I have a freeipa installation of v4 on Fedora 21. I have a separate fileserver with freeipa packages installed from mkosek-freeipa-epel-7.repo on centos 7.
I have: * created sambaSAMAccount,sambaGroupMapping UserObjects * created an entry for DNA plugin to populate them cn=SambaGroupSid,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config * added a CoS template for sambaGroupType * added a CoS definition for sambaGroupType * used ipa-adtrust-install to create and populate ipaNTHash * checked with the creation of these attributes with an ldap browser all ok * put the fileserver machine on the domain * added necessary permission, previleges and roles * installed kerberos keytab on the fileserver * was able to retrieve ipaNTHash attribute with the keytab from samba server and now the only thing missing is to integrate the fileserver with the ipaserver. I don´t mind in using ipasam, but to install in on my centos7 fileserver, which only has samba installed and nothing else, it also pulls the whole freeipa-server package, and this is overkill just to get ipasam.so. So I'd like some help in compiling it separately. I am using standard samba server distributed with centos 7. So I tried to use passdb backend = ldapsam:ldap//ipaserver but samba tries to bind using admin user, and doesn't use keytab, even though I put dedicated keytab file = FILE:/etc/samba/samba.keytab kerberos method = dedicated keytab in smb.conf. So please help me in getting these two things done: 1. use samba with freeipa through ldap( I know it is worse than ipasam, but would be nice to know how to integrate freeipa with samba with ldap on systems where ipasam might not be available ) 2. compile an ipasam.so module so we can work on creating an rpm package in the future, since it is necessary to install ipasam.so separately. Kudos for the development team for this amazing software. Thanks in advance Free software philosophy : Information is for free. People are not. Contributors are priceless. Filosofia de software livre: Informação é de graça. Pessoas não são. Contribuidores não tem preço. Israel Vinícius Miranda -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project