[Samba] Help needed with installation

Rowland Penny rpenny at samba.org
Fri Dec 10 16:28:17 UTC 2021 

On Fri, 2021-12-10 at 10:03 -0600, Patrick Goetz via samba wrote:
> 
> On 12/10/21 08:45, Rowland Penny via samba wrote:
> > On Fri, 2021-12-10 at 14:31 +0000, Jeroen Baten via samba wrote:
> > > Op 10-12-2021 om 15:25 schreef Rowland Penny via samba:
> > > > On Fri, 2021-12-10 at 14:13 +0000, Jeroen Baten via samba
> > > > wrote:
> > > > > Hi,
> > > > > 
> > > > > I am trying to connect an Ubuntu 20.04 samba server to
> > > > > FreeIPA
> > > > > (running
> > > > > on CentOS).
> > > > > 
> > > > > On Ubuntu I get " No builtin nor plugin backend for ipasam
> > > > > found",
> > > > > the
> > > > > smb.conf has "passdb backend =
> > > > > ipasam:ldap://ipa.company.com".
> > > > > 
> > > > > What am I missing?
> > > > The fact that you cannot build ipasam.so on Ubuntu.
> > > > 
> > > > > What book to buy? What RTFM did I miss?
> > > > This bug report:
> > > > 
> > > > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1552249
> > > Yes, I found that but it started in 2016 so I hoped it would be
> > > fixed/solved.
> > > > > I really searched a lot but to no avail. Help!
> > > > How about running a Samba AD DC instead of freeipa ?
> > > 
> > > I know Samba is an amazing project, but is that setup usable for
> > > central
> > > user management for other applications? With an LDAP backend for
> > > those
> > > apps not living in a Windows world?
> > 
> > Yes
> > 
> > > 
> > > Somebody suggested killing the Ubuntu fileserver and switch to
> > > CentOS
> > > 8.
> > > That seems to work.
> > > 
> > > Does that mean that Samba works better on CentOS than on Ubuntu?
> > 
> > No, Samba works on Ubuntu just the same as on Centos, but you are
> > trying to use Samba with freeipa and this really isn't the correct
> > forum to ask for help, try the Centos forum.
> > 
> > Your problem is that Samba as a DC uses Heimdal and freeipa uses
> > MIT
> > 
> 
> Thanks for this explanation. Now I don't need to go read the bug
> report.
> 
> 
> > > Somehow
> > > I would not expect Ubuntu or Canonical to shoot themselves in the
> > > foot
> > > by not supporting authenticating Samba to a pretty well known
> > > standard
> > > product like FreeIPA. But maybe I am missing the point here.
> > 
> > To be honest (and this is just my opinion) Samba as a DC is the
> > default
> > for Debian based distros and Freeipa is the default for the red-hat
> > based distros and (again my opinion) Freeipa isn't as good as a
> > Samba
> > AD domain.
> > 
> 
> I personally would appreciate you elaborating on this
> opinion.  We're 
> all here to learn.

There are numerous things that work on Samba, but do not work on
freeipa (or work differently), NTLM for one. There are others, but I
will leave it up to you to do your own internet searches and make your
own mind up whether to use Samba or freeipa.

Rowland

More information about the samba mailing list