Nice, I think that page may also solve my problem. Going to try it soon. > On Oct 10, 2016, at 1:35 PM, Степаненко Алексей <[email protected]> > wrote: > > I read again the topic > http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP > > <http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA/NTMLSSP> > It works exactly as I wanted > > ipa-adtrust-install created next configuration: > $ net conf list > [global] > workgroup = WORKGROUP > netbios name = SMB > realm = GW.SPB.RU > kerberos method = dedicated keytab > dedicated keytab file = FILE:/etc/samba/samba.keytab > <file:///etc/samba/samba.keytab> > create krb5 conf = no > security = user > domain master = yes > domain logons = yes > log level = 1 > max log size = 100000 > log file = /var/log/samba/log.%m > passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-GW-SPB-RU.socket > disable spoolss = yes > ldapsam:trusted = yes > ldap ssl = off > ldap suffix = dc=gw,dc=spb,dc=ru > ldap user suffix = cn=users,cn=accounts > ldap group suffix = cn=groups,cn=accounts > ldap machine suffix = cn=computers,cn=accounts > rpc_server:epmapper = external > rpc_server:lsarpc = external > rpc_server:lsass = external > rpc_server:lsasd = external > rpc_server:samr = external > rpc_server:netlogon = external > rpc_server:tcpip = yes > rpc_daemon:epmd = fork > rpc_daemon:lsasd = fork > > But I don't understand why it wasn't put to smb.conf directly. > > The second problem is 'passdb backend'. I didn't find any documentation about > this module. An attempt to replace a file socket on net connection was > failed. And I had to make LDAP replication. It was easy, but " > ipa-replica-prepare" installed whole IPA server (tomcat, java, ldap), not > only ldap-server. I need to continue to read documentation. However the > problem was solved. > > 06.10.2016 23:51, Степаненко Алексей пишет: >> Thank you for your reply. >> >> I've got Samba server for a company, accounts are created by hand. Clients >> are different windows or linux desktops. >> >> I want to install FreeIPA and have one area for managing accounts (SMB, >> SSH-access for others servers). Now, I prepare clean samba installation for >> testing. It would be great to use FreeIPA as authorization server for samba. >> >> I was looking for information about samba + freeIPA, but I found only this >> document. Maybe, I miss obvious things. >> >> >> 06.10.2016 20:31, Loris Santamaria пишет: >>> The document you are linking to explains how to configure a samba file >>> server in a freeipa domain, which is one of many ways you can configure >>> and use a samba server. >>> >>> What do you want to achieve with samba, and what is your current setup? >>> >>> >>> El jue, 06-10-2016 a las 19:23 +0300, Степаненко Алексей escribió: >>>> Hello. >>>> >>>> I've read the topic about FreeIPA and SAMBA >>>> http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wit >>>> <http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wit> >>>> h_IPA >>>> >>>> If I understand clearly, samba's client must be present in >>>> FreeIPA AD. >>>> Unfortunately, it does not work for me. I can't join some work >>>> desktops >>>> to AD. Is it possible to make Samba auth trough LDAP IPA ? Samba has >>>> ldap support >>>> >>>> ldap admin dn >>>> ldap group suffix >>>> ldap idmap suffix >>>> ldap machine suffix >>>> ldap passwd sync >>>> ldap suffix >>>> ldap user suffix >>>> >>>> Does it work with IPA ? >>>> >>>> Thanks. >>>> >> >> >> > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
