Hi Simo,
Could you advise how to add

1. thesamba samAccount objectclass to a user, and
2. the sambaGroups class to a group? 

I guess I would need to use ldap commands, which I don't know enough.
By the way, do I need to add both of the above, or if everybody is allowed to 
use the samba share, (and they are all in ipausers group), I would only need to 
add the sambaGroups class to ipausers group?

> From: Simo Sorce <s...@redhat.com>
>To: george he <george_...@yahoo.com> 
>Cc: "freeipa-users@redhat.com" <freeipa-users@redhat.com> 
>Sent: Tuesday, July 10, 2012 9:56 AM
>Subject: Re: [Freeipa-users] ipa samba win7
>On Tue, 2012-07-10 at 06:01 -0700, george he wrote:
>> Hello all,
>> I have an ipa client that is also a file server. How do I set up a
>> samba server on the file server so that the files can be accessed by a
>> win7 machine, which is not a member of the ipa realm?
>> Should I set the file server as a domain controller? How do I deal
>> with the "passdb backend" option? I guess I can set it to "ldapsam",
>> but the user information is kept on the ipa server, not the file
>> server.
>> What else should I take care of before I start?
>> ps. my ipa version is 2.2, running on fc17.
>You can install samba with the ldapsam passdb backend.
>security = user will suffice, you do not need to make it a domain
>Authentication will happen only using NTLM, so you will have to add the
>samba samAccount objectclass to those users that you want to be able to
>log in to samba and the sambaGroups class to those groups you want to
>use with samba.
>After you added the right objectclass to users you will need to change
>the user's password once so that the ipa-pwd-exto plugin can generate NT
>hashes for the user.
>Once that is done samba should allow you to log in using the ipa
>Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list

Reply via email to