On 10/29/2014 08:15 AM, John Obaterspok wrote:
Hello,
I might be interested in this as well. Does this mean it would be
possible for a windows client to access samba FS through IPA provided
credentials?
Currently my Windows PC gets IPA ticket (through MIT kerberos
application) and can use this ticket to login to Linux server via
putty. I would jump up and down if I could access samba FS in the same
way from Windows:)
(I got sssd 1.12.1 and freeipa 4.1 running on F20)
I suspect that if you deploy Samba FS with SSSD configured as a member
server of the IPA domain it should be possible.
-- john
2014-10-23 12:32 GMT+02:00 Sumit Bose <sb...@redhat.com
<mailto:sb...@redhat.com>>:
On Tue, Oct 21, 2014 at 07:49:11AM -0430, Loris Santamaria wrote:
> El lun, 20-10-2014 a las 21:19 -0400, Dmitri Pal escribió:
> > On 10/20/2014 09:15 AM, Loris Santamaria wrote:
>
> [...]
>
> > >
> > > Trying to join the server to the domain (net rpc join -U
domainadmin -S
> > > ipaserver) fails, and it causes a samba crash on the ipa server.
> > > Investigating the cause of the crash I found that pdbedit
crashes as
> > > well (backtrace attached). I couldn't get a meaningful
backtrace from
> > > the samba crash however I attached it as well.
> > >
> > > Seems to me that the samba ipasam backend on ipa doesn't
like something
> > > in the host or the "domain computers" group object in ldap,
but I cannot
> > > see what could be the problem. Perhaps someone more familiar
with the
> > > ipasam code can spot it quickly.
>
> > Do I get it right that you really looking for
> > https://fedorahosted.org/sssd/ticket/1588 that was just released
> > upstream?
> > It would be cool if you can try using SSSD 1.12.1 under Samba
FS in
> > the use case you have and provide feedback on how it works for
you.
> >
> > AFAIU you install Samba FS and then use ipa-client to
configure SSSD
> > under it and it should work.
> > If not we probably should document it (but I do not see any
special
> > design page which leads me to the above expectation).
>
> Ok, I'll happily try sssd 1.12.1.
>
> Just a question, in smb.conf one should use "security = domain" or
> "security = ads"?
'ads' because we want to use Kerberos. But there some other
configuration options which needs attention, e.g. you have to create a
keytab for the cifs service and make it available to samba. I'll
try to
set up an small howto page listing the needed steps and come back
to you
early next week.
bye,
Sumit
>
> Best regards
>
> --
> Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve
<mailto:xmpp%3alo...@lgs.com.ve>
> Links Global Services, C.A. http://www.lgs.com.ve
> Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve
<mailto:sip%3a...@lgs.com.ve>
> ------------------------------------------------------------
> "If I'd asked my customers what they wanted, they'd have said
> a faster horse" - Henry Ford
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project