1ipa-client-samba(1)          FreeIPA Manual Pages          ipa-client-samba(1)
2
3
4

NAME

6       ipa-client-samba - Configure Samba file server on an IPA client
7

SYNOPSIS

9       ipa-client-samba [OPTION]...
10

DESCRIPTION

12       Configures  a Samba file server on the client machine to use IPA domain
13       controller for authentication and identity services.
14
15       The tool configures Samba file server to be  a  domain  member  of  IPA
16       domain.  Samba  file  server will use SSSD to resolve information about
17       users and groups, and will use IPA master it is enrolled against as its
18       domain controller.
19
20       It  is  not possible to reconciliate original Samba environment if that
21       was pre-existing on the client with new configuration. Samba  databases
22       will be updated to follow IPA domain details and smb.conf configuration
23       will will be overwritten. It is recommended to enable Samba suite on  a
24       freshly deployed IPA client.
25
26
27       During  the  configuration  process,  the  tool  will perform following
28       steps:
29
30              1. Discover details of IPA domain: realm, domain SID, domain  ID
31              range
32
33              2. Discover details of trusted Actvide Directory domains: domain
34              name, domain SID, domain ID range
35
36              3. Create Samba configuration file using the details  discovered
37              above.
38
39              4.  Create  Samba  Kerberos  service  using host credentials and
40              fetch its keytab into /etc/samba/samba.keytab. The Kerberos ser‐
41              vice key is pre-set to a randomly generated value that is shared
42              with Samba.
43
44              5. Populate Samba databases by setting the  domain  details  and
45              the  randomly generated machine account password from the previ‐
46              ous step.
47
48              6. Create a default [homes] share to allow users to  log  in  to
49              their home directories unless --no-homes option was specified.
50
51
52       The  tool  does  not start nor does it enable Samba file services after
53       the configuration. In order to enable and start  Samba  file  services,
54       one  needs  to  enable both smb.service and winbind.service system ser‐
55       vices. Please check that /etc/samba/smb.conf contains all settings  for
56       your  use  case  as  starting  Samba service will make identity mapping
57       details written into the Samba databases. To  enable  and  start  Samba
58       file  services at the same time one can use systemctl enable --now com‐
59       mand:
60
61              systemctl enable --now smb winbind
62
63
64   Assumptions
65       The ipa-client-samba script assumes that the machine has  alreaby  been
66       enrolled into IPA.
67
68
69   IPA Master Requirements
70       At  least one IPA master must hold a Trust Controller role. This can be
71       achieved by running ipa-adtrust-install on the IPA master. The  utility
72       will configure IPA master to be a domain controller for IPA domain.
73
74       IPA master holding a Trust Controller role has also to have support for
75       a special service command to create SMB service,  ipa  service-add-smb.
76       This command is available with FreeIPA 4.8.0 or later release.
77
78

OPTIONS

80   BASIC OPTIONS
81       --server=SERVER
82              Set  the FQDN of the IPA server to connect to. Under normal cir‐
83              cumstances, this option is not needed as the server  to  use  is
84              discovered automatically.
85
86       --no-homes
87              Do  not  configure  a [homes] share by default to allow users to
88              access their home directories.
89
90       --no-nfs
91              Do not enable SELinux booleans to allow Samba  to  re-share  NFS
92              shares.
93
94       --netbios-name=NETBIOS_NAME
95              NetBIOS  name  of  this  machine.  If  not provided then this is
96              determined based on the leading component of the hostname.
97
98       -d, --debug
99              Print debugging information to stdout
100
101       -U, --unattended
102              Unattended installation. The user will not be prompted.
103
104       --uninstall
105              Revert Samba suite configuration changes and remove SMB  service
106              principal. It is not possible to preserve original Samba config‐
107              uration: while smb.conf configuration  file  will  be  restored,
108              various Samba databases would not be restored. In general, it is
109              not possible to restore full original Samba environment.
110
111       --force
112              Force through the installation steps  even  if  they  were  done
113              before
114
115

FILES

117       Files that will be replaced if Samba is configured:
118
119              /etc/samba/smb.conf
120              /etc/samba/samba.keytab
121
122

EXIT STATUS

124       0 if the installation was successful
125
126       1 if an error occurred
127
128

SEE ALSO

130       smb.conf(5), krb5.conf(5), sssd.conf(5), systemctl(1)
131
132
133
134FreeIPA                           Jun 10 2019              ipa-client-samba(1)
Impressum