I am trying to run samba with sssd service and AD authentication.
I have joined the linux server to the AD domain using realmd and using sssd to authenticate to the AD. I am able to get user list from AD using "getent passwd <username>". The samba servers starts but i am unable to get the authentication working.
I referred the samba dos for centos7 and also installed sssd-libwbclient. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
Any pointers would be appreciated. thanks :)
OS: Centos: 7.2.1511 (Core) Samba version: 4.2.10 sssd version: 1.13.0
Below are the files sssd.conf ------------------ [sssd] services = nss, pam, pac config_file_version = 2 domains = xx.xxx.com
[nss] allowed_shells = /bin/bash, /bin/hgcsh shell_fallback = /bin/bash default_shell = /bin/bash
[domain/corp.endurance.com] ad_domain = xx.xxx.com krb5_realm = XX.XXX.COM id_provider = ad auth_provider = ad chpass_provider = ad access_provider = ad krb5_store_password_if_offline = True override_homedir = /home/%u
smb.conf ------------------
[global] security = ads workgroup = XXX realm = XXX.XXX.COM kerberos method = system keytab
log file = /var/log/samba/log.%m log level = 10 max log size = 50 load printers = no cups options = raw printcap name = /dev/null
[myshare] comment = My shared folder path = /var/myshare public = no writable = yes guest ok = no valid users = @"tt at xx.xx.com"
"realmd list" output -------------------- xx.xxx.com type: kerberos realm-name: XXX.XXX.COM domain-name: xx.xx.com configured: kerberos-member server-software: active-directory client-software: winbind required-package: oddjob-mkhomedir required-package: oddjob required-package: samba-winbind-clients required-package: samba-winbind required-package: samba-common login-formats: XXX%U login-policy: allow-any-login xx.xxx.com type: kerberos realm-name: XXX.XXX.COM domain-name: xx.xx.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common login-formats: %U login-policy: allow-realm-logins
On (16/06/16 05:06), shridhar.sanjeeva@gmail.com wrote:
I am trying to run samba with sssd service and AD authentication.
I have joined the linux server to the AD domain using realmd and using sssd to authenticate to the AD. I am able to get user list from AD using "getent passwd <username>". The samba servers starts but i am unable to get the authentication working.
I referred the samba dos for centos7 and also installed sssd-libwbclient. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
Any pointers would be appreciated. thanks :)
OS: Centos: 7.2.1511 (Core) Samba version: 4.2.10 sssd version: 1.13.0
It's hard to say where is the problem. I would recommend to follow our troubleshooting wiki page. https://fedorahosted.org/sssd/wiki/Troubleshooting
LS
Hey,
Thanks for the reply. I saw that the authentication was failing when NTLM was used.
i.e when accessing the fileserver using hostname, Kerberos authentication is taking place. But when accessing fileserver using ip address, kerberos is unable to setup authentication and falls back to NTLM.
So wanted to know if SSSD supports NTLM authentication?
On Thu, Jun 16, 2016 at 6:23 PM, Lukas Slebodnik lslebodn@redhat.com wrote:
On (16/06/16 05:06), shridhar.sanjeeva@gmail.com wrote:
I am trying to run samba with sssd service and AD authentication.
I have joined the linux server to the AD domain using realmd and using
sssd
to authenticate to the AD. I am able to get user list from AD using
"getent
passwd <username>". The samba servers starts but i am unable to get the authentication
working.
I referred the samba dos for centos7 and also installed sssd-libwbclient.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
Any pointers would be appreciated. thanks :)
OS: Centos: 7.2.1511 (Core) Samba version: 4.2.10 sssd version: 1.13.0
It's hard to say where is the problem. I would recommend to follow our troubleshooting wiki page. https://fedorahosted.org/sssd/wiki/Troubleshooting
LS _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
On Thu, Jun 16, 2016 at 09:16:43PM +0530, shridhar shetty wrote:
Hey,
Thanks for the reply. I saw that the authentication was failing when NTLM was used.
i.e when accessing the fileserver using hostname, Kerberos authentication is taking place. But when accessing fileserver using ip address, kerberos is unable to setup authentication and falls back to NTLM.
So wanted to know if SSSD supports NTLM authentication?
It does not, sorry.
No problem. Just wanted to make sure. we can make use of kerberos authentication.
Thanks :)
On Thu, Jun 16, 2016 at 9:28 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Thu, Jun 16, 2016 at 09:16:43PM +0530, shridhar shetty wrote:
Hey,
Thanks for the reply. I saw that the authentication was failing when NTLM was used.
i.e when accessing the fileserver using hostname, Kerberos authentication is taking place. But when accessing fileserver using ip address, kerberos is unable to
setup
authentication and falls back to NTLM.
So wanted to know if SSSD supports NTLM authentication?
It does not, sorry. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
sssd-users@lists.fedorahosted.org