On Tue, 2012-07-10 at 09:59 -0700, george he wrote:
> Hi Simo,
> Could you advise how to add
> 1. the samba samAccount objectclass to a user, and
> 2. the sambaGroups class to a group? 
> I guess I would need to use ldap commands, which I don't know enough.

Yes we do not have pre-canned scripts for samba integration yet.

> By the way, do I need to add both of the above, or if everybody is
> allowed to use the samba share, (and they are all in ipausers group),
> I would only need to add the sambaGroups class to ipausers group?

Up to you which groups you want to 'samba-enable', however the groups
needs to be 'posix' groups, and we recently changed ipausers to be a
non-posix group. Of course existing installations will not be affected
but if you are planning new ones keep in mind ipausers cannot generally
be used as a samba group unless you turn it into a posix groups first.
however also keep in mind we discourage using ipausers as a posix group
for performance reasons in domain with many users and recommend instead
to create smaller targeted groups.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to