[Samba] Configuring RHEL6 Samba4 DC for local accounts
Michael Brown
michael at netdirect.ca
Sun Jan 26 12:42:59 MST 2014
On 14-01-26 02:10 PM, Rowland Penny wrote:
> Well if you don't count the removal of the sernet-samba packages as a
> technical problem, then OK, see here:
>
> https://lists.samba.org/archive/samba/2013-December/177449.html
Well no, I'd call that a packaging problem (semantics, really). On
Ubuntu. Fortunately I'm on RHEL today so it's not an issue.
Anyways, I've followed the example at
https://wiki.samba.org/index.php/Local_user_management_and_authentication/sssd
exactly (exactly at first, and I've made some modifications with no effect):
# samba-tool domain exportkeytab /etc/krb5.sssd.keytab --principal=exfile01$
# klist -k /etc/krb5.sssd.keytab
Keytab name: FILE:/etc/krb5.sssd.keytab
KVNO Principal
----
--------------------------------------------------------------------------
1 exfile01$@AD.EXAMPLE.COM
1 exfile01$@AD.EXAMPLE.COM
1 exfile01$@AD.EXAMPLE.COM
# cat /etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = ad.example.com
[nss]
[pam]
[domain/ad.example.com]
ad_hostname = exfile01.ad.example.com
ad_server = ad.example.com
ad_domain = ad.example.com
ldap_schema = rfc2307bis
id_provider = ldap
access_provider = simple
enumerate = true
auth_provider = krb5
chpass_provider = krb5
ldap_sasl_mech = gssapi
ldap_sasl_authid = exfile01$@AD.EXAMPLE.COM
krb5_realm = AD.EXAMPLE.COM
krb5_server = ad.example.com
krb5_kpasswd = ad.example.com
ldap_krb5_keytab = /etc/krb5.sssd.keytab
ldap_krb5_init_creds = true
ldap_referrals = false
ldap_uri = ldap://ad.example.com
ldap_search_base = dc=ad,dc=example,dc=com
dyndns_update=false
ldap_id_mapping=false
ldap_user_object_class = user
ldap_user_name = samAccountName
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = loginShell
ldap_group_object_class = group
ldap_group_name = cn
ldap_group_member = member
But when I start sssd I get:
Jan 26 14:31:22 exfile01 sssd_be: GSSAPI Error: Unspecified GSS
failure. Minor code may provide more information (Server not found in
Kerberos database)
My krb5.conf looks like:
[libdefaults]
default_realm = AD.IRPRUBBER.COM
dns_lookup_realm = false
dns_lookup_kdc = true
#rdns = false
I tried with and without rdns=false. Then I fixed forward/reverse for
the host so they were identical. No luck :(
I'm stumped - anyone know where to go from here?
M.
--
Michael Brown | `One of the main causes of the fall of
Systems Consultant | the Roman Empire was that, lacking zero,
Net Direct Inc. | they had no way to indicate successful
☎: +1 519 883 1172 x5106 | termination of their C programs.' - Firth
More information about the samba
mailing list