I too am running into this problem.  Looking forward to some feedback regarding 
this issue.

> On Sep 15, 2016, at 7:04 AM, Brook, Andy [CRI] <abr...@bsd.uchicago.edu> 
> wrote:
> 
> All,
>  I’m working on setting up Samba to serve files from a server attached to our 
> IPA domain. I followed the directions in 
> https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA. 
> Everything seems to work and I can access the files from another RHEL server 
> attached to the same domain using a Kerberos ticket from a user from the 
> trusted AD domain. However, I can’t access this share from a windows client 
> that is also attached to the trusted AD domain.
> 
> My smb.conf is as follows:
> [global]
>        workgroup = IPA
>        realm = IPA.DOMAIN
>        kerberos method = dedicated keytab
>        dedicated keytab file = FILE:/etc/samba/samba.keytab
>        log file = /var/log/samba/log.%m
>        log level = 3
>        security = ads
>        load printers = no
>        disable spoolss = yes
>        map to guest = Never
>        restrict anonymous = 2
> 
> [spacetest]
>        path = /var/www
>        writable = yes
>        browsable = yes
> 
> I put the keytab in place from the cifs service from the IPA server.
> 
> I feel like I’m missing something small, but I can’t seem to find it. Logs 
> from samba are here: http://pastebin.com/aMDXfR78
> 
> Andy Brook
> Sr. Systems Administrator | Center for Research Informatics | University of 
> Chicago
> T: 773-834-0458 | http://cri.uchicago.edu
> 
> ********************************************************************************
> This e-mail is intended only for the use of the individual or entity to which
> it is addressed and may contain information that is privileged and 
> confidential.
> If the reader of this e-mail message is not the intended recipient, you are 
> hereby notified that any dissemination, distribution or copying of this
> communication is prohibited. If you have received this e-mail in error, 
> please 
> notify the sender and destroy all copies of the transmittal. 
> 
> Thank you
> University of Chicago Medicine and Biological Sciences 
> ********************************************************************************
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to