Hi Chris, Thanks for that verification!
It seems that: /usr/share/ipa/ui/group.js Is not there on IPA.4.1, also there is no .js at all on the whole system. Any idea there ? Thanks again! Matt 2015-08-03 9:53 GMT+02:00 Christopher Lamb <christopher.l...@ch.ibm.com>: > Hi Matt > > Thankfully I saved the output from those ldapmodify commands (against > FreeIPA 4.1) and was able to find it again! > > In our case sambagrouptype also seems to have already been present, so that > should not hurt. > > [root@xxx-ldap2 samba]# ldapmodify -Y GSSAPI <<EOF >> dn: cn=ipaconfig,cn=etc,dc=my,dc=silly,dc=example,dc=com >> changetype: add >> add: ipaCustomFields >> ipaCustomFields: "Samba Group Type,sambagrouptype,true" >> EOF > SASL/GSSAPI authentication started > SASL username: l...@my.silly.example.com > SASL SSF: 56 > SASL data security layer installed. > adding new entry "cn=ipaconfig,cn=etc,dc=my,dc=silly,dc=example,dc=com" > ldap_add: Already exists (68) > > Chris > > > > > From: "Matt ." <yamakasi....@gmail.com> > To: > Cc: "freeipa-users@redhat.com" <freeipa-users@redhat.com> > Date: 02.08.2015 13:33 > Subject: Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA > Sent by: freeipa-users-boun...@redhat.com > > > > Chris, > > Are you doing this on 3.x or also 4.x ? > > As the following already exists: > > ldapmodify -Y GSSAPI <<EOF > dn: cn=ipaconfig,cn=etc,dc=domain,dc=tld > changetype: add > add: ipaCustomFields > ipaCustomFields: "Samba Group Type,sambagrouptype,true" > EOF > > > And I'm unsure about the pyton files are they are sligtly different on 4.1 > > > Thanks! > > > 2015-08-01 19:51 GMT+02:00 Matt . <yamakasi....@gmail.com>: >> Hi, >> >> Yes I found that earlier, that looks good and even better when you >> confirm this as really usable. >> >> For Samba 4 the IPA devs are very busy but I wonder indeed what >> happends when we "need" to move because integration has been improved. >> >> I try to keep IPA as native as I can. >> >> So this is the best way to go for now, even when this thread is such > "old" ? >> >> Thanks! >> >> Matt >> >> >> 2015-08-01 9:48 GMT+02:00 Christopher Lamb <christopher.l...@ch.ibm.com>: >>> Hi Matt >>> >>> For a "how to" of Samba FreeIPA integration using schema extensions, see >>> this previous thread >>> >>> https://www.redhat.com/archives/freeipa-users/2015-May/msg00124.html >>> >>> That should point to this techslaves article with the detailed > instructions >>> that we followed: >>> >>> http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration/ >>> >>> The main reason we went that way is that we have no AD domain, which > seems >>> to be required by other integration paths. >>> >>> Note we are running FreeIPA and Samba on OEL servers (first 6.x, now > 7.x). >>> So things may be different on Ubuntu. >>> >>> As always, when changing the LDAP schema, an LDAP browser like Apache >>> Directory Studio is very useful to visualise what is going on and to > verify >>> if your changes are present! (and is sometime easier to manually change >>> attributes rather than by LDAPMODIFY script....) >>> >>> There is another ongoing thread in this mailing list about problems with >>> the attribute SambaPwdLastSet. >>> >>> Chris >>> >>> >>> >>> From: "Matt ." <yamakasi....@gmail.com> >>> To: >>> Cc: "freeipa-users@redhat.com" <freeipa-users@redhat.com> >>> Date: 31.07.2015 16:58 >>> Subject: Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA >>> Sent by: freeipa-users-boun...@redhat.com >>> >>> >>> >>> Hi, >>> >>> This is nice to have confirmed. >>> >>> Is it possible for you to descrive what you do ? It might be handy to >>> add this to the IPA documentation also with some explanation why... >>> >>> Cheers, >>> >>> Matt >>> >>> 2015-07-31 16:55 GMT+02:00 Christopher Lamb > <christopher.l...@ch.ibm.com>: >>>> Hi >>>> >>>> We use the Samba extensions for FreeIPA. Windows 7 users connect to the >>>> "shares" using their FreeIPA credentials. The only password mgmt > problem >>>> that we have is, that the users get no notice of password expiry until >>>> "suddenly" their Samba user (really the FreeIPA user) password is not >>>> accepted when trying to connect to a share. Once the password is reset >>> (via >>>> CLI or FreeIPA WebUi), they can access the shares again. >>>> >>>> Chris >>>> >>>> >>>> >>>> From: Youenn PIOLET <piole...@gmail.com> >>>> To: "Matt ." <yamakasi....@gmail.com> >>>> Cc: "freeipa-users@redhat.com" <freeipa-users@redhat.com> >>>> Date: 31.07.2015 16:21 >>>> Subject: Re: [Freeipa-users] Ubuntu Samba Server Auth against > IPA >>>> Sent by: freeipa-users-boun...@redhat.com >>>> >>>> >>>> >>>> Hi, >>>> I asked the very same question a few weeks ago, but no answer yet. >>>> http://comments.gmane.org/gmane.linux.redhat.freeipa.user/18174 >>>> >>>> The only method I see is to install samba extensions in FreeIPA's LDAP >>>> directory, and bind samba with LDAP. There may be a lot of difficulties >>>> with password management doing this, that's why I'd like to get a > better >>>> solution :) >>>> >>>> Anyone? >>>> >>>> >>>> -- >>>> Youenn Piolet >>>> piole...@gmail.com >>>> >>>> >>>> 2015-07-31 16:03 GMT+02:00 Matt . <yamakasi....@gmail.com>: >>>> Hi Guys, >>>> >>>> I'm really struggeling getting a NON AD Samba server authing against > a >>>> FreeIPA server: >>>> >>>> Ubuntu 14.04 -> Samba (no AD) / SSD 1.12.5 >>>> CentOS 7.1 -> FreeIPA 4.1 >>>> >>>> Now this seems to be the way: >>>> >>>> >>> > https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA >>>> >>>> >>>> But as this, which I also found on the mailinglists: >>>> >>>> NOTE: Only Kerberos authentication will work when accessing Samba >>>> shares using this method. This means that Windows clients not joined >>>> to Active Directory forest trusted by IPA would not be able to access >>>> the shares. This is related to SSSD not yet being able to handle >>>> NTLMSSP authentication. >>>> >>>> It might not be that easy to have a Samba Shares only server. >>>> >>>> Any idea here how to accomplish ? >>>> >>>> Cheers, >>>> >>>> Matt >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >>>> >>>> >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >>> >>> >>> >>> > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project