I need some help with getting Samba and FreeIPA working together.

I’ve been following the guide at
http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration but
that seems quite out of date for IPAv3 and I need some help:

1.       The guide deals with setting a Samba server SID for one Samba
server, but as we have multiple stand-alone Samba3 servers, which SID
do I use to create the DNA plugin? Can I enter more than 1 SID? Can I
have more than 1 plugin (seems unlikely)?

2.       There’s no “/usr/share/ipa/ui/group.js” file to patch in
IPAv3. What do I need to patch instead?

I’ve seen ticket https://fedorahosted.org/freeipa/ticket/3999 , which
shows the need is there but I could do with getting it working ASAP.

I may be missing something obvious but some help would be greatly appreciated!




Brief: Need to expand from the current single-office-ish NIS/YP scheme
to a multi-location/multi-national auth scheme which FreeIPA seems
ideally suited for.

Requirement: To continue to provide console/SSH and GUI/X logins to
Linux hosts, access to home and project directories via NFS from the
Linux machines using autofs/automount and access to Samba file-shares
from Windows machines but not using AD creds as this is a totally
separate environment. Several locations will each have a FreeIPA
replica server, NFS/Samba fileserver and “application” server.
Currently use 2 passwords for each user – one for NIS, one for Samba –
and need to consolidate to one password for everything.

Progress: Linux-based NFS stuff working fine – automount of home and
project directories all OK. Currently using Fedora 20 & CentOS 6.5 VMs
as a prototyping environment but will probably use RHEL/CentOS 7 when
available for production. FreeIPA versions 3.0.0 on CentOS 6.5 and
3.3.5 on Fedora 20.

Freeipa-users mailing list

Reply via email to