Thanks for the prompt reply.
I tried to just bind Redmine, and failed; so I assumed that it's not
Now, with that information, I'm encouraged to try again...

What about Samba?
Can you reference me to some relevant Howto/tutorial?

2014-03-26 13:28 GMT+02:00 Petr Spacek <>:

> On 26.3.2014 10:44, צביקה הרמתי wrote:
>> Hi.
>> I have a small network of CentOS6.5 servers, and installed standard IdM
>> (==FreeIPA).
>> Everything works fine.
>> Now I want to use IPA for other uses:
>> 1.
>> Use IPA together with Samba. I *don't* have fancy Windows servers, AD, or
>> whatever. My network is comprised of a few CentOS servers, and some
>> Windows
>> 7/8 laptops that connect to it with SSH and VNC.
>> I have installed (successfully) Samba, which should be used only for file
>> sharing between Linux and Windows. No need for other features.
>> However, in order to use Samba I have to define each user for Samba, and
>> keep separate passwords.
>> I'm confident that I missed something, and Samba can be somehow integrate
>> with IPA, to use authenticate users against it.
>> But I didn't find any solution or HowTo...
>> 2.
>> I'm using Redmine (issue tracking tool), that can authenticate against
>> server (
>> Can I use IPA for this?
> Sure :-) We don't have how-to specifically for Redmine, you need to map
> information from Redmine how-to to:
> Feel free to create Redmine page here:
> (Your Fedora account should just work.)
>  It seems that in order to use IPA's LDAP database, the client must first
>> gain access from Kerberos.
> No, you can use plain LDAP as usual as long as you don't want to use
> single sign-on.
>  I have no experience with Kerberos, but it seems that Redmine doesn't
>> support it.
>> Any ideas for solution?
> Configure Redmine with LDAP backend as usual.
>  3.
>> (related to the previous question-)
>> Can I somehow disable the Kerberos component of IPA, using only the easy
>> LDAP solution, allowing it easier integration with other tools?
> You can't "disable it" but you are not forced to use Kerberos if you don't
> want to do so. Plain LDAP bind should work for you.
> (Please note that Kerberos offers single sign-on and it is believed to
> provide better security so it is worth spending time on it.)
> --
> Petr^2 Spacek
> _______________________________________________
> Freeipa-users mailing list
Freeipa-users mailing list

Reply via email to