[Samba] sssd + samba4 not working (yet)

Kenneth Westelinck kenneth.westelinck at gmail.com
Tue Feb 18 13:46:11 MST 2014 

Dear list,

It has been a true adventure setting up a samba4 ad with a bind9 backend.
>From what I can see, everything is more or less working:

--> samba itself:
root at bubba3-one:/etc/sssd# smbclient //localhost/netlogon -UAdministrator
-c 'ls'
Enter Administrator's password:
Domain=[EARTH] OS=[Unix] Server=[Samba 4.1.4-SerNet-Debian-7.wheezy]
  .                                   D        0  Mon Feb 17 17:58:42 2014
  ..                                  D        0  Mon Feb 17 17:59:46 2014

                40317 blocks of size 262144. 29196 blocks available
root at bubba3-one:/etc/sssd#

--> kerberos
root at bubba3-one:/etc/sssd# kinit administrator
Password for administrator at EARTH.LOCAL:
root at bubba3-one:/etc/sssd#

--> dns
root at bubba3-one:/etc/sssd# host -t SRV _ldap._tcp.earth.local
_ldap._tcp.earth.local has SRV record 0 100 389 bubba3-one.earth.local.
root at bubba3-one:/etc/sssd# host -t SRV _kerberos._udp.earth.local
_kerberos._udp.earth.local has SRV record 0 100 88 bubba3-one.earth.local.
root at bubba3-one:/etc/sssd# host -t A bubba3-one.earth.local
bubba3-one.earth.local has address 192.168.1.1
root at bubba3-one:/etc/sssd#

I am now trying to settup sssd using
https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd

sssd seems to start fine (no errors in the log and the daemons are
running), but getent passwd and getent groups returns nothing. Below is my
config:

[sssd]
services = nss, pam
config_file_version = 2
domains = default

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]

[domain/default]
ad_hostname = bubba3-one.earth.local
ad_server = bubba3-one.earth.local
ad_domain = earth.local

ldap_schema = rfc2307bis
id_provider = ldap
access_provider = simple

# on large directories, you may want to disable enumeration for performance
reasons
enumerate = true

auth_provider = krb5
chpass_provider = krb5
ldap_sasl_mech = gssapi
ldap_sasl_authid = bubba3-one$@EARTH.LOCAL
krb5_realm = EARTH.LOCAL
krb5_server = bubba3-one.earth.local
krb5_kpasswd = bubba3-one.earth.local
ldap_krb5_keytab = /etc/krb5.sssd.keytab
ldap_krb5_init_creds = true

ldap_referrals = false
ldap_uri = ldap://bubba3-one.earth.local
ldap_search_base = dc=earth,dc=local

dyndns_update=false

ldap_id_mapping=false

ldap_user_object_class = user
ldap_user_name = samAccountName
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = loginShell

ldap_group_object_class = group
ldap_group_name = cn
ldap_group_member = member

Any idea what I am missing? Can I enable some debugging somewhere to see
what I am doing wrong?

Many thanks in advance.


regards,

Kenneth

P.S.:
- OS is Debian Wheezy on a B3
- Samba is 4.1.4 compiled from sernet
- BIND 9.8.4-rpz2+rl005.12-P1
- sssd 1.8.4-2

More information about the samba mailing list