts will be 
possible to look up AD groups......but really I want to use IPA s groups as I 
have linux users who do not want to be / are not in AD....

I don't know, I barely grok what it is you're asking (gladly ignorant of AD).



Freeipa-users mailing list

Reply via email to