On 10/29/2014 11:38 PM, Loris Santamaria wrote:
El mié, 29-10-2014 a las 20:49 -0400, Dmitri Pal escribió:
On 10/29/2014 05:01 PM, Loris Santamaria wrote:

El mié, 29-10-2014 a las 21:40 +0100, John Obaterspok escribió:

I've tried this as well. My IPA is not connected to an AD. My smb.conf
looks almost the same. The differences are:
- I got the default workgroup set (MY or something)
- No FILE:/ prefix for keytab file

I had the samba and ipserver on the same box so I just had to add the
cifs server and get keytab file in the same way.
I was a bit surprised to see that accessing samba using "smbclient -k
\\..." worked right away from a linux box. Then stopped working if I
did kdestroy.

But, I never got it to work from Windows. The Windows PC is not joined
to any AD, it uses MIT Kerb client 4.0.1 and I successfully get tickes
and can sshlogin via putty without password.

Any ideas on how to get this going from Windows as well?
I guess you should prepare the ipa server for a windows domain trust
(even if you won't setup any trust with an ad domain), with
ipa-adtrust-install. Beware that it will overwrite your smb.conf.

With that configuration and the steps described in
http://www.redhat.com/archives/freeipa-users/2013-September/msg00226.html you 
will be able to use the native windows kerberos libraries and you should be 
able to open a samba share with your kerberos credentials.

Best regards

Would by any chance you be able to create a HowTo solution on the
FreeIPA wiki?
Seems like it would be a simple cut&paste from couple mails. Thanks in
Here it is:


Best regards


Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to