On Tue, 10 Feb 2015, Israel Miranda wrote:
I have a freeipa installation of v4 on Fedora 21.
I have a separate fileserver with freeipa packages installed from
mkosek-freeipa-epel-7.repo on centos 7.

I have:
* created sambaSAMAccount,sambaGroupMapping UserObjects
* created an entry for DNA       plugin to populate them
cn=SambaGroupSid,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config
* added a CoS template for sambaGroupType
* added a CoS definition for sambaGroupType
* used ipa-adtrust-install to create and populate ipaNTHash
* checked with the creation of these attributes with an ldap browser all ok
* put the fileserver machine on the domain
* added necessary permission, previleges and roles
* installed kerberos keytab on the fileserver
* was able to retrieve ipaNTHash attribute with the keytab from samba server

and now the only thing missing is to integrate the fileserver with the
ipaserver.
I donĀ“t mind in using ipasam, but to install in on my centos7
fileserver, which only has samba installed and nothing else, it also
pulls the whole freeipa-server package, and this is overkill just to
get ipasam.so. So I'd like some help in compiling it separately.
I am using standard samba server distributed with centos 7.

So I tried to use  passdb backend = ldapsam:ldap//ipaserver
but samba tries to bind using admin user, and doesn't use keytab, even
though I put
       dedicated keytab file = FILE:/etc/samba/samba.keytab
       kerberos method = dedicated keytab
in smb.conf.
ldapsam currently does not yet support keytab use. With CentOS7/mkosek
COPR repo you don't need to use any special passdb module anymore, just
follow
http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA



So please help me in getting these two things done:

1. use samba with freeipa through ldap( I know it is worse than
ipasam, but would be nice to know how to integrate freeipa with samba
with ldap on systems where ipasam might not be available )
Don't do that, use sssd-libwbclient integration. It requires pretty
fresh sssd version (1.12.2+) but systems you mentioned (F21 and CentOS7
with mkosek COPR repo) have it.

2. compile an ipasam.so module so we can work on creating an rpm
package in the future, since it is necessary to install ipasam.so
separately.
No need to that when using sssd-libwbclient integration.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to