mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 16:31:08 -06:00
814592cf22
Introduces new utility to configure Samba on an IPA domain member. The tool sets up Samba configuration and internal databases, creates cifs/... Kerberos service and makes sure that a keytab for this service contains the key with the same randomly generated password that is set in the internal Samba databases. Samba configuration is created by querying an IPA master about details of trust to Active Directory configuration. All known identity ranges added to the configuration to allow Samba to properly handle them (read-only) via idmap_sss. Resulting configuration allows connection with both NTLMSSP and Kerberos authentication for IPA users. Access controls for the shared content should be set by utilizing POSIX ACLs on the file system under a specific share. The utility is packaged as freeipa-client-samba package to allow pulling in all required dependencies for Samba and cifs.ko (smb3.ko) kernel module. This allows an IPA client to become both an SMB server and an SMB client. Fixes: https://pagure.io/freeipa/issue/3999 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
22 lines
483 B
Python
Executable File
22 lines
483 B
Python
Executable File
#!/usr/bin/python3
|
|
#
|
|
# Copyright (C) 2019 FreeIPA Contributors see COPYING for license
|
|
#
|
|
# Configure the Samba suite to operate as domain member in IPA domain
|
|
|
|
import os
|
|
import sys
|
|
from ipaclient.install import ipa_client_samba
|
|
|
|
try:
|
|
if not os.geteuid() == 0:
|
|
sys.exit("\nMust be run as root\n")
|
|
|
|
sys.exit(ipa_client_samba.run())
|
|
except SystemExit as e:
|
|
sys.exit(e)
|
|
except RuntimeError as e:
|
|
sys.exit(e)
|
|
except (KeyboardInterrupt, EOFError):
|
|
sys.exit(1)
|