[Samba] Samba not working with sssd on CentOS 6.5
rowlandpenny at googlemail.com
Thu Sep 25 04:07:45 MDT 2014
On 25/09/14 09:38, AndreiV wrote:
> I am sorry for the inaccurate information or questions. I am trying to learn
> more about Samba and I am doing that while setting up some servers.
> It is true that I should have red the manual first, but I a little bit under
> pressure. :D
> But with the comments I got from everyone I think I finally started to
> understand how things work.
> I was just digging through the samba wiki page and doing some tests when I
> saw the e-mail from Rowland explaining exactly what I just understood. Here
> is how I see things now, please correct me if I am wrong.
> There is no direct connection between sssd and samba. As Rowland said, they
> are different things. But why then setting up sssd makes Samba work
> (perfectly on CentOS 7 and mostly on CentOS 6.5)?
sssd is used for authentication and until recently this was all it could
do for AD, winbind on the other hand does authentication and a lot more.
So if you do not run the winbind daemon, samba can get the
authentication from sssd.
> The sssd setup process involves first joining the server to a AD domain
> (using adcli), which in turn creates the keytab.
> The next step is configuring the kerberos client to use the same AD
> The next config step is achieved with this command: authconfig --enablesssd
> --enablesssdauth --update that sets nsswitch and pam.
> And the last step is to configure the sssd service (/etc/sssd/sssd.conf).
there must be some difference between how samba does the join and how
adcli does it.
> The connection with samba is getting the keytab and setting up the kerberos
> client. Samba, when set to security = ads seems to use the kerberos client
> on the system to authenticate clients. This happens on both CentOS 6.5 and
> 7. Without any winbind! I don't know why, but this works.
Yes it works because instead of getting authentication from winbind, it
gets it from sssd.
> With one problem though on CentOS 6.5. My original issue: the server can be
> accessed only thorugh \\sambaserver and not through \\sambaserver_IP. On
> CentOS 7 both access methods work.
This is most probably a dns problem, try comparing the network files
between the two versions, though the problem is usually the opposite way
> Does anyone have any idea why?
> View this message in context: http://samba.2283325.n4.nabble.com/Samba-not-working-with-sssd-on-CentOS-6-5-tp4673186p4673209.html
> Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba