[Samba] Samba not working with sssd on CentOS 6.5

Andrei Vida-Raţiu andreiv3103 at gmail.com
Wed Sep 24 15:05:14 MDT 2014 

Hello everyone.
I joined this list because I cannot find an answer to my problem. The
setup is this:
I installed CentOS release 6.5 (Final) minimal version
Updated all packages
Added the server to the Active Directory domain as a member server
using the method described here (using adcli, kerberos and sssd):
http://jhrozek.livejournal.com/3581.html

It worked, I tested by trying to connect through ssh with domain user
credentials and by doing "su domain_user" from root ssh console. Both
worked.

After that, I installed Samba (Version 3.6.9-169.el6_5). Created a
minimal config file like this:

[global]
        workgroup = mydomain
        server string = Samba Server Version %v
        security = ads
        encrypt passwords = yes
        passdb backend = tdbsam
        realm = mydomain.ro

# No printers needed
        load printers = no
        cups options = raw
        printcap name = /dev/null

# logs split per machine
        log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
        max log size = 50
        log level = 10

# ############ THE SHARES ############ #

[homes]
        comment = Home Directories
        browseable = no
        writable = yes

It doesn't work. I get this eror in /var/log/messages:

Sep 24 23:40:54 fs01 smbd[1406]:   connect_to_domain_password_server:
unable to open the domain client session to machine DC.MYDOMAIN.RO.
Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
Sep 24 23:40:54 fs01 smbd[1406]: [2014/09/24 23:40:54.406665,  0]
rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)
Sep 24 23:40:54 fs01 smbd[1406]:   get_schannel_session_key: could not
fetch trust account password for domain 'MYDOMAIN'
Sep 24 23:40:54 fs01 smbd[1406]: [2014/09/24 23:40:54.408207,  0]
rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)
Sep 24 23:40:54 fs01 smbd[1406]:   cli_rpc_pipe_open_schannel: failed
to get schannel session key from server DC.MYDOMAIN.RO for domain
MYDOMAIN.
Sep 24 23:40:54 fs01 smbd[1406]: [2014/09/24 23:40:54.408499,  0]
auth/auth_domain.c:193(connect_to_domain_password_server)

However, if I add this:

kerberos method = secrets and keytab

to the smb.conf file it works. But it creates another strange problem.
It works only when I connect using \\server. If I try that by IP, like
\\192.168.1.5 the error above appears again in /var/log/messages.

I really need the "access by IP" option. Are there any solutions?

Also, it seems that, in this configuration, samba doesn't use sssd? I
increased the debug level in sssd by the logs are empty!

_______

AndreiV

More information about the samba mailing list