Re: [Freeipa-users] IPA, samba, and secondary groups
Hi, On Wed, Feb 29, 2012 at 11:24:25AM -0500, Kelvin Edmison wrote: I am running into an issue where users cannot access a samba volume if their only access is via a secondary group. For example, if testuser's primary group is ipausers, and secondary groups include testgroup, and the samba mount permissions are adminuser:testgroup:rwxrwx---, then testuser cannot read or write to the samba mount. If the testuser is change so that its primary group is testgroup, then testuser can access the volume. In this case, samba is running on a separate CentOS 5 server, configured to access IPA via LDAP. It is a requirement that I support userid/password-based access to the samba server, as I cannot roll all my users onto kerberos right away. Doe anyone have any insight as to what is going on and how it can be fixed? I did see something similiar recently, the ldapsam backend in samba was used. You might want to try out 'ldapsam:trusted = no' in smb.conf . Christian ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Can FreeIPA use FreeRADIUS as users provider
On 03/01/2012 09:21 AM, Pavel Zhukov wrote: Simo, thank you for your answer FreeRADIUS uses very customized (for complex network ACLs) MySQL schema and network team manages it. Unfortunately, I cannot change FreeRADIUS related infrastructure. AuthHub is your friend then. https://fedorahosted.org/AuthHub/ I am CC Nathaniel who is the developer on this project. I know he is looking into RADIUS integration. Any help would be appreciated. -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] IPA hostnames. Why not use `hostname -fqdn` instead of forcing `hostname` to be fully qualified?
On 03/02/2012 10:38 AM, Ondrej Valousek wrote: Ok, we have slipped away a bit. Now I agree with Craig. We should be always using 'hostname --fqdn' instead of just 'hostname'. The sssd parameter Stephen offered (ipa_hostname) seems to me bit misleading. We should probably insist that hostname --fqdn is always correct and valid. Ondrej If ipa-client-install is not detecting this situation I think it is a bug. Simo. Have we opened a bug? Proud winners of the prestigious Irish Software Exporter Award 2011 from Irish Exporters Association (IEA). Please, refer to our web site for more details regarding the award. The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communicati...@s3group.com. Thank You. Silicon and Software Systems Limited. Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
