[Samba] Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.

[Rowland penny]

On 13/10/2020 15:01, Markus Jansen via samba wrote:
> Thank you very much for your hints.
>
> I got rid of SSSD and managed to get a successful kerberos
> authentication via wbinfo -K and the UPN.
>
> But accessing via SMB (using MAC OS' smbutil or Finder) still fails with
> "FAILED with error NT_STATUS_NO_SUCH_USER".
>
> As I'm using CentOS 8, I used authselect to configure winbind
> integration to PAM (do I really need this for SMB?) and enabled
> "with-krb5" and "with-pamaccess" - features to let /etc/pam.d/-files be
> configured automatically.
>
> I'm really confused. What's missing?
>
Probably libpam-krb5 that Red-Hat has removed from RHEL8 and hence 
Centos8, I had to compile the Centos7 package and install it before I 
could get Centos8 to work correctly.

BIG NOTE: this is just my opinion.

I really do not think that red-hat wants you to use Samba with RHEL8, I 
think they really want you to use sssd with freeipa instead. They have 
removed openldap, smbldap-tools  and libpam-krb5 that I am aware of, 
there may be others.

How wedded are you to Centos ? I personally would advise you to switch 
to Debian or Ubuntu, everything just works.

If you must use Centos8, then it is possible to get Linux to connect to 
a Samba share running on a Centos domain member, not sure about a Mac, I 
do not have one.

Rowland