[Samba] Linux client of the domain - SSSD : authenticating via Kerberos

Rowland Penny rowlandpenny at googlemail.com
Thu Dec 19 06:38:50 MST 2013


On 19/12/13 13:27, Cyril wrote:
> Le 18/12/2013 15:40, Cyril a écrit :
>> Hello,
>>
>> I think I'm starting to understand how Linux client can be integrated
>> into a samba domain.
>>
>> Tell me if I'm wrong :
>>
>> Linux clients don't need Samba for authentication, only the ldap part of
>> samba.
>> sssd through kerberos get information from ldap. If the user is known or
>> get the right, he can log.
>>
>> So why should I need to install winbind and samba4 on the linux client ?
>> Is it only if I have a Windows AD ?
>>
>>
>> Thanks
>> Cyril
>>
>
> I can't get sssd working and I don't know why.
>
> On the network, I have a samba4 install on a CentOS6.4.
> This server is also the DHCP server
> There's no other server on the domain.
>
> A Win7 workstation has already join the domain.
>
> I'm following this wiki :
>
> https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd 
>
>
> to add a Linux workstation (Ubuntu 12.04 LTS) on the domain. The goal 
> is to get users authenticate with the same users/password as windows one.
>
> On the workstation :
> I have install sssd krb5-user package from ubuntu repository.
> The module libsasl2-modules-gssapi-MIT is already installed
>
> I have create a directory security in /lib64 and link file :
> # ln -s /usr/local/lib/security/pam_sss.so /lib64/security/
> Then when I do :
> ldconfig -v | grep sss
>         libnss_sss.so.2 -> libnss_sss.so.2
>
> On the server :
> I have extract the keytab.
>
> On the workstation :
> I have configure sssd.conf with LDAP as id_provider ( sssd version < 
> 1.10.0)
> I check the /etc/nsswitch.conf. sss is already add.
>
> If I run :
> getent passwd
>
> I only get local profiles.
>
> Any idea of what I missed ?
> Is there other test I can do to know what's wrong ?
>
> Thanks,
> Cyril
>
You missed that there is a ppa with a later version of sssd ;-)

nano /etc/apt/sources.list
Add:

# sssd
deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main
deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main

Then run the following commands:

gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B

gpg --export --armor CA45F42B | sudo apt-key add -

apt-get update

apt-get -y install sssd sssd-tools

I take it that you have checked and altered /etc/sssd/sssd.conf to suit 
your environment?

Rowland



More information about the samba mailing list