[Samba] sssd + samba4 not working (yet)
Kenneth Westelinck
kenneth.westelinck at gmail.com
Wed Feb 19 01:35:30 MST 2014
Yes, I was going to try the backport tonight by trying to build the 1.11.3
source package :)
On Wed, Feb 19, 2014 at 9:24 AM, Peter Serbe <peter at serbe.ch> wrote:
> Dear all,
>
> I have exactly the same issue here. Also running Debian, but Jessie, and
> hence
>
> root at ulysses:/etc# sssd --version
> 1.11.3
>
> I think, that I am missing the correct PAM plugin. Can anyone point out,
> how
> to check this on Debian?
>
> Best regards
> Peter
>
>
>
> Kenneth,
>
> You could do a backport of the testing package, if You want to have the
> newer version of the Jessie package. I haven't done it by myself, but I
> hear that it should be pretty easy. Definitely easier than getting sssd
> up and running. ;-)
>
>
>
> Kenneth Westelinck schrieb am 19.02.2014 08:07:
>
> > All,
> >
> > Keytab should be fine, as I used the instructions from the wiki to export
> > it:
> > root at bubba3-one:/etc# klist -k krb5.sssd.keytab
> > Keytab name: FILE:krb5.sssd.keytab
> > KVNO Principal
> > ----
> >
> --------------------------------------------------------------------------
> > 1 bubba3-one$@EARTH.LOCAL
> > 1 bubba3-one$@EARTH.LOCAL
> > 1 bubba3-one$@EARTH.LOCAL
> > root at bubba3-one:/etc#
> >
> > getent passwd Administrator doesn't return anything
> >
> > I guess I have the uid number stored:
> > root at bubba3-one:/etc# wbinfo --user-info Administrator
> > EARTH\Administrator:*:0:100::/home/EARTH/Administrator:/bin/false
> > root at bubba3-one:/etc#
> >
> > The reason I don't use a recent version of sssd is the fact the box is
> > running debian and debian only comes with this old version.
> > I guess I could compile the most recent version. How could this help me
> > better than the older version?
> >
> >
> > regards,
> >
> > Kenneth
> >
> >
> > On Tue, Feb 18, 2014 at 10:53 PM, Steve <steve at steve-ss.com> wrote:
> >
> >> Do you have the machine key in the correct keytab? Why not use a recent
> >> version of sssd and use the proper ad backend? It's much easier if you
> use
> >> AD. Does getent passwd <user> return anything? Do you have uidNumber
> stored
> >> in AD?
> >> Cheers,
> >> Steve
> >>
> >> Kenneth Westelinck <kenneth.westelinck at gmail.com> wrote:
> >>
> >> >Dear list,
> >> >
> >> >It has been a true adventure setting up a samba4 ad with a bind9
> backend.
> >> >From what I can see, everything is more or less working:
> >> >
> >> > --> samba itself:
> >> >root at bubba3-one:/etc/sssd# smbclient //localhost/netlogon
> -UAdministrator
> >> >-c 'ls'
> >> >Enter Administrator's password:
> >> >Domain=[EARTH] OS=[Unix] Server=[Samba 4.1.4-SerNet-Debian-7.wheezy]
> >> > . D 0 Mon Feb 17 17:58:42
> 2014
> >> > .. D 0 Mon Feb 17 17:59:46
> 2014
> >> >
> >> > 40317 blocks of size 262144. 29196 blocks available
> >> >root at bubba3-one:/etc/sssd#
> >> >
> >> > --> kerberos
> >> >root at bubba3-one:/etc/sssd# kinit administrator
> >> >Password for administrator at EARTH.LOCAL:
> >> >root at bubba3-one:/etc/sssd#
> >> >
> >> > --> dns
> >> >root at bubba3-one:/etc/sssd# host -t SRV _ldap._tcp.earth.local
> >> >_ldap._tcp.earth.local has SRV record 0 100 389 bubba3-one.earth.local.
> >> >root at bubba3-one:/etc/sssd# host -t SRV _kerberos._udp.earth.local
> >> >_kerberos._udp.earth.local has SRV record 0 100 88
> bubba3-one.earth.local.
> >> >root at bubba3-one:/etc/sssd# host -t A bubba3-one.earth.local
> >> >bubba3-one.earth.local has address 192.168.1.1
> >> >root at bubba3-one:/etc/sssd#
> >> >
> >> >I am now trying to settup sssd using
> >> >
> >>
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
> >> >
> >> >sssd seems to start fine (no errors in the log and the daemons are
> >> >running), but getent passwd and getent groups returns nothing. Below
> is my
> >> >config:
> >> >
> >> >[sssd]
> >> >services = nss, pam
> >> >config_file_version = 2
> >> >domains = default
> >> >
> >> >[nss]
> >> >filter_groups = root
> >> >filter_users = root
> >> >reconnection_retries = 3
> >> >
> >> >[pam]
> >> >
> >> >[domain/default]
> >> >ad_hostname = bubba3-one.earth.local
> >> >ad_server = bubba3-one.earth.local
> >> >ad_domain = earth.local
> >> >
> >> >ldap_schema = rfc2307bis
> >> >id_provider = ldap
> >> >access_provider = simple
> >> >
> >> ># on large directories, you may want to disable enumeration for
> >> performance
> >> >reasons
> >> >enumerate = true
> >> >
> >> >auth_provider = krb5
> >> >chpass_provider = krb5
> >> >ldap_sasl_mech = gssapi
> >> >ldap_sasl_authid = bubba3-one$@EARTH.LOCAL
> >> >krb5_realm = EARTH.LOCAL
> >> >krb5_server = bubba3-one.earth.local
> >> >krb5_kpasswd = bubba3-one.earth.local
> >> >ldap_krb5_keytab = /etc/krb5.sssd.keytab
> >> >ldap_krb5_init_creds = true
> >> >
> >> >ldap_referrals = false
> >> >ldap_uri = ldap://bubba3-one.earth.local
> >> >ldap_search_base = dc=earth,dc=local
> >> >
> >> >dyndns_update=false
> >> >
> >> >ldap_id_mapping=false
> >> >
> >> >ldap_user_object_class = user
> >> >ldap_user_name = samAccountName
> >> >ldap_user_uid_number = uidNumber
> >> >ldap_user_gid_number = gidNumber
> >> >ldap_user_home_directory = unixHomeDirectory
> >> >ldap_user_shell = loginShell
> >> >
> >> >ldap_group_object_class = group
> >> >ldap_group_name = cn
> >> >ldap_group_member = member
> >> >
> >> >Any idea what I am missing? Can I enable some debugging somewhere to
> see
> >> >what I am doing wrong?
> >> >
> >> >Many thanks in advance.
> >> >
> >> >
> >> >regards,
> >> >
> >> >Kenneth
> >> >
> >> >P.S.:
> >> >- OS is Debian Wheezy on a B3
> >> >- Samba is 4.1.4 compiled from sernet
> >> >- BIND 9.8.4-rpz2+rl005.12-P1
> >> >- sssd 1.8.4-2
> >> >--
> >> >To unsubscribe from this list go to the following URL and read the
> >> >instructions: https://lists.samba.org/mailman/options/samba
> >>
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
More information about the samba
mailing list