Hi, To centrally manage all credentials from Active Directory, we configured FreeIPA integration with Active Directory to authenticate users to IPA-joined Linux machines via SSSD using AD credentials.
The Linux machines have NFS shares mounted on their local filesystems which we use to work in a sharable way. We have configured FreeIPA "ID Views" for each user to override the AD-originating generic UID and GID with shorter UID and GID values. This is to preserve IPA-authenticated users' NFS permissions that were inherited from the previous Linux directory management system (NIS) we used and for simplicity. When working locally or remotely (SSH/VNC) on the Linux machines, everything is working as expected with no issues. Our problem is with SMB - We need to share the NFS shares over SMB for direct File Explorer access for Windows users. For this purpose, we have an Ubuntu machine we use as an SMB server. The server is joined to IPA as a client and has all NFS shares mounted locally on its filesystem. The ideal way is to somehow configure SMB to forward authentication to IPA (as it was a local/SSH authentication to the server) and map the ID views user and group IDs to preserve permissions. We searched all over the internet and didn't find a working solution for this use case. Is this supported? If yes, how can this be implemented? -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
