[Samba] Linux client of the domain - SSSD : authenticating via Kerberos
cyril.lalinne at 3d-com.fr
Thu Dec 19 08:13:31 MST 2013
Le 19/12/2013 14:38, Rowland Penny a écrit :
> On 19/12/13 13:27, Cyril wrote:
>> Le 18/12/2013 15:40, Cyril a écrit :
>>> I think I'm starting to understand how Linux client can be integrated
>>> into a samba domain.
>>> Tell me if I'm wrong :
>>> Linux clients don't need Samba for authentication, only the ldap part of
>>> sssd through kerberos get information from ldap. If the user is known or
>>> get the right, he can log.
>>> So why should I need to install winbind and samba4 on the linux client ?
>>> Is it only if I have a Windows AD ?
>> I can't get sssd working and I don't know why.
>> On the network, I have a samba4 install on a CentOS6.4.
>> This server is also the DHCP server
>> There's no other server on the domain.
>> A Win7 workstation has already join the domain.
>> I'm following this wiki :
>> to add a Linux workstation (Ubuntu 12.04 LTS) on the domain. The goal
>> is to get users authenticate with the same users/password as windows one.
>> On the workstation :
>> I have install sssd krb5-user package from ubuntu repository.
>> The module libsasl2-modules-gssapi-MIT is already installed
>> I have create a directory security in /lib64 and link file :
>> # ln -s /usr/local/lib/security/pam_sss.so /lib64/security/
>> Then when I do :
>> ldconfig -v | grep sss
>> libnss_sss.so.2 -> libnss_sss.so.2
>> On the server :
>> I have extract the keytab.
>> On the workstation :
>> I have configure sssd.conf with LDAP as id_provider ( sssd version <
>> I check the /etc/nsswitch.conf. sss is already add.
>> If I run :
>> getent passwd
>> I only get local profiles.
>> Any idea of what I missed ?
>> Is there other test I can do to know what's wrong ?
> You missed that there is a ppa with a later version of sssd ;-)
> nano /etc/apt/sources.list
> # sssd
> deb http://ppa.launchpad.net/sssd/updates/ubuntu precise main
> deb-src http://ppa.launchpad.net/sssd/updates/ubuntu precise main
> Then run the following commands:
> gpg --keyserver subkeys.pgp.net --recv B9BF7660CA45F42B
> gpg --export --armor CA45F42B | sudo apt-key add -
> apt-get update
> apt-get -y install sssd sssd-tools
> I take it that you have checked and altered /etc/sssd/sssd.conf to suit
> your environment?
I have remove sssd and sssd-tools and re-install from the ppa and
updated the sssd.conf file as the sssd version is > 1.10
Now, I can run sss_cache !
But getent passwd still give me local users.
And in the log file, I have theses error :
(Thu Dec 19 15:44:42 2013) [sssd[be[default]]] [load_backend_module]
(0x0010): Error (2) in module (ad) initialization (sssm_ad_id_init)!
(Thu Dec 19 15:44:42 2013) [sssd[be[default]]] [be_process_init]
(0x0010): fatal error initializing data providers
(Thu Dec 19 15:44:42 2013) [sssd[be[default]]] [main] (0x0010): Could
not initialize backend 
(Thu Dec 19 15:44:42 2013) [sssd] [mt_svc_exit_handler] (0x0010):
Process [default], definitely stopped!
how can i test Kerberos from the workstation ?
More information about the samba