[Samba] Linux client of the domain - SSSD : authenticating via Kerberos

Cyril cyril.lalinne at 3d-com.fr
Thu Dec 19 06:27:04 MST 2013

Le 18/12/2013 15:40, Cyril a écrit :
> Hello,
> I think I'm starting to understand how Linux client can be integrated
> into a samba domain.
> Tell me if I'm wrong :
> Linux clients don't need Samba for authentication, only the ldap part of
> samba.
> sssd through kerberos get information from ldap. If the user is known or
> get the right, he can log.
> So why should I need to install winbind and samba4 on the linux client ?
> Is it only if I have a Windows AD ?
> Thanks
> Cyril

I can't get sssd working and I don't know why.

On the network, I have a samba4 install on a CentOS6.4.
This server is also the DHCP server
There's no other server on the domain.

A Win7 workstation has already join the domain.

I'm following this wiki :


to add a Linux workstation (Ubuntu 12.04 LTS) on the domain. The goal is 
to get users authenticate with the same users/password as windows one.

On the workstation :
I have install sssd krb5-user package from ubuntu repository.
The module libsasl2-modules-gssapi-MIT is already installed

I have create a directory security in /lib64 and link file :
# ln -s /usr/local/lib/security/pam_sss.so /lib64/security/
Then when I do :
ldconfig -v | grep sss
         libnss_sss.so.2 -> libnss_sss.so.2

On the server :
I have extract the keytab.

On the workstation :
I have configure sssd.conf with LDAP as id_provider ( sssd version < 1.10.0)
I check the /etc/nsswitch.conf. sss is already add.

If I run :
getent passwd

I only get local profiles.

Any idea of what I missed ?
Is there other test I can do to know what's wrong ?


More information about the samba mailing list