[Samba] Linux client of the domain - SSSD : authenticating via Kerberos

Cyril cyril.lalinne at 3d-com.fr
Fri Dec 20 09:08:32 MST 2013 

Le 20/12/2013 16:59, Rowland Penny a écrit :
> On 20/12/13 14:00, steve wrote:
>> On Fri, 2013-12-20 at 14:40 +0100, Cyril wrote:
>>> Le 20/12/2013 14:19, steve a écrit :
>>>> On Fri, 2013-12-20 at 10:37 +0100, Cyril wrote:
>>>>
>>>>> kinit myserver$@SUBDOMAIN.DOMAIN.FR
>>>>> It also ask me a password but the admin's one doesn't work.
>>>>>
>>>> Eh? You don't need a password. You already have the key!
>>>> kinit -k -t /etc/krb5.sssd.keytab myserver$
>>>>
>>>> Could you post the output of that command?
>>>>
>>> That give me nothing. No error, no warning.
>>> It didn't ask me anypassword
>>>
>> OK. So it worked.
>>>>> Am-I suppose to create this principal myserver$@SUBDOMAIN.DOMAIN.FR
>>>>> first before generating the keytab on the DC ?
>>>>>
>>>> You already have the principal. It was created when you joined the
>>>> machine to the domain.
>>> Ho, you mean joining the myserver machine !
>>>
>> No, I'm sorry. The post crossed. I now know that the machine is not
>> joined to the domain using samba. You do somehow however, have a key for
>> the machine.
>>
>> And, from your other posts, your domain users can now authenticate on
>> the Linux client.
>>
>> Cheers,
>> Steve
>>
>>
> OK, seeing as how it is Christmas, here is how to get libpam-pwquality
> on Ubuntu precise, using the packages from Saucy ;-)
>
> x86:
> wget
> http://fr.archive.ubuntu.com/ubuntu/pool/universe/libp/libpwquality/libpam-pwquality_1.2.3-1_i386.deb
>
> wget
> http://fr.archive.ubuntu.com/ubuntu/pool/main/libp/libpwquality/libpwquality1_1.2.3-1_i386.deb
>
> wget
> http://fr.archive.ubuntu.com/ubuntu/pool/main/libp/libpwquality/libpwquality-common_1.2.3-1_all.deb
>
>
> sudo dpkg -i libpwquality-common_1.2.3-1_all.deb
> sudo apt-get install libcrack2
> sudo dpkg -i libpwquality1_1.2.3-1_i386.deb
> sudo dpkg -i libpam-pwquality_1.2.3-1_i386.deb
>
> x86_64:
> wget
> http://fr.archive.ubuntu.com/ubuntu/pool/universe/libp/libpwquality/libpam-pwquality_1.2.3-1_amd64.deb
>
> wget
> http://fr.archive.ubuntu.com/ubuntu/pool/main/libp/libpwquality/libpwquality1_1.2.3-1_amd64.deb
>
> wget
> http://fr.archive.ubuntu.com/ubuntu/pool/main/libp/libpwquality/libpwquality-common_1.2.3-1_all.deb
>
>
> sudo dpkg -i libpwquality-common_1.2.3-1_all.deb
> sudo apt-get install libcrack2
> sudo dpkg -i libpwquality1_1.2.3-1_amd64.deb
> sudo dpkg -i libpam-pwquality_1.2.3-1_amd64.deb
>
> and there you go!
>
> Rowland

I already had a try and I have the same error when I use ubuntu 13.10 :

lightdm: pam_sss(lightdm:auth): authentication failure; logname= uid=0 
euid=0 tty=:1 ruser= rhost=  user=Myuser
lightdm: pam_sss(lightdm:auth): received for user Myuser: 9 
(Authentication service cannot retrieve authentication info)
in the auth.log file.

getent passwd works but not the authtication.

I suppose there's still something wrong with the sssd.conf file.

Cyril

More information about the samba mailing list