Hi Alexander,

Yes this is know, but it's not usable yet, at least not on an Ubuntu
Samba server as far as I know ?

If so, maybe you can help us out here to clear this up how to do it.



2015-08-07 23:09 GMT+02:00 Alexander Bokovoy <aboko...@redhat.com>:
> On Thu, 06 Aug 2015, Christopher Lamb wrote:
>> Hi Matt
>> As far as I can make out, there are at least 2 viable Samba / FreeIPA
>> integration paths.
>> The route I took is suited where there is no Active Directory involved: In
>> my case all the Windows, OSX and Linux clients are islands that sit on the
>> same network.
>> The route that Youenn has taken (unless I have got completely the wrong
>> end
>> of the stick) requires Active Directory in the architecture.
> Yes, you are at the wrong end of the stick. You don't need AD in the
> architecture here. You can reuse IPA design for AD integration via trust
> for normal Samba integration but use ipasam.so instead of ldapsam.so.
> This is what Youenn did. The only way we don't support it (yet) is
> because we think doing a longer term solution via SSSD and NTLMSSP
> support is better scalability vise -- your SSSD client is already having
> LDAP connection and is already holding identity mappings in the cache so
> there is no need to run separate LDAP connection in smbd/winbindd for
> that and cache the same data in a different way.
> --
> / Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to