On Thu, 23 Feb 2012, Jeremy Agee wrote:
> You should also be able to use the filesystem to control access to
> the smb share. If acl support is on the filesytem, you can use
> these as well. Samba should have "nt acl support = Yes" set by
> default.
Yes, this will work -- as long as SSSD or nss_l
On Thu, 2012-02-23 at 21:12 -0500, Brian Cook wrote:
> I would not expect that there would be any problem with AD and IPA
> coexisting when the realm names are different, but I have heard
> reports that there are problems, especially when Linux clients are
> configured to use AD for DNS. Trying to
We use the group.example.com as the primary domain name, even for
windows clients. So a typical windows pc has:
ip: 192.168.0.100
dns1: linux-dns-server1
dns2: linux-dns-server2
search: group.example.com
That way the windows pcs only use their "melb.example.com" domain for
authentication and then
I think we are doing the same thing here, seemed to have arrived at the same
conclusion!.I have the AD DNS servers hand off the sub-domain to the IPA
servers, so they are the masters for all things linux/unix, the reverse IP
domains on the IPA servers are slaved from the AD DNS however as th
Hi,
Well I can give you how I think this works, but I stand to be corrected...
So, there is auto-discovery for kerberos going on via DNS, but AD's DNS already
has such kerberos for its services, so a Linux client is going to try and do
this, but its going to get AD results and not IPA results,
Hi Brian,
I spent a lot of time on this topic. In the end we decided to do the
following;
Microsoft domain: melb.example.com
Linux Domain: group.example.com
The linux DNS server is a slave to the Windows AD DNS servers & a
master DNS for "group.example.com".
All PCs point to our Linux DNS serve
I would not expect that there would be any problem with AD and IPA coexisting
when the realm names are different, but I have heard reports that there are
problems, especially when Linux clients are configured to use AD for DNS.
Trying to figure out what the problem is. I understand your delega
On Wed, Feb 22, 2012 at 02:57:03PM -0900, Erinn Looney-Triggs wrote:
> It looks like, as far as I can tell, the IPA pki setup does not by
> default include subjectKeyIdentifier in the SSL certificates issued. I
> am using ipa-getcert -f foo -k bar, to generate and submit the request.
>
> I am a li
On 02/23/2012 05:01 PM, Alexander Bokovoy wrote:
On Tue, 21 Feb 2012, Steven Jones wrote:
Hi,
Any good docs on making samba / smbclient / clients work with ipa?
not having much luck with google
The stack of protocols that Samba is implementing disassociates
authentication and actual conne
Hi,
thanks for the great explanation
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Alexander Bokovoy [aboko...@redhat.com]
Sent: Friday, 24 February 2012 11:01 a.m.
To: Steven Jone
On Tue, 21 Feb 2012, Steven Jones wrote:
> Hi,
>
> Any good docs on making samba / smbclient / clients work with ipa?
> not having much luck with google
The stack of protocols that Samba is implementing disassociates
authentication and actual connection to the shares. First you
authentica
Hi,
Subnet? IP addressing will not matter its DNS as the main issue, for me
anyway., I cant see IP / sunbets matter?
So, yes if you have AD as the same realm as IPA then only one will work well
from what I can read, IPA has to have its neat auto-discovery/balancing
features turned off, or at
I have heard that we currently have problems with IPA and AD existing on the
same subnet, possibly only when using AD as DNS servers, possibly even when the
realm names are different. I have not been able to find good concrete
information or BZ's regarding this. I am looking for clarification
Steven Jones wrote:
Hi,
Control samba with IPA, aka IPA controlling say ssh, so hbacl control between a
samba user group and a samba host group per samba share.
So redhat linux clients to redhat linux samba server (rhel6.2's)
I need to automount smb shares for linux users who are in IPA.
So
Hi,
Control samba with IPA, aka IPA controlling say ssh, so hbacl control between a
samba user group and a samba host group per samba share.
So redhat linux clients to redhat linux samba server (rhel6.2's)
I need to automount smb shares for linux users who are in IPA.
So far I have kerberos g
On Wed, 2012-02-22 at 22:07 +0100, Marco Pizzoli wrote:
> Hi guys,
> in a previous question about FreeIPA 2.1.90 I submitted to you, I
> received from Martin the answer to use the command:
>
> "ipa dnszone-mod --dynamic-update=TRUE
> "
>
> I used it and I successfully achieved my purpose, but c
16 matches
Mail list logo
