Hello everyone,
I am attempting to setup a samba file server that uses IPA as a proxy
to authentication AD users. I am using the document below as a
template but its not working as currently documented. I am wondering
if something has changed on the code since that time but the doc
hasn't had any update.
https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA
For the samba client, this is the version of binaries that I am using:
[root@samba4 ~]# rpm -qa | grep samba
samba-common-tools-4.7.1-6.el7.x86_64
samba-common-libs-4.7.1-6.el7.x86_64
samba-common-4.7.1-6.el7.noarch
samba-4.7.1-6.el7.x86_64
samba-client-libs-4.7.1-6.el7.x86_64
samba-client-4.7.1-6.el7.x86_64
samba-libs-4.7.1-6.el7.x86_64
For IPA server, this is the version I am running:
ipa-server-4.5.4-10.el7_5.1.x86_64
There is a trust relationship between the IPA and the Active
directory. The AD is on
corp.example.com domain and the IPA is on
eng.example.com. When I point any of the IPA clients to
\\samba4.eng.example.com, all works as expected. However, when I
point any of the AD clients (Windows 10) to \\samba4.eng.example.com,
I am not having any joy. After parsing the logs, the section below
looks like the most relevant part of the logs. What would cause this
issue? Any pointer on how to overcome it would be highly appreciated.
Yes, it is
not supported right now.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland