(Apologies - resending to the list - I'm so used to the Reply-To already set 
but it appears not to be here my bad.)

> On 28 Mar 2014, at 11:32, Petr Spacek <pspa...@redhat.com> wrote:
> Please let us know if it worked for you or not. I'm curious! :-)

I'm pretty curious too.

I have RHEL 6.5 with samba authenticating with IPA using ipasam.so. I needed to 
add two patches though to 3.0 to fix 'valid users' group resolution and also 
performance. They're merged into master and 3.3  and will be in RHEL 7.

Apart from the patching it was easy to do - just needed ipa-server and 
ipa-server-adtrust installed and setup and it did all the config for me (the 
adtrust part sets up samba with ipasam.so for you).

Problem is running ipasam.so without the ipa-server locally - is how to get it 
so the host can see ipaNTHash in the schema to check password. If ipa-server is 
local the host has access, otherwise it doesn't.

So be good to find out what aci or service principal stuff makes that available 
in an elegant and secure way.


Freeipa-users mailing list

Reply via email to