[Freeipa-devel] freeipa and samba
Rob Crittenden
rcritten at redhat.com
Mon Feb 11 19:14:56 UTC 2008
Simo Sorce wrote:
> On Sun, 2008-02-10 at 20:46 +0100, Thomas Sailer wrote:
>> On Wed, 2008-02-06 at 15:25 -0500, Simo Sorce wrote:
>>
>>> Yes, in IPA v1.0 the concept of machine accounts still do not exist.
>>> For samba anyway, machine accounts are just user accounts and must be
>>> available via nss calls, so at all effects what you need for now is just
>>> regular user accounts named after the machine name.
>> Well, machines normally live under ou=Computers, not ou=People. I think
>> I'll stay with smbldap-tools, until IPA has the machine account concept.
>
> In IPA we already have the cn=Computers container, and for users we have
> CN=Users. It's just that we do not have any tool to populate the
> cn=Computers container yet.
>
>>> No they are more advanced tools to tweak an installation, you shouldn't
>>> need to use them for day to day operations though.
>> True wrt. the configuration dialogs, but the user/group editing GUI does
>> not seem to be usable for IPA, as it isn't able to add sambaSam and krb
>> stuff.
>
> Yes, to manage users you should use the IPA WebUI or CLI tools.
>
>> I have some problems with accessing the IPA gui. It works with curl, but
>> I couldn't get neither firefox on F8, nor IE and firefox on XP to access
>> the gui. They seem to do SPNEGO, but the ticket does not seem to be
>> delegatable. What exact browser / krb5 library versions are you using on
>> the client?
>
> It should work fine with Firefox on any Fedora/RedHat box (and probably,
> but not tested just any other recent Linux distro).
>
> When you connect to the server, if Firefox is not correctly configured,
> you should be presented with a page that will configure Firefox for you
> if you allow it to mess with your browser configuration (security
> warning dialogs and all).
>
> To make it work you need anyway to kinit admin at REALM on the client
> before pointing Firefox at the Web UI or using the CLI tools.
>
> Can you provide the error you get with Firefox ?
>
> Simo.
>
And on Fedora 8 you need krb5-* >= 1.6.2-11
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080211/131bdeb2/attachment.bin>
More information about the Freeipa-devel
mailing list