On 09/20/2013 07:33 AM, Fred van Zwieten wrote: > Hi, > > I wonder if it is possible to have Windows clients (member of some > domain) to connect to SAMBA shares with an IPA account. I found > various howto's voor Kerberized SAMBA but they al use Linux as the > client platform. I have tried to set it up using a Red Hat Solution > article, but I did not get it to work. > > Is it possible without using trust or synchronization between AD and > IPA? If yes, how? > > Fred > > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users
So the setup is: AD and IPA not in trust or sync There is an IPA user logging into Windows client in AD domain and trying to access Samba share in which domain? I mean is Samba a member server in AD domain or IPA? Anyways it would not work. What should work is: * User from AD accessing a samba share in AD domain (this is the setup in the documentation that you refer to). * User from IPA accessing samba share in IPA domain using Linux client (I think that has been possible in the past) Other scenarios would not work yet AFAIU because: 1) IPA does not provide global catalog yet 2) Samba FS and IPA integration as a member server in trust setup is not ready to serve users from a trusted domains. There is some work to be done there. Both are on the roadmap but not available right now. -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users