1ipa-client-samba(1) IPA Manual Pages ipa-client-samba(1)
2
3
4
6 ipa-client-samba - Configure Samba file server on an IPA client
7
9 ipa-client-samba [OPTION]...
10
12 Configures a Samba file server on the client machine to use IPA domain
13 controller for authentication and identity services.
14
15 The tool configures Samba file server to be a domain member of IPA
16 domain. Samba file server will use SSSD to resolve information about
17 users and groups, and will use IPA master it is enrolled against as its
18 domain controller.
19
20 It is not possible to reconciliate original Samba environment if that
21 was pre-existing on the client with new configuration. Samba databases
22 will be updated to follow IPA domain details and smb.conf configuration
23 will will be overwritten. It is recommended to enable Samba suite on a
24 freshly deployed IPA client.
25
26
27 During the configuration process, the tool will perform following
28 steps:
29
30 1. Discover details of IPA domain: realm, domain SID, domain ID
31 range
32
33 2. Discover details of trusted Active Directory domains: domain
34 name, domain SID, domain ID range
35
36 3. Create Samba configuration file using the details discovered
37 above.
38
39 4. Create Samba Kerberos service using host credentials and
40 fetch its keytab into /etc/samba/samba.keytab. The Kerberos ser‐
41 vice key is pre-set to a randomly generated value that is shared
42 with Samba.
43
44 5. Populate Samba databases by setting the domain details and
45 the randomly generated machine account password from the previ‐
46 ous step.
47
48 6. Create a default [homes] share to allow users to log in to
49 their home directories unless --no-homes option was specified.
50
51
52 The tool does not start nor does it enable Samba file services after
53 the configuration. In order to enable and start Samba file services,
54 one needs to enable both smb.service and winbind.service system ser‐
55 vices. Please check that /etc/samba/smb.conf contains all settings for
56 your use case as starting Samba service will make identity mapping
57 details written into the Samba databases. To enable and start Samba
58 file services at the same time one can use systemctl enable --now com‐
59 mand:
60
61 systemctl enable --now smb winbind
62
63
64 Assumptions
65 The ipa-client-samba script assumes that the machine has already been
66 enrolled into IPA.
67
68
69 IPA Master Requirements
70 At least one IPA master must hold a Trust Controller role. This can be
71 achieved by running ipa-adtrust-install on the IPA master. The utility
72 will configure IPA master to be a domain controller for IPA domain.
73
74 IPA master holding a Trust Controller role has also to have support for
75 a special service command to create SMB service, ipa service-add-smb.
76 This command is available with IPA 4.8.0 or later release.
77
78
80 BASIC OPTIONS
81 --server=SERVER
82 Set the FQDN of the IPA server to connect to. Under normal cir‐
83 cumstances, this option is not needed as the server to use is
84 discovered automatically.
85
86 --no-homes
87 Do not configure a [homes] share by default to allow users to
88 access their home directories.
89
90 --no-nfs
91 Do not enable SELinux booleans to allow Samba to re-share NFS
92 shares.
93
94 --netbios-name=NETBIOS_NAME
95 NetBIOS name of this machine. If not provided then this is
96 determined based on the leading component of the hostname.
97
98 -d, --debug
99 Print debugging information to stdout
100
101 -U, --unattended
102 Unattended installation. The user will not be prompted.
103
104 --uninstall
105 Revert Samba suite configuration changes and remove SMB service
106 principal. It is not possible to preserve original Samba config‐
107 uration: while smb.conf configuration file will be restored,
108 various Samba databases would not be restored. In general, it is
109 not possible to restore full original Samba environment.
110
111 --force
112 Force through the installation steps even if they were done
113 before
114
115
117 Files that will be replaced if Samba is configured:
118
119 /etc/samba/smb.conf
120 /etc/samba/samba.keytab
121
122
124 0 if the installation was successful
125
126 1 if an error occurred
127
128
130 smb.conf(5), krb5.conf(5), sssd.conf(5), systemctl(1)
131
132
133
134IPA Jun 10 2019 ipa-client-samba(1)