On 06/09/2011 08:31 AM, Simo Sorce wrote: > On Thu, 2011-06-09 at 12:44 +0200, John S. Skogtvedt wrote: >> Hello, >> >> has anybody tried to integrate Samba with FreeIPA 2? I searched and >> found a mailing list post from 2009 with a solution using the 389 DNA >> plugin, but later posts indicated that the solution outlined wasn't >> correct (and probably out of date). >> >> My impression from what I've read is that there is no way of doing it >> other than configuring FreeIPA to add samba object classes, and >> specifying the required attributes when adding a user. The problem then >> is that adding users won't be possible from the web interface, because >> of required samba attributes (unless one instead later adds the >> necessary object classes and attributes). >> >> Is this correct? > You can modify the UI behavior wrt what classes and attribute to store. > >> If so, I wonder how much work it might be to either add a small hack to >> the web interface to add the necessary attributes, or to write a web >> interface plugin which adds a user with the necessary attributes. Any >> pointers would be appreciated (I know python). >> I think it'd be useful to be able to add template values as well as >> objectclasses in ipaConfig, e.g. something like: >> ipaUserAttrs: sambaSid: ...-$uid, where $uid is expanded when the user >> is created. > You probably want to use the DNA plugin to generate the sambaSid for you > once you have a domain SID, it's not too difficult and will be much less > error prone. > > Simo. > Once in the past the DS was fixed to be able to be a back end for the Samba4 server so I suspect it should provide all the functionality you need. A plugin can be written to provide cli and UI management of Samba attributes. Are you interested in writing such a plugin? What is your end goal and time line?
-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
