[Samba] Linux client of the domain - SSSD : authenticating via Kerberos
Cyril
cyril.lalinne at 3d-com.fr
Fri Dec 20 07:00:55 MST 2013
Le 20/12/2013 14:52, steve a écrit :
> On Fri, 2013-12-20 at 14:37 +0100, Cyril wrote:
>> Le 20/12/2013 14:29, steve a écrit :
>>> On Fri, 2013-12-20 at 11:26 +0100, Cyril Lalinne wrote:
>>>
>>>> I'm trying to allow authentication with sssd via kerberos on the samba4 AD.
>>>>
>>>> That's why I'm surprise about the " when the client joined the domain"
>>>
>>>
>>> Ah, so that's what you want to do. Using samba it's easy. Install enough
>>> of samba to get the net command. Usually samba-client is enough:
>>>
>>> Remove the myserver$ machine account on the DC.
>>>
>>> On the client make a token /etc/samba/smb.conf:
>>>
>>> workgroup = your.dc.hostname
>>> realm = SUBDOMAIN.DOMAIN.FR
>>> security = ADS
>>> kerberos method = system keytab
>>>
>>> Then it's just:
>>> net ads join -UAdministrator
>>>
>>> HTH
>>> Steve
>>
>>
>> I'm not sure I explain myself very well.
>>
>> I want users to be able to logon on workstation (Linux and windows) with
>> their profile I create in the samba4 domain.
>> On windows that's already work fine.
>> I'm dealing with linux worsktation now with native tools
>>
>> I'm trying to make it working with sssd and kerberos without samba.
>>
>> Cyril
>>
>>
> Yes, OK. As you now have getent passwd working with sssd, so id will
> also work and that that in turn will enable your users to authenticate
> against your Samba4 DC.
>
It's not working fine with ubuntu 12.04 as I had to use a ppa for sssd
and i cannot install libpam-sss due to unresolved dependency.
So I'm using older libpam-sss but while authenticating, I get the error
:pam_sss(lightdm:auth): authentication failure; logname= uid=0 euid=0
tty=:1 ruser= rhost= user=NT4Domain/MyUser
I'll try on Ubuntu 13.10.
Unless there's a way to install the dependency manually
> Just from curiosity, how are you you sharing the user data on the Linux
> clients? Do you have the user folder information in AD too?
>
> Cheers,
> Steve
>
It's not done, but I plan to use NFS and automount to link users's home
directory to a shared folder on the network.
On Windows workstation, the home folder is linked to a network letter.
I'm wondering if I can put in the same shared folder home directory and
windows profiles ...
Cyril
More information about the samba
mailing list