FreeIPA v3 + FreeNAS w/CIFS?
I administer an environment in which I use [[FreeIPA]] v3 (aka Red Hat Identity Management) as my SSO solution. While most of my hosts are Linux, a few are Windows and Mac. I'm hoping to configure [[FreeNAS]] to authenticate CIFS to the LDAP + Kerberos exposed by [[FreeIPA]], preferably without modifying the LDAP structure.
Here is some documentation from their side:
Please consider this a feature and/or documentation request on how to authenticate [[FreeNAS]] (with CIFS) to [[FreeIPA]] v3.
#6 Updated by John Hixson over 3 years ago
- Target version changed from 9.3-BETA to 49
So, now that we have SSSD in FreeNAS, I attempted to get this working. It can indeed work when specifying the provider to be ldap, however, to work using the ipa provider... requires much more work ;-) I grabbed the freeipa source code to see how far I could get to port the client software to FreeBSD, and discovered that there is some work that needs to be done ;-). I actually got fairly far, until I hit the kerberos stuff. Linux uses MIT kerberos and we use Hiemdal, and that's.. where I called it a day. This is still on my to-do list and I would like to eventually get this working, but for now, I must put it off and into the future ;-)
#11 Updated by Scott Kamp almost 2 years ago
#12 Updated by Anonymous almost 2 years ago
- File FreeIPA.pdf added
I could configure FreeIPA client on FreeBSD 9.3, added it as a host on the freeIPA server(CentOS6). Currently working on adding FreeNAS as host on the FreeIPA server, but I'm getting error mentioned below:
Poudriere jail creation fails with following error: "Unable to execute id(1) in jail. Emulation or ABI wrong"
Also documented procedure followed. Please find the document attached, contains details about FreeIPA setup, configuration and issues faced.
Please suggest how to proceed further.
#13 Updated by Israel Brewster over 1 year ago
We just finished setting up a FreeIPA server on CentOS 7 for our organization, and are very interested in seeing this happen so there is some way to use that FreeIPA server to authenticate to our CIFS shares on our FreeNAS boxes. Is there any update on getting this working with FreeNAS? I scanned over the FreeIPA.pdf, but I'm not sure how much that applies to FreeNAS installations specifically vs FreeBSD installations in general.