On Tue, 2012-07-10 at 06:01 -0700, george he wrote: > Hello all, > I have an ipa client that is also a file server. How do I set up a > samba server on the file server so that the files can be accessed by a > win7 machine, which is not a member of the ipa realm? > Should I set the file server as a domain controller? How do I deal > with the "passdb backend" option? I guess I can set it to "ldapsam", > but the user information is kept on the ipa server, not the file > server. > What else should I take care of before I start? > ps. my ipa version is 2.2, running on fc17. >
You can install samba with the ldapsam passdb backend. security = user will suffice, you do not need to make it a domain controller. Authentication will happen only using NTLM, so you will have to add the samba samAccount objectclass to those users that you want to be able to log in to samba and the sambaGroups class to those groups you want to use with samba. After you added the right objectclass to users you will need to change the user's password once so that the ipa-pwd-exto plugin can generate NT hashes for the user. Once that is done samba should allow you to log in using the ipa password. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users