On Tue, 2012-07-10 at 09:59 -0700, george he wrote: > Hi Simo, > Could you advise how to add > > 1. the samba samAccount objectclass to a user, and > 2. the sambaGroups class to a group? > > I guess I would need to use ldap commands, which I don't know enough.
Yes we do not have pre-canned scripts for samba integration yet. > By the way, do I need to add both of the above, or if everybody is > allowed to use the samba share, (and they are all in ipausers group), > I would only need to add the sambaGroups class to ipausers group? Up to you which groups you want to 'samba-enable', however the groups needs to be 'posix' groups, and we recently changed ipausers to be a non-posix group. Of course existing installations will not be affected but if you are planning new ones keep in mind ipausers cannot generally be used as a samba group unless you turn it into a posix groups first. however also keep in mind we discourage using ipausers as a posix group for performance reasons in domain with many users and recommend instead to create smaller targeted groups. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
