On 12/10/21 08:45, Rowland Penny via samba wrote:> On Fri, 2021-12-10 at 14:31 +0000, Jeroen Baten via samba wrote:
>> Op 10-12-2021 om 15:25 schreef Rowland Penny via samba:
>>> On Fri, 2021-12-10 at 14:13 +0000, Jeroen Baten via samba wrote:
>>>> Hi,
>>>>
>>>> I am trying to connect an Ubuntu 20.04 samba server to FreeIPA
>>>> (running
>>>> on CentOS).
>>>>
>>>> On Ubuntu I get " No builtin nor plugin backend for ipasam
>>>> found",
>>>> the
>>>> smb.conf has "passdb backend =
ipasam:ldap://ipa.company.com".
>>>>
>>>> What am I missing?
>>> The fact that you cannot build ipasam.so on Ubuntu.
>>>
>>>> What book to buy? What RTFM did I miss?
>>> This bug report:
>>>
>>> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1552249
>> Yes, I found that but it started in 2016 so I hoped it would be
>> fixed/solved.
>>>> I really searched a lot but to no avail. Help!
>>> How about running a Samba AD DC instead of freeipa ?
>>
>> I know Samba is an amazing project, but is that setup usable for
>> central
>> user management for other applications? With an LDAP backend for
>> those
>> apps not living in a Windows world?
>
> Yes
>
>>
>>
>> Somebody suggested killing the Ubuntu fileserver and switch to CentOS
>> 8.
>> That seems to work.
>>
>> Does that mean that Samba works better on CentOS than on Ubuntu?
>
> No, Samba works on Ubuntu just the same as on Centos, but you are
> trying to use Samba with freeipa and this really isn't the correct
> forum to ask for help, try the Centos forum.
>
> Your problem is that Samba as a DC uses Heimdal and freeipa uses MIT
>
Thanks for this explanation. Now I don't need to go read the bug report.
>> Somehow
>> I would not expect Ubuntu or Canonical to shoot themselves in the
>> foot
>> by not supporting authenticating Samba to a pretty well known
>> standard
>> product like FreeIPA. But maybe I am missing the point here.
>
> To be honest (and this is just my opinion) Samba as a DC is the default
> for Debian based distros and Freeipa is the default for the red-hat
> based distros and (again my opinion) Freeipa isn't as good as a Samba
> AD domain.
>
I personally would appreciate you elaborating on this opinion. We're
all here to learn.
> Rowland
>
>
>