Sina Owolabi
2017-Sep-13 11:18 UTC
[Samba] Questions Integrating a Samba DC with an existing FreeIPA/RH IDM domain
Hi! Im not sure this is the right place to post this but I am seeking some advice on how to correctly approach setting up a Samba domain to integrate with our FreeIPA domain so that users maintain the same authentication information and gain the added advantage of having access to shares in Samba. We have a remote DC where RHEL7.3 and Centos 7.3 FreeIPA/ IDM servers manage the DNS, user accounts, sudo, user directories and roles. (FreeIPA/RHEL IDM because two masters are RHEL 7.3 and the others, CentOS 7.3 servers, with an NFS server service home directories. OpenVPN is integrated with IPA through PAM so users' operate with some kind of single sign-on where the same account details used to login to the FreeIPA/IDM domain what OpenVPN expects to see. If the user's password expires in FreeIPA/IDM, then the openvpn client does not work. We now need to have a home office where users are expected to have AD manage their desktops ( a mix of windows and Ubuntu/Fedora/Centos/RHEL desktops). So at the minimum, users should be able to login using their FreeIPA account details, and have their FreeIPA remote homedirs mapped locally. How best can I setup a Samba domain such that this can happen? Please is this possible? Thanks for any advice!
Possibly Parallel Threads
- Migrating to IdM
- [Bug 3632] New: ssh should suppress output in stout and stdout when calling third party binaries
- [PATCH server] last patch to implement remote freeipa
- @redhat - someone could take a look or ask about - freeipa-users@redhat.com
- FreeIPA and Samba 4 possible setup for this moment