Hi, This is nice to have confirmed.
Is it possible for you to descrive what you do ? It might be handy to add this to the IPA documentation also with some explanation why... Cheers, Matt 2015-07-31 16:55 GMT+02:00 Christopher Lamb <[email protected]>: > Hi > > We use the Samba extensions for FreeIPA. Windows 7 users connect to the > "shares" using their FreeIPA credentials. The only password mgmt problem > that we have is, that the users get no notice of password expiry until > "suddenly" their Samba user (really the FreeIPA user) password is not > accepted when trying to connect to a share. Once the password is reset (via > CLI or FreeIPA WebUi), they can access the shares again. > > Chris > > > > From: Youenn PIOLET <[email protected]> > To: "Matt ." <[email protected]> > Cc: "[email protected]" <[email protected]> > Date: 31.07.2015 16:21 > Subject: Re: [Freeipa-users] Ubuntu Samba Server Auth against IPA > Sent by: [email protected] > > > > Hi, > I asked the very same question a few weeks ago, but no answer yet. > http://comments.gmane.org/gmane.linux.redhat.freeipa.user/18174 > > The only method I see is to install samba extensions in FreeIPA's LDAP > directory, and bind samba with LDAP. There may be a lot of difficulties > with password management doing this, that's why I'd like to get a better > solution :) > > Anyone? > > > -- > Youenn Piolet > [email protected] > > > 2015-07-31 16:03 GMT+02:00 Matt . <[email protected]>: > Hi Guys, > > I'm really struggeling getting a NON AD Samba server authing against a > FreeIPA server: > > Ubuntu 14.04 -> Samba (no AD) / SSD 1.12.5 > CentOS 7.1 -> FreeIPA 4.1 > > Now this seems to be the way: > > https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA > > > But as this, which I also found on the mailinglists: > > NOTE: Only Kerberos authentication will work when accessing Samba > shares using this method. This means that Windows clients not joined > to Active Directory forest trusted by IPA would not be able to access > the shares. This is related to SSSD not yet being able to handle > NTLMSSP authentication. > > It might not be that easy to have a Samba Shares only server. > > Any idea here how to accomplish ? > > Cheers, > > Matt > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
