[Freeipa-users] Problem with FreeIPA and Samba 3...

[Simo Sorce]

On Thu, 17 Jun 2010 11:38:45 +0200
Stjepan Gros <sgros at zemris.fer.hr> wrote:

> First, thank you for your help. It saves me a lot of time. And I hope
> that I'll document the whole procedure for the others. One important
> general question. Are there any changes in FreeIPA 2 that will
> invalidate all this procedure?

It will not invalidate it, but in v2 we use the plugin provided from DS
directly aqnd do not build our own version anymore so the DN of the
config changes to the one you were using before.

> Back to the main problem, I removed the entries for DNA that were in a
> wrong place and after adding DNA configuration for sambaSID in
> cn=ipa-dna,cn=plugins,cn=config I can now add users. All the samba
> related attributes are added to a new user after I set initial
> password.
> 
> But I can not login using smbclient because samba thinks that the
> password is expired. Either I have to set X in samba flags (password
> never expires) or I have to properly initialize password related
> fields for samba. Setting password fields would be preferable, is it
> possible and how?
> 
> Easier way (and necessary in case of groups) is to set fixed value
> when creating new users and groups. The question is, is it possible to
> configure DNA plugin to set fixed value, or there is specialized (or
> more appropriate) plugin for that?

Unfortunately in v1.x we didn't have enough infrastructure to make it
easier to set additional attributes beyond the default one we set on
user/group creation. v2.x should make this possible.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York