[Samba] Samba not working with sssd on CentOS 6.5

Rowland Penny rowlandpenny at googlemail.com
Wed Sep 24 15:22:42 MDT 2014


On 24/09/14 22:05, Andrei Vida-Raţiu wrote:
> Hello everyone.
> I joined this list because I cannot find an answer to my problem. The
> setup is this:
> I installed CentOS release 6.5 (Final) minimal version
> Updated all packages
> Added the server to the Active Directory domain as a member server
> using the method described here (using adcli, kerberos and sssd):
> http://jhrozek.livejournal.com/3581.html
>
> It worked, I tested by trying to connect through ssh with domain user
> credentials and by doing "su domain_user" from root ssh console. Both
> worked.
>
> After that, I installed Samba (Version 3.6.9-169.el6_5). Created a
> minimal config file like this:
>
> [global]
>          workgroup = mydomain
>          server string = Samba Server Version %v
>          security = ads
>          encrypt passwords = yes
>          passdb backend = tdbsam
>          realm = mydomain.ro
>
> # No printers needed
>          load printers = no
>          cups options = raw
>          printcap name = /dev/null
>
> # logs split per machine
>          log file = /var/log/samba/log.%m
> # max 50KB per log file, then rotate
>          max log size = 50
>          log level = 10
>
> # ############ THE SHARES ############ #
>
> [homes]
>          comment = Home Directories
>          browseable = no
>          writable = yes
>
> It doesn't work. I get this eror in /var/log/messages:
>
> Sep 24 23:40:54 fs01 smbd[1406]:   connect_to_domain_password_server:
> unable to open the domain client session to machine DC.MYDOMAIN.RO.
> Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
> Sep 24 23:40:54 fs01 smbd[1406]: [2014/09/24 23:40:54.406665,  0]
> rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)
> Sep 24 23:40:54 fs01 smbd[1406]:   get_schannel_session_key: could not
> fetch trust account password for domain 'MYDOMAIN'
> Sep 24 23:40:54 fs01 smbd[1406]: [2014/09/24 23:40:54.408207,  0]
> rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)
> Sep 24 23:40:54 fs01 smbd[1406]:   cli_rpc_pipe_open_schannel: failed
> to get schannel session key from server DC.MYDOMAIN.RO for domain
> MYDOMAIN.
> Sep 24 23:40:54 fs01 smbd[1406]: [2014/09/24 23:40:54.408499,  0]
> auth/auth_domain.c:193(connect_to_domain_password_server)
>
> However, if I add this:
>
> kerberos method = secrets and keytab
>
> to the smb.conf file it works. But it creates another strange problem.
> It works only when I connect using \\server. If I try that by IP, like
> \\192.168.1.5 the error above appears again in /var/log/messages.
>
> I really need the "access by IP" option. Are there any solutions?
>
> Also, it seems that, in this configuration, samba doesn't use sssd? I
> increased the debug level in sssd by the logs are empty!
>
> _______
>
> AndreiV
Hi, I think you will find this is because you are trying to set 
everything (except samba) to connect AD and then want to use samba, why?
I am fairly sure if you join the samba machine to AD everything will 
work ok, or to put it another way, you do not need adcli if you use 
samba. If you setup centos and samba correctly, sssd will then work as 
expected.

Rowland





More information about the samba mailing list