On Пан, 22 кра 2024, Thomas Handler via FreeIPA-users wrote:
Hello,
beginning of March I have received support running Samba on an IdM
domain member from Alexander. Back then my problem was what Alexander
pinpoints in his
text https://vda.li/en/posts/2019/03/24/Kerberos-host-to-realm-translation/ under
"Mixed realm deployments” where the Linux machine running Samba was in
the wrong DNS zone.
After having fixed this things are running fine.
Now it came as it already was obvious back then and what is well noted
already in the RedHat
Docs https://access.redhat.com/documentation/en-en/red_hat_enterprise_lin...
is stated “AD users logged into a Windows machine can not access Samba
shares hosted on an IdM domain member”.
So the customer has now stumbled exactly over this and I just wanted to
confirm that my understanding of this section in the docs is correct
and that there’s no way to ensure that an AD user on a Windows machine
can access the shares on the Samba machine joined to IdM.
Short answer: yes, the documentation is up to date.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland