[Freeipa-devel] freeipa and samba

Thomas Sailer sailer at sailer.dynip.lugs.ch
Wed Feb 6 02:19:53 UTC 2008


I've just installed freeipa on an up-to-date Fedora 8 machine. I used
the current rawhide ipa srpm and recompiled it on F8.

The biggest problem was that kerberos credentials passing in
mod_auth_kerb does not work with krb5-libs-1.6.2-9.fc8. I recompiled and
installed the rawhide krb5-1.6.3-4.fc9.src.rpm on F8, now it works. This
might be worth an addition to the troubleshooting guide, it took me
quite some time to figure this out.

Now how am I supposed to configure samba? I can make samba authenticate
against LDAP just fine. But what should samba do on user add? password
change?

The ipa-* scripts currently do not provide a way to create a machine
account.

smbldap-tools scripts basically work, but do not add the kerberos
principal when creating new accounts, which causes subsequent password
changes to fail until the principal is added manually.

What is the strategy with idm-console and dirsrv-admin? Are they
intended to be totally superseded by the ipa command line tools and the
web gui?

Tom





More information about the Freeipa-devel mailing list