[Freeipa-users] FreeIPA 2, adding Samba attributes
Hello, has anybody tried to integrate Samba with FreeIPA 2? I searched and found a mailing list post from 2009 with a solution using the 389 DNA plugin, but later posts indicated that the solution outlined wasn't correct (and probably out of date). My impression from what I've read is that there is no way of doing it other than configuring FreeIPA to add samba object classes, and specifying the required attributes when adding a user. The problem then is that adding users won't be possible from the web interface, because of required samba attributes (unless one instead later adds the necessary object classes and attributes). Is this correct? If so, I wonder how much work it might be to either add a small hack to the web interface to add the necessary attributes, or to write a web interface plugin which adds a user with the necessary attributes. Any pointers would be appreciated (I know python). I think it'd be useful to be able to add template values as well as objectclasses in ipaConfig, e.g. something like: ipaUserAttrs: sambaSid: ...-$uid, where $uid is expanded when the user is created. Thank you, John. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA 2, adding Samba attributes
Den 09. juni 2011 14:31, skrev Simo Sorce: You probably want to use the DNA plugin to generate the sambaSid for you once you have a domain SID, it's not too difficult and will be much less error prone. Simo. Thanks. The solution outlined at http://www.mail-archive.com/freeipa-users@redhat.com/msg00111.html works for me, at least for user objects (didn't try the group part yet). ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] FreeIPA 2, adding Samba attributes
Den 09. juni 2011 17:05, skrev Dmitri Pal: Once in the past the DS was fixed to be able to be a back end for the Samba4 server so I suspect it should provide all the functionality you need. A plugin can be written to provide cli and UI management of Samba attributes. Are you interested in writing such a plugin? What is your end goal and time line? I just need the minimal samba LDAP attributes set in order to be able to use Samba 3 together with FreeIPA. Fortunately it seems that that's possible after all without any coding (see my other email). John. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
