Could you advise how to add
1. thesamba samAccount objectclass to a user, and
2. the sambaGroups class to a group?
I guess I would need to use ldap commands, which I don't know enough.
By the way, do I need to add both of the above, or if everybody is allowed to
use the samba share, (and they are all in ipausers group), I would only need to
add the sambaGroups class to ipausers group?
> From: Simo Sorce <s...@redhat.com>
>To: george he <george_...@yahoo.com>
>Cc: "email@example.com" <firstname.lastname@example.org>
>Sent: Tuesday, July 10, 2012 9:56 AM
>Subject: Re: [Freeipa-users] ipa samba win7
>On Tue, 2012-07-10 at 06:01 -0700, george he wrote:
>> Hello all,
>> I have an ipa client that is also a file server. How do I set up a
>> samba server on the file server so that the files can be accessed by a
>> win7 machine, which is not a member of the ipa realm?
>> Should I set the file server as a domain controller? How do I deal
>> with the "passdb backend" option? I guess I can set it to "ldapsam",
>> but the user information is kept on the ipa server, not the file
>> What else should I take care of before I start?
>> ps. my ipa version is 2.2, running on fc17.
>You can install samba with the ldapsam passdb backend.
>security = user will suffice, you do not need to make it a domain
>Authentication will happen only using NTLM, so you will have to add the
>samba samAccount objectclass to those users that you want to be able to
>log in to samba and the sambaGroups class to those groups you want to
>use with samba.
>After you added the right objectclass to users you will need to change
>the user's password once so that the ipa-pwd-exto plugin can generate NT
>hashes for the user.
>Once that is done samba should allow you to log in using the ipa
>Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list