[Samba] Linux client of the domain - SSSD : authenticating via Kerberos
steve at steve-ss.com
Fri Dec 20 06:52:32 MST 2013
On Fri, 2013-12-20 at 14:37 +0100, Cyril wrote:
> Le 20/12/2013 14:29, steve a écrit :
> > On Fri, 2013-12-20 at 11:26 +0100, Cyril Lalinne wrote:
> >> I'm trying to allow authentication with sssd via kerberos on the samba4 AD.
> >> That's why I'm surprise about the " when the client joined the domain"
> > Ah, so that's what you want to do. Using samba it's easy. Install enough
> > of samba to get the net command. Usually samba-client is enough:
> > Remove the myserver$ machine account on the DC.
> > On the client make a token /etc/samba/smb.conf:
> > workgroup = your.dc.hostname
> > realm = SUBDOMAIN.DOMAIN.FR
> > security = ADS
> > kerberos method = system keytab
> > Then it's just:
> > net ads join -UAdministrator
> > HTH
> > Steve
> I'm not sure I explain myself very well.
> I want users to be able to logon on workstation (Linux and windows) with
> their profile I create in the samba4 domain.
> On windows that's already work fine.
> I'm dealing with linux worsktation now with native tools
> I'm trying to make it working with sssd and kerberos without samba.
Yes, OK. As you now have getent passwd working with sssd, so id will
also work and that that in turn will enable your users to authenticate
against your Samba4 DC.
Just from curiosity, how are you you sharing the user data on the Linux
clients? Do you have the user folder information in AD too?
More information about the samba