On 10/25/19 7:04 PM, Thomas Schweikle wrote:
Hi!
I've set up samba4 as ad-dc -- worked right away. Exported the keytab. "klist -ke" looks good: Keytab name: FILE:/etc/krb5.keytab KVNO Principal
1 Administrator@ADA.DE mailto:Administrator@ADA.DE (aes256-cts-hmac-sha1-96) 1 Administrator@ADA.DE mailto:Administrator@ADA.DE (aes128-cts-hmac-sha1-96) 1 Administrator@ADA.DE mailto:Administrator@ADA.DE (arcfour-hmac) 1 Administrator@ADA.DE mailto:Administrator@ADA.DE (etype 3) 1 Administrator@ADA.DE mailto:Administrator@ADA.DE (etype 1) 1 krbtgt@ADA.DE mailto:krbtgt@ADA.DE (aes256-cts-hmac-sha1-96) 1 krbtgt@ADA.DE mailto:krbtgt@ADA.DE (aes128-cts-hmac-sha1-96) 1 krbtgt@ADA.DE mailto:krbtgt@ADA.DE (arcfour-hmac) 1 krbtgt@ADA.DE mailto:krbtgt@ADA.DE (etype 3) 1 krbtgt@ADA.DE mailto:krbtgt@ADA.DE (etype 1) 1 AD01$@ADA.DE http://ADA.DE (aes256-cts-hmac-sha1-96) 1 AD01$@ADA.DE http://ADA.DE (aes128-cts-hmac-sha1-96) 1 AD01$@ADA.DE http://ADA.DE (arcfour-hmac) 1 AD01$@ADA.DE http://ADA.DE (etype 3) 1 AD01$@ADA.DE http://ADA.DE (etype 1)
checked kinit with the servers name: # kinit -k AD01$@ADA.DE http://ADA.DE # klist Ticketzwischenspeicher: FILE:/tmp/krb5cc_0 Standard-Principal: AD01$@ADA.DE http://ADA.DE
Valid starting Expires Service principal 25.10.2019 19:00:20 26.10.2019 05:00:20 krbtgt/ADA.DE@ADA.DE mailto:ADA.DE@ADA.DE erneuern bis 01.11.2019 18:00:20
looks good too. Then configured sssd: [sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services = nss, pam, pac domains = ADA.DE http://ADA.DE #debug_level = 0x0270
[domain/ADA.DE http://ADA.DE] enumerate = true cache_credentials = true
id_provider = ad auth_provider = ad sudo_provider = none chpass_provider = ad access_provider = ad
ad_server = ad01.ada.de http://ad01.ada.de, ad02.ada.de http://ad02.ada.de ad_maximum_machine_account_password_age = 30 ldap_id_mapping = false use_fully_qualified_names = false fallback_homedir = /home/%d/%u fallback_shell = /bin/bash skel_dir = /etc/skel
ldap_schema = ad
dyndns_update = false dyndns_refresh_interval = 43200 dyndns_update_ptr = false dyndns_ttl = 3600
debug_level = 0x0270
[nss] filter_groups = root filter_users = root reconnection_retries = 3 #debug_level = 0x0270
[pam] reconnection_retries = 3 #debug_level = 0x0270
[pac] reconnection_retries = 3 #debug_level = 0x0270
Then tried: # getent passwd Administrator@ADA.DE mailto:Administrator@ADA.DE #
and got nothing. Any idea anyone?
-- Thomas
Hi Thomas, please set debug_level = 0x3ff0 in all sections and send us logs in /var/log/sssd.