Re: [Freeipa-users] One-way replication
On Thu, 16 Aug 2012, Dimitris Tsompanidis wrote: On 16/08/2012 14:34, Alexander Bokovoy wrote: On Thu, 16 Aug 2012, Dimitris Tsompanidis wrote: Hi all, I'm looking into setting up a Samba file server with FreeIPA as the password backend. I don't need fancy stuff, just plain LDAP password authentication. http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration/ (my first thought was using PAM as the LDAP frontend but apparently this does not work for Samba...) All the tutorials I've looked into mention the need to update the LDAP schema in FreeIPA as a part of the procedure. I'm not really keen on doing this, at least not in my production FreeIPA cluster, so I thought of setting up a test FreeIPA installation that would only replicate data from the FreeIPA "master" but not the either way around. My problem is that I can't find any way of doing this except by creating the replica and then deleting the test replica from the FreeIPA topology - basically creating a non-updating stand-alone copy of my production servers. Is there a way to force a one-way replication? (I'd also be grateful for any mentions of less painful ways of connecting samba to freeipa :)) For IPA v2.x the link above explains fairly easy setup. I am already aware of this guide - that's me in the second comment asking more or less the same thing :) :) Since that guide involves patching the code, the changed packages will need to get to other replicas as well. However, as configuration changes are added to the tree that is replicated by default, I think everything what's affected will be replicated. -- / Alexander Bokovoy ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] One-way replication
On 16/08/2012 14:34, Alexander Bokovoy wrote: On Thu, 16 Aug 2012, Dimitris Tsompanidis wrote: Hi all, I'm looking into setting up a Samba file server with FreeIPA as the password backend. I don't need fancy stuff, just plain LDAP password authentication. http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration/ (my first thought was using PAM as the LDAP frontend but apparently this does not work for Samba...) All the tutorials I've looked into mention the need to update the LDAP schema in FreeIPA as a part of the procedure. I'm not really keen on doing this, at least not in my production FreeIPA cluster, so I thought of setting up a test FreeIPA installation that would only replicate data from the FreeIPA "master" but not the either way around. My problem is that I can't find any way of doing this except by creating the replica and then deleting the test replica from the FreeIPA topology - basically creating a non-updating stand-alone copy of my production servers. Is there a way to force a one-way replication? (I'd also be grateful for any mentions of less painful ways of connecting samba to freeipa :)) For IPA v2.x the link above explains fairly easy setup. I am already aware of this guide - that's me in the second comment asking more or less the same thing :) Dimitris Tsompanidis System administrator at ComeOn! dimitris.tsompani...@comeon.com ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] One-way replication
On Thu, 16 Aug 2012, Dimitris Tsompanidis wrote: Hi all, I'm looking into setting up a Samba file server with FreeIPA as the password backend. I don't need fancy stuff, just plain LDAP password authentication. http://techslaves.org/2011/08/24/freeipa-and-samba-3-integration/ (my first thought was using PAM as the LDAP frontend but apparently this does not work for Samba...) All the tutorials I've looked into mention the need to update the LDAP schema in FreeIPA as a part of the procedure. I'm not really keen on doing this, at least not in my production FreeIPA cluster, so I thought of setting up a test FreeIPA installation that would only replicate data from the FreeIPA "master" but not the either way around. My problem is that I can't find any way of doing this except by creating the replica and then deleting the test replica from the FreeIPA topology - basically creating a non-updating stand-alone copy of my production servers. Is there a way to force a one-way replication? (I'd also be grateful for any mentions of less painful ways of connecting samba to freeipa :)) For IPA v2.x the link above explains fairly easy setup. -- / Alexander Bokovoy ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
