On 02/17/2014 05:49 PM, Steven Jones wrote:

So what you are saying is AD clients and IPA enabled samba servers dont work as 
a solution yet?

Ergo I have to remove IPA off the samba server?

I think the setup when you have sync in place is a bit crafty.
I know that people made it work in the past but with some assumptions that this is not an SSO. I mean you can't use a Window system and access Samba FS share when Samba FS is a member of IPA and IPA is in sync relations because user on Windows and user in IPA are two different users though they have same name Samba FS can't match the windows SID of the Windows user to the SID of the IPA user because there is no SID for IPA user. But on the other side I know that one can make Samba FS work with IPA, there have been articles about it. I am not sure what is the expectation about the clients in this case.

The solution that we are working on is based on the trust. This part is not ready yet. Once ready Samba FS can be a member of the IPA domain, IPA would trust AD and then users from AD running Windows systems would be able to directly use Samba FS. This feature is in development right now.


Steven Jones

From: Alexander Bokovoy<aboko...@redhat.com>
Sent: Tuesday, 18 February 2014 11:21 a.m.
To: Steven Jones
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Setting up samba with IPA

On Mon, 17 Feb 2014, Steven Jones wrote:
I seem to have got a RHEL6 workstation doing smbclient to an IPA samba
enabled server OK.

Is there a way to limit some users to CIFS only in IPA?
If you file system supports POSIX ACLs then simply set limits at the
file system level, it should work fine.


Also however my AD connected windows7 machine with winsync and passsync
in place to IPA wont connect. It doesnt seem to like the password....or
user, unsure...
It doesn't like SID of that user and therefore doesn't think it is the
same user. There might be other reasons too, as we still haven't settled
down all bits to enable proper Windows integration for CIFS file

/ Alexander Bokovoy

Freeipa-users mailing list

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to