[Samba] problem authenticating with kerberos and smb
Michael Edwards
michael.edwards at henderson-group.com
Thu Nov 27 10:13:32 MST 2014
Hi Rowland
Thanks for your reply.
I've modified the smb.shares.conf to remove the global tag, and moved
the settings into each share. Tried accessing the machine after a
`service smb reload && service winbind reload && service sssd reload`,
and still getting the same error.
Only sssd is set up in /etc/nsswitch.conf:
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files sss
shadow: files sss
group: files sss
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
The realm was just a sanitizing error - they're inside.local &
INSIDE.LOCAL respectively, have also tried variations on caps and lower
case, but still no luck.
Many thanks
Michael
On 27/11/14 16:45, Rowland Penny wrote:
> On 27/11/14 16:07, Michael Edwards wrote:
>> snip
> OK, alter samba.shares.conf by removing the [global] tag and move
> **ALL** the settings to the shares where they belong.
>
> There is also this: '# make winbind use NSS (and therefore SSSD)
> to resolve SIDs for domain users'
>
> There is **NO** connection between winbind and sssd, you need to user
> either one or the other in /etc/nsswitch.conf
>
> You have 'realm = inside.local' in smb.conf and 'default_realm =
> DOMAIN.LOCAL' in /etc/krb5.conf, now this may just be a sanitizing
> error, but if not you need to sort this.
>
> That's enough to be going on with
>
> Rowland
>
**********************************************************************************************
The information in this email is confidential and may be legally privileged. It is intended solely for the addressee and access to the email by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.
When addressed to our clients, any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing client engagement leter or contract.
If you have received this email in error please notify support at henderson-group.com
John Henderson (Holdings) Ltd
Registered office: 9 Hightown Avenue, Mallusk, County Antrim, Northern Ireland, BT36 4RT.
Registered in Northern Ireland
Registration Number NI010588
Vat No.: 814 6399 12
*********************************************************************************
More information about the samba
mailing list