Leo's Notes - Recent changes [en]

Leo's Notes - Recent changes [en] https://leo.leung.xyz/wiki/Special:RecentChanges Track the most recent changes to the wiki in this feed. en MediaWiki 1.43.6 Wed, 22 Apr 2026 23:00:10 GMT FreeIPA https://leo.leung.xyz/wiki/index.php?title=FreeIPA&diff=7728&oldid=7687 https://leo.leung.xyz/wiki/index.php?title=FreeIPA&diff=7728&oldid=7687 <p><span class="autocomment">Configure the Samba server</span></p> <table style="background-color: #fff; color: #202122;" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="en"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 06:00, 7 April 2026</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l216">Line 216:</td> <td colspan="2" class="diff-lineno">Line 216:</td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>kerberos method = dedicated keytab</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>kerberos method = dedicated keytab</div></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| lang = text</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| lang = text</div></td></tr> <tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>}}If you get: <code>NT_STATUS_BAD_TOKEN_TYPE</code>, you need to disable MS-<del style="font-weight: bold; text-decoration: none;">POC </del>in the FreeIPA settings or disable it specifically for this cifs service account.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>}}If you get: <code>NT_STATUS_BAD_TOKEN_TYPE</code>, you need to disable MS-<ins style="font-weight: bold; text-decoration: none;">PAC </ins>in the FreeIPA settings or disable it specifically for this cifs service account.</div></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The ipasam passdb provider is available from the <code>ipa-server-trust-ad</code> package. However, this package also pulls in a ton of other IPA dependencies which aren't needed if you just want to run Samba that talks to IPA and not the entire FreeIPA server. If you just want the provider to work on a bare minimal samba server, you can simply just copy (or extract from the <code>ipa-server-trust-ad</code> package) the <code>ipasam.so</code> file to <code>/usr/lib64/samba/pdb/ipasam.so</code> with this set of commands:</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The ipasam passdb provider is available from the <code>ipa-server-trust-ad</code> package. However, this package also pulls in a ton of other IPA dependencies which aren't needed if you just want to run Samba that talks to IPA and not the entire FreeIPA server. If you just want the provider to work on a bare minimal samba server, you can simply just copy (or extract from the <code>ipa-server-trust-ad</code> package) the <code>ipasam.so</code> file to <code>/usr/lib64/samba/pdb/ipasam.so</code> with this set of commands:</div></td></tr> </table> Tue, 07 Apr 2026 06:00:20 GMT Leo https://leo.leung.xyz/wiki/Talk:FreeIPA