Hi Alexander, Yes this is know, but it's not usable yet, at least not on an Ubuntu Samba server as far as I know ?
If so, maybe you can help us out here to clear this up how to do it. Thanks! Matt 2015-08-07 23:09 GMT+02:00 Alexander Bokovoy <aboko...@redhat.com>: > On Thu, 06 Aug 2015, Christopher Lamb wrote: >> >> Hi Matt >> >> As far as I can make out, there are at least 2 viable Samba / FreeIPA >> integration paths. >> >> The route I took is suited where there is no Active Directory involved: In >> my case all the Windows, OSX and Linux clients are islands that sit on the >> same network. >> >> The route that Youenn has taken (unless I have got completely the wrong >> end >> of the stick) requires Active Directory in the architecture. > > Yes, you are at the wrong end of the stick. You don't need AD in the > architecture here. You can reuse IPA design for AD integration via trust > for normal Samba integration but use ipasam.so instead of ldapsam.so. > This is what Youenn did. The only way we don't support it (yet) is > because we think doing a longer term solution via SSSD and NTLMSSP > support is better scalability vise -- your SSSD client is already having > LDAP connection and is already holding identity mappings in the cache so > there is no need to run separate LDAP connection in smbd/winbindd for > that and cache the same data in a different way. > > -- > / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project