[Samba] Linux client of the domain - SSSD : authenticating via Kerberos
Cyril
cyril.lalinne at 3d-com.fr
Thu Dec 19 08:13:31 MST 2013
Le 19/12/2013 14:38, Rowland Penny a écrit :
> On 19/12/13 13:27, Cyril wrote:
>> Le 18/12/2013 15:40, Cyril a écrit :
>>> Hello,
>>>
>>> I think I'm starting to understand how Linux client can be integrated
>>> into a samba domain.
>>>
>>> Tell me if I'm wrong :
>>>
>>> Linux clients don't need Samba for authentication, only the ldap part of
>>> samba.
>>> sssd through kerberos get information from ldap. If the user is known or
>>> get the right, he can log.
>>>
>>> So why should I need to install winbind and samba4 on the linux client ?
>>> Is it only if I have a Windows AD ?
>>>
>>>
>>> Thanks
>>> Cyril
>>>
>>
>> I can't get sssd working and I don't know why.
>>
>> On the network, I have a samba4 install on a CentOS6.4.
>> This server is also the DHCP server
>> There's no other server on the domain.
>>
>> A Win7 workstation has already join the domain.
>>
>> I'm following this wiki :
>>
>> https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
>>
>>
>> to add a Linux workstation (Ubuntu 12.04 LTS) on the domain. The goal
>> is to get users authenticate with the same users/password as windows one.
>>
>> On the workstation :
>> I have install sssd krb5-user package from ubuntu repository.
>> The module libsasl2-modules-gssapi-MIT is already installed
>>
>> I have create a directory security in /lib64 and link file :
>> # ln -s /usr/local/lib/security/pam_sss.so /lib64/security/
>> Then when I do :
>> ldconfig -v | grep sss
>> libnss_sss.so.2 -> libnss_sss.so.2
>>
>> On the server :
>> I have extract the keytab.
>>
>> On the workstation :
>> I have configure sssd.conf with LDAP as id_provider ( sssd version <
>> 1.10.0)
>> I check the /etc/nsswitch.conf. sss is already add.
>>
>> If I run :
>> getent passwd
>>
>> I only get local profiles.
>>
>> Any idea of what I missed ?
>> Is there other test I can do to know what's wrong ?
>>
>> Thanks,
>> Cyril
>>
> You missed that there is a ppa with a later version of sssd ;-)
>
> nano /etc/apt/sources.list
> Add:
>
> # sssd
> deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main
> deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main
>
> Then run the following commands:
>
> gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B
>
> gpg --export --armor CA45F42B | sudo apt-key add -
>
> apt-get update
>
> apt-get -y install sssd sssd-tools
>
> I take it that you have checked and altered /etc/sssd/sssd.conf to suit
> your environment?
>
> Rowland
>
:-)
I have remove sssd and sssd-tools and re-install from the ppa and
updated the sssd.conf file as the sssd version is > 1.10
Now, I can run sss_cache !
But getent passwd still give me local users.
And in the log file, I have theses error :
sssd_default.log :
(Thu Dec 19 15:44:42 2013) [sssd[be[default]]] [load_backend_module]
(0x0010): Error (2) in module (ad) initialization (sssm_ad_id_init)!
(Thu Dec 19 15:44:42 2013) [sssd[be[default]]] [be_process_init]
(0x0010): fatal error initializing data providers
(Thu Dec 19 15:44:42 2013) [sssd[be[default]]] [main] (0x0010): Could
not initialize backend [2]
sssd.log
(Thu Dec 19 15:44:42 2013) [sssd] [mt_svc_exit_handler] (0x0010):
Process [default], definitely stopped!
how can i test Kerberos from the workstation ?
Cyril
More information about the samba
mailing list