[Samba] Domain member (2k8R2) server, problem mapping Kerberos/NSS users

Elias Probst mail at eliasprobst.eu
Tue Jul 22 10:14:44 MDT 2014

On 07/22/2014 03:42 AM, George wrote:
> My setup is exactly like what you are trying to achieve. I use sssd to
> keep the Unix mapping consistent on every server (works great, getent
> passwd is consistent everywhere). Still, on member servers I had to
> configure winbind nss idmap properly, otherwise I was not able to
> properly set permissions on the shares.

Could you provide your winbind config or even your whole [global] section?
I tried it now _with_ winbind but was still running into the "Failed to
map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)" error,
so having a working config to use as "template" would be very helpful.

Besides that, I was also experimenting with SSSD 1.12.0 which has now
support for SID mapping via libcifsidmap (cifs-utils) according to its
changelog: https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0
As I ran into some build issues on Ubuntu 14.04 I might have to postpone
this experiments for now…

- Elias

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140722/bfb79bcb/attachment.pgp>

More information about the samba mailing list