On 10.3.2016 13:34, Giulio Casella wrote: > I've seen that howto, but it's not my case. I cannot establish a trust between > IPA and AD, because AD domain involves additional UPNs (mydomain.com and > another.mydomain.com) in addition to main domain foobar.local. This scenario > is not supported by current version of FreeIPA (maybe in future releases). > So: FreeIPA domain and AD domain have to be different.
For the record, UPN support is soonish. Petr^2 Spacek > > Giulio > > Il 10/03/2016 13:23, Justin Stephenson ha scritto: >> Hello, >> >> Are you looking for this? This leverages the AD trust to allow samba >> within IPA to resolve AD users from a trusted AD domain/forest >> >> *Howto/Integrating a Samba File Server With IPA* >> >> >> http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA >> >> >> -Justin >> >> On 03/10/2016 06:29 AM, Giulio Casella wrote: >>> Hi guys, >>> I've got a FreeIPA domain up and running, with a nfs server, joined to >>> IPA domain, offering user's home directories. >>> >>> I'd like to give users on Windows 7 PC (not joined to the same domain) >>> the ability to mount those home directories via samba (entering >>> credentials, not kerberos, being different domains). >>> >>> How can I configure samba to use IPA kerberos authentication >>> authentication to offer access to home directories? >>> >>> I know this could be configured more as a samba question, but I hope >>> someone in this list already faced my scenario. >>> >>> Thanks in advance, >>> Giulio >>> >> > -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project