[Samba] Fwd: Re: Samba4 and sssd, keytab file expires?

Alessandro Briosi tsdogs at briosix.org
Wed Dec 31 01:58:47 MST 2014

>> Hi, how have you setup the fileserver ?
>> Is it joined to the domain ?
>> Can you post your fileservers smb.conf

>> Rowland

OT: Oops, wasn't subscribed to the mailing list :)

Yes, server is joined to the domain (otherwise I would not be able to 
generate the principal)

Server configuration is following (only global part), winbind config is 
there because it was used before sssd (I had troubles with library paths 
on CentOS 7 and sssd)

    workgroup = DOMAIN
    realm = AD.DOMAIN.NET
    security = ads
    idmap config * : range = 16777216-33554431
    template shell = /sbin/nologin
    kerberos method = secrets only
    netbios name = srvfile1
    netbios aliases = srvfile
    reset on zero vc = yes

    server string =
    encrypt passwords = yes

    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

    idmap config *:backend = tdb
    idmap config *:range = 10000-20000
    idmap config DOMAIN:backend = ad
    idamp config DOMAIN:schema_mode = rfc2307
    idmap config DOMAIN:range = 0-40000

    winbind nss info = rfc2307
    winbind trusted domains only = no
    winbind use default domain = yes
    winbind enum users  = yes
    winbind enum groups = yes
    winbind offline logon = false

    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes
    create mask = 0770

More information about the samba mailing list