On Fri, 2021-12-10 at 14:31 +0000, Jeroen Baten via samba
wrote:> Op 10-12-2021 om 15:25 schreef Rowland Penny via samba:
> > On Fri, 2021-12-10 at 14:13 +0000, Jeroen Baten via samba wrote:
> > > Hi,
> > >
> > > I am trying to connect an Ubuntu 20.04 samba server to FreeIPA
> > > (running
> > > on CentOS).
> > >
> > > On Ubuntu I get " No builtin nor plugin backend for ipasam
> > > found",
> > > the
> > > smb.conf has "passdb backend =
ipasam:ldap://ipa.company.com".
> > >
> > > What am I missing?
> > The fact that you cannot build ipasam.so on Ubuntu.
> >
> > > What book to buy? What RTFM did I miss?
> > This bug report:
> >
> > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1552249
> Yes, I found that but it started in 2016 so I hoped it would be
> fixed/solved.
> > > I really searched a lot but to no avail. Help!
> > How about running a Samba AD DC instead of freeipa ?
>
> I know Samba is an amazing project, but is that setup usable for
> central
> user management for other applications? With an LDAP backend for
> those
> apps not living in a Windows world?
Yes
>
>
> Somebody suggested killing the Ubuntu fileserver and switch to CentOS
> 8.
> That seems to work.
>
> Does that mean that Samba works better on CentOS than on Ubuntu?
No, Samba works on Ubuntu just the same as on Centos, but you are
trying to use Samba with freeipa and this really isn't the correct
forum to ask for help, try the Centos forum.
Your problem is that Samba as a DC uses Heimdal and freeipa uses MIT
> Somehow
> I would not expect Ubuntu or Canonical to shoot themselves in the
> foot
> by not supporting authenticating Samba to a pretty well known
> standard
> product like FreeIPA. But maybe I am missing the point here.
To be honest (and this is just my opinion) Samba as a DC is the default
for Debian based distros and Freeipa is the default for the red-hat
based distros and (again my opinion) Freeipa isn't as good as a Samba
AD domain.
Rowland