[Samba] Samba not working with sssd on CentOS 6.5

Rowland Penny rowlandpenny at googlemail.com
Thu Sep 25 04:07:45 MDT 2014 

On 25/09/14 09:38, AndreiV wrote:
> I am sorry for the inaccurate information or questions. I am trying to learn
> more about Samba and I am doing that while setting up some servers.
>
> It is true that I should have red the manual first, but I a little bit under
> pressure. :D
> But with the comments I got from everyone I think I finally started to
> understand how things work.
>
> I was just digging through the samba wiki page and doing some tests when I
> saw the e-mail from Rowland explaining exactly what I just understood. Here
> is how I see things now, please correct me if I am wrong.
>
> There is no direct connection between sssd and samba. As Rowland said, they
> are different things. But why then setting up sssd makes Samba work
> (perfectly on CentOS 7 and mostly on CentOS 6.5)?

sssd is used for authentication and until recently this was all it could 
do for AD, winbind on the other hand does authentication and a lot more. 
So if you do not run the winbind daemon, samba can get the 
authentication from sssd.

> The sssd setup process involves first joining the server to a AD domain
> (using adcli), which in turn creates the keytab.
> The next step is configuring the kerberos client to use the same AD
> (/etc/krb5.conf)
> The next config step is achieved with this command: authconfig --enablesssd
> --enablesssdauth --update that sets nsswitch and pam.
> And the last step is to configure the sssd service (/etc/sssd/sssd.conf).

there must be some difference between how samba does the join and how 
adcli does it.

> The connection with samba is getting the keytab and setting up the kerberos
> client. Samba, when set to security = ads seems to use the kerberos client
> on the system to authenticate clients. This happens on both CentOS 6.5 and
> 7. Without any winbind! I don't know why, but this works.

Yes it works because instead of getting authentication from winbind, it 
gets it from sssd.

> With one problem though on CentOS 6.5. My original issue: the server can be
> accessed only thorugh \\sambaserver and not through \\sambaserver_IP. On
> CentOS 7 both access methods work.

This is most probably a dns problem, try comparing the network files 
between the two versions, though the problem is usually the opposite way 
round.

Rowland

> Does anyone have any idea why?
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Samba-not-working-with-sssd-on-CentOS-6-5-tp4673186p4673209.html
> Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list