HI Detlev

Yes we have it working with Samba 4.x and IPA 4.x, pretty much as described
in the techslaves article.  I did intend to write a "how-to", but 1000
other things took over ... I made some notes at the time, which I will try
and dig out.

We did not use ipa-adtrust-install, so I can't comment on that.

Chris




From:   Detlev Habicht <detlev.habi...@ims.uni-hannover.de>
To:     freeipa-users@redhat.com
Date:   16.06.2016 14:10
Subject:        Re: [Freeipa-users] IPA,        Samba and how can a Windows
            client access it
Sent by:        freeipa-users-boun...@redhat.com




Thank you,

i found an old post from you with this smb.conf:

security = user
passdb backend = ldapsam:ldap://ldap.my.example.com

ldap suffix = dc=my,dc=example,dc=com

ldap admin dn = cn=Directory Manager
ldap ssl = off

Is this still working with Samba 4.x und IPA 4.x?
I will try it soon.

Will "ipa-adtrust-install --add-sids" do all the config
i need for this? I think, your hint with techslaves is
good, but not uptodate.

Detlev

P.S.: Yes, i want the same, this clients are not a member of a domain ...

--
  Detlev  | Institut fuer Mikroelektronische Systeme
  Habicht | D-30167 Hannover +49 511 76219662 habi...@ims.uni-hannover.de
  --------+-------- Handy    +49 172 5415752  ---------------------------



Am 16.06.2016 um 12:52 schrieb Christopher Lamb <
christopher.l...@ch.ibm.com>:



      Hi Detlev

      If I have understood you correctly, you want to let Windows users
      access Samba "shares" using their IPA username/passwords?

      If so it is possible. We have both Windows and OSX workstations
      accessing unix fileshares like that.

      We did it more or less along the lines described here:
      http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration/

      If you search the archives of this forum with FreeIPA Samba Lamb you
      will find some previous threads on this topic.

      Chris

      <graycol.gif>Detlev Habicht ---06/16/2016 10:49:49---Hi, first i
      thought, it is an awkward question, but my smart colleague here also

      From: Detlev Habicht <detlev.habi...@ims.uni-hannover.de>
      To: freeipa-users@redhat.com
      Date: 06/16/2016 10:49
      Subject: [Freeipa-users] IPA, Samba and how can a Windows client
      access it
      Sent by: freeipa-users-boun...@redhat.com





      Hi,

      first i thought, it is an awkward question, but my smart colleague
      here also
      cannot help me, so i try it:

      I read this and i have installed it:

      "Howto/Integrating a Samba File Server With IPA"
      http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA


      This is working as described. But this works only for Linux so far.

      We are not able to find a configuration, so a single Windows client
      have access
      to the Samba Server. Only with his IPA account (username and
      password)!
      I don’t want to use something like trusted AD. As i said, for the
      Windows clients
      i want only to use an username and password for Samba, using IPA.

      Well, this is the configuration as described in the docu:

      [global]
      workgroup = MY
      realm = MY.REALM
      dedicated keytab file = FILE:/etc/samba/samba.keytab
      kerberos method = dedicated keytab
      log file = /var/log/samba/log.%m
      security = ads

      Any idea what i can do for my wishes?

      Thank you!

      Detlev


      --
      Detlev | Institut fuer Mikroelektronische Systeme
      Habicht | D-30167 Hannover +49 511 76219662
      habi...@ims.uni-hannover.de
      --------+-------- Handy +49 172 5415752 ---------------------------


      --
      Manage your subscription for the Freeipa-users mailing list:
      https://www.redhat.com/mailman/listinfo/freeipa-users
      Go to http://freeipa.org for more info on the project

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to