If you just need to join a handful of windows machines to a freeIPA domain, try with these instructions:
https://www.redhat.com/archives/freeipa-users/2013-September/msg00226.h tml Best regards El mar, 11-10-2016 a las 17:43 -0700, Alan Latteri escribió: > > > > > I am trying to get this to work, but our Samba server is not the same machine as out IPA server, and these instructions seem to assume that. Any ideas? All I need is the 1 windows machine in our network to be able to access our linux based server, using the same user/pass as that of our IPA authenticated linux machines. > > > > > On Oct 10, 2016, at 1:35 PM, Степаненко Алексей <a.stepane...@gw.sp b.ru> wrote: > > > > > > > > > > I read again the topic > > > > http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Se rver_With_IPA/NTMLSSP > > > > > > It works exactly as I wanted ipa-adtrust-install created next configuration: > > > > > > > > > > $ net conf list > > > > [global] > > > > workgroup = WORKGROUP > > > > netbios name = SMB > > > > realm = GW.SPB.RU > > > > kerberos method = dedicated keytab > > > > dedicated keytab file = FILE:/etc/samba/samba.keytab > > > > create krb5 conf = no > > > > security = user > > > > domain master = yes > > > > domain logons = yes > > > > log level = 1 > > > > max log size = 100000 > > > > log file = /var/log/samba/log.%m > > > > passdb backend = > > ipasam:ldapi://%2fvar%2frun%2fslapd-GW-SPB-RU.socket > > > > disable spoolss = yes > > > > ldapsam:trusted = yes > > > > ldap ssl = off > > > > ldap suffix = dc=gw,dc=spb,dc=ru > > > > ldap user suffix = cn=users,cn=accounts > > > > ldap group suffix = cn=groups,cn=accounts > > > > ldap machine suffix = cn=computers,cn=accounts > > > > rpc_server:epmapper = external > > > > rpc_server:lsarpc = external > > > > rpc_server:lsass = external > > > > rpc_server:lsasd = external > > > > rpc_server:samr = external > > > > rpc_server:netlogon = external > > > > rpc_server:tcpip = yes > > > > rpc_daemon:epmd = fork > > > > rpc_daemon:lsasd = fork > > > > > > > > But I don't understand why it wasn't put to smb.conf directly. > > > > > > > > The second problem is 'passdb backend'. I didn't find any > > > > documentation about this module. An attempt to replace a file socket > > > > on net connection was failed. And I had to make LDAP replication. It > > was easy, but " > > > > ipa-replica-prepare" installed whole IPA server (tomcat, java, > > ldap), not only ldap-server. I need to continue to read > > documentation. However the problem was solved. > > > > > > > > 06.10.2016 23:51, Степаненко Алексей > > пишет: > > > > > > > > > Thank you for your reply. > > > > > > > > > > > > I've got Samba server for a company, accounts are created by hand. > > > Clients are different windows or linux desktops. > > > > > > > > > > > > > > > I want to install FreeIPA and have one area for managing accounts > > > > > > (SMB, SSH-access for others servers). Now, I prepare clean samba > > > > > > installation for testing. It would be great to use FreeIPA as > > > authorization server for samba. > > > > > > > > > > > > > > > I was looking for information about samba + freeIPA, but I found > > > only this document. Maybe, I miss obvious things. > > > > > > > > > > > > > > > > > > 06.10.2016 20:31, Loris Santamaria пишет: > > > > > > > The document you are linking to explains > > > > how to configure a samba file > > > > > > > > > > > > server in a freeipa domain, which is one of many ways you can > > > > configure > > > > > > > > and use a samba server. > > > > > > > > > > > > > > > > > > > > What do you want to achieve with samba, and what is your current > > > > setup? > > > > > > > > > > > > > > > > > > > > > > > > > > > > El jue, 06-10-2016 a las 19:23 +0300, Степаненко Алексей > > > > escribió: > > > > > > > > > Hello. > > > > > > > > > > > > > > > I've read the topic about FreeIPA and SAMBA > > > > > > > > > > > > > > > > > > > > > > > > > http://www.freeipa.org/page/Howto/Integrating_a_Sam ba_File_Server_Wit > > > > > > > > > > > > > > > h_IPA > > > > > > > > > > > > > > > > > > > > > > > > > If I understand clearly, samba's client must be present in > > > > > > > > > > FreeIPA AD. > > > > > > > > > > > > > > > Unfortunately, it does not work for me. I can't join some work > > > > > > > > > > > > > > > desktops > > > > > > > > > > > > > > > to AD. Is it possible to make Samba auth trough LDAP IPA ? > > > > > Samba has > > > > > > > > > > ldap support > > > > > > > > > > > > > > > > > > > > ldap admin dn > > > > > > > > > > ldap group suffix > > > > > > > > > > ldap idmap suffix > > > > > > > > > > ldap machine suffix > > > > > > > > > > ldap passwd sync > > > > > > > > > > ldap suffix > > > > > > > > > > ldap user suffix > > > > > > > > > > > > > > > > > > > > Does it work with IPA ? > > > > > > > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > Go to http://freeipa.org for more info on the project > -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A. http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve ------------------------------------------------------------ "If I'd asked my customers what they wanted, they'd have said a faster horse" - Henry Ford
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project