On 26.3.2014 10:44, צביקה הרמתי wrote:
Hi.
I have a small network of CentOS6.5 servers, and installed standard IdM
(==FreeIPA).
Everything works fine.

Now I want to use IPA for other uses:

1.
Use IPA together with Samba. I *don't* have fancy Windows servers, AD, or
whatever. My network is comprised of a few CentOS servers, and some Windows
7/8 laptops that connect to it with SSH and VNC.
I have installed (successfully) Samba, which should be used only for file
sharing between Linux and Windows. No need for other features.
However, in order to use Samba I have to define each user for Samba, and
keep separate passwords.

I'm confident that I missed something, and Samba can be somehow integrate
with IPA, to use authenticate users against it.
But I didn't find any solution or HowTo...

2.
I'm using Redmine (issue tracking tool), that can authenticate against LDPA
server (http://www.redmine.org/projects/redmine/wiki/RedmineLDAP).
Can I use IPA for this?
Sure :-) We don't have how-to specifically for Redmine, you need to map information from Redmine how-to to:
http://www.freeipa.org/page/HowTo/LDAP

Feel free to create Redmine page here:
http://www.freeipa.org/page/HowTos
(Your Fedora account should just work.)

It seems that in order to use IPA's LDAP database, the client must first
gain access from Kerberos.
No, you can use plain LDAP as usual as long as you don't want to use single sign-on.

I have no experience with Kerberos, but it seems that Redmine doesn't
support it.
Any ideas for solution?
Configure Redmine with LDAP backend as usual.

3.
(related to the previous question-)
Can I somehow disable the Kerberos component of IPA, using only the easy
LDAP solution, allowing it easier integration with other tools?
You can't "disable it" but you are not forced to use Kerberos if you don't want to do so. Plain LDAP bind should work for you.

(Please note that Kerberos offers single sign-on and it is believed to provide better security so it is worth spending time on it.)

--
Petr^2 Spacek

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to