I need some help with getting Samba and FreeIPA working together.
I’ve been following the guide at
that seems quite out of date for IPAv3 and I need some help:
1. The guide deals with setting a Samba server SID for one Samba
server, but as we have multiple stand-alone Samba3 servers, which SID
do I use to create the DNA plugin? Can I enter more than 1 SID? Can I
have more than 1 plugin (seems unlikely)?
2. There’s no “/usr/share/ipa/ui/group.js” file to patch in
IPAv3. What do I need to patch instead?
I’ve seen ticket https://fedorahosted.org/freeipa/ticket/3999 , which
shows the need is there but I could do with getting it working ASAP.
I may be missing something obvious but some help would be greatly appreciated!
Brief: Need to expand from the current single-office-ish NIS/YP scheme
to a multi-location/multi-national auth scheme which FreeIPA seems
ideally suited for.
Requirement: To continue to provide console/SSH and GUI/X logins to
Linux hosts, access to home and project directories via NFS from the
Linux machines using autofs/automount and access to Samba file-shares
from Windows machines but not using AD creds as this is a totally
separate environment. Several locations will each have a FreeIPA
replica server, NFS/Samba fileserver and “application” server.
Currently use 2 passwords for each user – one for NIS, one for Samba –
and need to consolidate to one password for everything.
Progress: Linux-based NFS stuff working fine – automount of home and
project directories all OK. Currently using Fedora 20 & CentOS 6.5 VMs
as a prototyping environment but will probably use RHEL/CentOS 7 when
available for production. FreeIPA versions 3.0.0 on CentOS 6.5 and
3.3.5 on Fedora 20.
Freeipa-users mailing list