On Thu, 2011-06-09 at 12:44 +0200, John S. Skogtvedt wrote: > Hello, > > has anybody tried to integrate Samba with FreeIPA 2? I searched and > found a mailing list post from 2009 with a solution using the 389 DNA > plugin, but later posts indicated that the solution outlined wasn't > correct (and probably out of date). > > My impression from what I've read is that there is no way of doing it > other than configuring FreeIPA to add samba object classes, and > specifying the required attributes when adding a user. The problem then > is that adding users won't be possible from the web interface, because > of required samba attributes (unless one instead later adds the > necessary object classes and attributes). > > Is this correct?
You can modify the UI behavior wrt what classes and attribute to store. > If so, I wonder how much work it might be to either add a small hack to > the web interface to add the necessary attributes, or to write a web > interface plugin which adds a user with the necessary attributes. Any > pointers would be appreciated (I know python). > I think it'd be useful to be able to add template values as well as > objectclasses in ipaConfig, e.g. something like: > ipaUserAttrs: sambaSid: ...-$uid, where $uid is expanded when the user > is created. You probably want to use the DNA plugin to generate the sambaSid for you once you have a domain SID, it's not too difficult and will be much less error prone. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users