We have multiple linux servers configured with SSSD/realmd for authentication to Active Directory. The systems are configured without winbind so using Kerberos to authenticate to the domain. Once SMBv1 was disabled on the domain controller none of the machines could authenticate users. Any idea on why this would happen when we should be configured for kerberos authentication?
**** /etc/sssd/sssd.conf **** [nss] filter_groups = root filter_users = root reconnection_retries = 3 shell_fallback = /bin/bash fallback_homedir = /home/%u
[pam] reconnection_retries = 3
[sssd] domains = internal.example.domain config_file_version = 2 services = nss, pam, ifp
[domain/internal.example.domain] id_provider = ad auth_provider = ad access_provider = ad chpass_provider = ad dyndns_update = False ad_domain = internal.example.domain krb5_realm = INTERNAL.EXAMPLE.DOMAIN realmd_tags = manages-system joined-with-adcli cache_credentials = False krb5_store_password_if_offline = False ldap_id_mapping = True use_fully_qualified_names = False ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell entry_cache_timeout = 0 ad_enable_gc = False
**** /etc/krb5.conf **** [libdefaults] default_realm = INTERNAL.EXAMPLE.DOMAIN
**** realm list **** % sudo realm list internal.example.domain type: kerberos realm-name: INTERNAL.EXAMPLE.DOMAIN domain-name: internal.example.domain configured: kerberos-member server-software: active-directory client-software: sssd required-package: sssd-tools required-package: sssd required-package: libnss-sss required-package: libpam-sss required-package: adcli required-package: samba-common-bin login-formats: %U login-policy: allow-realm-logins
-- Brenden