On Tue, 10 Feb 2015, Israel Miranda wrote:
I have a freeipa installation of v4 on Fedora 21. I have a separate fileserver with freeipa packages installed from mkosek-freeipa-epel-7.repo on centos 7.I have: * created sambaSAMAccount,sambaGroupMapping UserObjects * created an entry for DNA plugin to populate them cn=SambaGroupSid,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config * added a CoS template for sambaGroupType * added a CoS definition for sambaGroupType * used ipa-adtrust-install to create and populate ipaNTHash * checked with the creation of these attributes with an ldap browser all ok * put the fileserver machine on the domain * added necessary permission, previleges and roles * installed kerberos keytab on the fileserver * was able to retrieve ipaNTHash attribute with the keytab from samba server and now the only thing missing is to integrate the fileserver with the ipaserver. I donĀ“t mind in using ipasam, but to install in on my centos7 fileserver, which only has samba installed and nothing else, it also pulls the whole freeipa-server package, and this is overkill just to get ipasam.so. So I'd like some help in compiling it separately. I am using standard samba server distributed with centos 7. So I tried to use passdb backend = ldapsam:ldap//ipaserver but samba tries to bind using admin user, and doesn't use keytab, even though I put dedicated keytab file = FILE:/etc/samba/samba.keytab kerberos method = dedicated keytab in smb.conf.
ldapsam currently does not yet support keytab use. With CentOS7/mkosek COPR repo you don't need to use any special passdb module anymore, just follow http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
So please help me in getting these two things done: 1. use samba with freeipa through ldap( I know it is worse than ipasam, but would be nice to know how to integrate freeipa with samba with ldap on systems where ipasam might not be available )
Don't do that, use sssd-libwbclient integration. It requires pretty fresh sssd version (1.12.2+) but systems you mentioned (F21 and CentOS7 with mkosek COPR repo) have it.
2. compile an ipasam.so module so we can work on creating an rpm package in the future, since it is necessary to install ipasam.so separately.
No need to that when using sssd-libwbclient integration. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
