Alexander, Thanks for the quick reply. We are wanting to “migrate” (manually) to IPA 4 (from IPA 3) and wish to use the new ipaNTHash attributes instead of the legacy Samba LDAP schema. The problem we are facing is that we need to use ipasam.so with Samba 4 if we want use the new attributes.
At each site, we have an IPA 4 instance and Windows clients that need to be joined to a domain and a Linux file server that needs to also run Samba. I was hoping to use Samba4 AD with a Trust to the local IPA so we can use the AD features. I hope what we are trying to do (upgrade) makes sense. Do you have any recommendations? Thanks, nate >> On May 8, 2018, at 11:27, Alexander Bokovoy <aboko...@redhat.com> wrote: >> >> On ti, 08 touko 2018, Nathan Brown via FreeIPA-users wrote: >> When trying to establish an AD trust between IPA 4.5.4 and Samba 4.8.1 >> (MIT Kerberos), it fails with the following error: >> >> [root@atlas5ipa samba]# ipa -vv trust-add ATLAS5.HPC >> --range-type=ipa-ad-trust --two-way=true --admin=Administrator >> --server dc.atlas5.hpc >> Active Directory domain administrator's password: >> >> ipa: ERROR: Insufficient access: CIFS server denied your credentials > Trust between Samba 4.x and FreeIPA is not supported yet. > I have some patches in progress but not finished yet. > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
