On Tue, 2012-07-10 at 06:01 -0700, george he wrote:
> Hello all,
> I have an ipa client that is also a file server. How do I set up a
> samba server on the file server so that the files can be accessed by a
> win7 machine, which is not a member of the ipa realm?
> Should I set the file server as a domain controller? How do I deal
> with the "passdb backend" option? I guess I can set it to "ldapsam",
> but the user information is kept on the ipa server, not the file
> What else should I take care of before I start?
> ps. my ipa version is 2.2, running on fc17.
You can install samba with the ldapsam passdb backend.
security = user will suffice, you do not need to make it a domain
Authentication will happen only using NTLM, so you will have to add the
samba samAccount objectclass to those users that you want to be able to
log in to samba and the sambaGroups class to those groups you want to
use with samba.
After you added the right objectclass to users you will need to change
the user's password once so that the ipa-pwd-exto plugin can generate NT
hashes for the user.
Once that is done samba should allow you to log in using the ipa
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list