[Freeipa-users] Using FreeIPA as password backend for Samba
Loris Santamaria
loris at lgs.com.ve
Fri Oct 2 13:56:09 UTC 2009
El jue, 01-10-2009 a las 14:06 +0200, Tomasz Z. Napierala escribió:
> Dnia 2009-09-23, śro o godzinie 20:46 +0200, Loris Santamaria pisze:
>
> > Second you may configure the ipa-dna (or dna) plugin to generate
> > sambasids for users and groups. Something like (using 389's dna plugin):
>
> [cut]
>
> > NOTE 1, you have to change the dnaprefix attribute to match the sambaSID
> > of your domain, which you can get with the command "net rpc getlocalsid"
>
> Does it mean, that I can only have one Samba server in Kerberos realm?
> This is quite important, because we have about 10 development servers,
> and each of them is running it's own Samba server. I'd like to sync
> passwords on all servers, would it be possible?
Every samba server in a _domain_ shares the same prefix for the sid. If
you execute "net rpc getlocalsid" on the domain controller you should
get the sid for the entire domain.
If you don't have your servers arranged in a domain, you really should
to. It wouldn't make sense to use freeipa as a backend otherwise.
Regards
--
Loris Santamaria linux user #70506 xmpp:loris at lgs.com.ve
Links Global Services, C.A. http://www.lgs.com.ve
Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:103 at lgs.com.ve
------------------------------------------------------------
-O9 -omg-optimize -fomit-instructions
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3149 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20091002/80ec461e/attachment.bin>
More information about the Freeipa-users
mailing list