Hey,
Is there any chance that the combination FreeIPA + Samba + Ubuntu is going to work in the near future? So far I haven't been able to.
The main purpose is to give Windows users access to disk space on our (Ubuntu) servers. And with their IPA credentials.
I know that Alexander knows a whole lot about Samba and FreeIPA. But not so much about the combination with Ubuntu, I think (except that Heimdal versus MIT Kerberos plays a role). Timo may know more about the Ubuntu part, but I don't think he has the whole setup with FreeIPA+Samba.
In 2016 (yes, that long ago) Alexander wrote [1]
"Let me comment as FreeIPA and Samba upstream developer.
Ubuntu's Samba build is done with Heimdal and you cannot build ipasam.so against Heimdal, only MIT Kerberos. So you cannot use Ubuntu-provided Samba build this way even if you'd recompile FreeIPA with patches we have upstream to deal with libpdb -> libsamba-pdb library name change.
So until Samba in Debian and Ubuntu is built against Heimdal Kerberos (this is due to Debian/Ubuntu packaging Samba AD, not just Samba) it is unlikely to have FreeIPA trust to AD working in Ubuntu. We are fairly close with completing port of Samba AD to MIT Kerberos upstream, this should happen in Samba 4.5-4.6 timeframe. Once that is done, we can expect FreeIPA with trust to AD working on Debian-based platforms as well."
It's 2019 now. I've tried Ubuntu 18.04 (with Samba 4.7.6), but I still can't get it to work. Possibly because MIT KDC is not enabled in Ubuntu's samba [2]. The following test shows empty.
# smbd -b | grep HAVE_LIBKADM5SRV_MIT
Argh, what are my options?
[1] https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1552249/comments/2 [2] https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC