(Apologies - resending to the list - I'm so used to the Reply-To already set
but it appears not to be here my bad.)
> On 28 Mar 2014, at 11:32, Petr Spacek <pspa...@redhat.com> wrote:
> Please let us know if it worked for you or not. I'm curious! :-)
I'm pretty curious too.
I have RHEL 6.5 with samba authenticating with IPA using ipasam.so. I needed to
add two patches though to 3.0 to fix 'valid users' group resolution and also
performance. They're merged into master and 3.3 and will be in RHEL 7.
Apart from the patching it was easy to do - just needed ipa-server and
ipa-server-adtrust installed and setup and it did all the config for me (the
adtrust part sets up samba with ipasam.so for you).
Problem is running ipasam.so without the ipa-server locally - is how to get it
so the host can see ipaNTHash in the schema to check password. If ipa-server is
local the host has access, otherwise it doesn't.
So be good to find out what aci or service principal stuff makes that available
in an elegant and secure way.
Freeipa-users mailing list