[Samba] Samba not working with sssd on CentOS 6.5

Andrei Vida-Raţiu andreiv3103 at gmail.com
Wed Sep 24 15:05:14 MDT 2014

Hello everyone.
I joined this list because I cannot find an answer to my problem. The
setup is this:
I installed CentOS release 6.5 (Final) minimal version
Updated all packages
Added the server to the Active Directory domain as a member server
using the method described here (using adcli, kerberos and sssd):

It worked, I tested by trying to connect through ssh with domain user
credentials and by doing "su domain_user" from root ssh console. Both

After that, I installed Samba (Version 3.6.9-169.el6_5). Created a
minimal config file like this:

        workgroup = mydomain
        server string = Samba Server Version %v
        security = ads
        encrypt passwords = yes
        passdb backend = tdbsam
        realm = mydomain.ro

# No printers needed
        load printers = no
        cups options = raw
        printcap name = /dev/null

# logs split per machine
        log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
        max log size = 50
        log level = 10

# ############ THE SHARES ############ #

        comment = Home Directories
        browseable = no
        writable = yes

It doesn't work. I get this eror in /var/log/messages:

Sep 24 23:40:54 fs01 smbd[1406]:   connect_to_domain_password_server:
unable to open the domain client session to machine DC.MYDOMAIN.RO.
Sep 24 23:40:54 fs01 smbd[1406]: [2014/09/24 23:40:54.406665,  0]
Sep 24 23:40:54 fs01 smbd[1406]:   get_schannel_session_key: could not
fetch trust account password for domain 'MYDOMAIN'
Sep 24 23:40:54 fs01 smbd[1406]: [2014/09/24 23:40:54.408207,  0]
Sep 24 23:40:54 fs01 smbd[1406]:   cli_rpc_pipe_open_schannel: failed
to get schannel session key from server DC.MYDOMAIN.RO for domain
Sep 24 23:40:54 fs01 smbd[1406]: [2014/09/24 23:40:54.408499,  0]

However, if I add this:

kerberos method = secrets and keytab

to the smb.conf file it works. But it creates another strange problem.
It works only when I connect using \\server. If I try that by IP, like
\\ the error above appears again in /var/log/messages.

I really need the "access by IP" option. Are there any solutions?

Also, it seems that, in this configuration, samba doesn't use sssd? I
increased the debug level in sssd by the logs are empty!



More information about the samba mailing list