[Samba] self compiled samba domain member, jessie, pam config
Rowland Penny
rowlandpenny241155 at gmail.com
Mon Oct 26 20:46:03 UTC 2015
On 26/10/15 20:22, mourik jan c heupink wrote:
> Hi,
>
> On 26-10-2015 21:03, Rowland Penny wrote:
>> How are you trying to log in with ssh ? I use it with plain passwords to
>> the DC all the time and don't have any problems.
> It seems that smb.conf cannot have
> > kerberos method = secrets and keytab
>
> If that line is in place, I cannot logon. If I take it out, I can logon.
>
> Is this normal..? (or..are you also seeing that?)
No and never seen it.
>
> Read about it here:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784656
>
Do you have /etc/krb5.keytab?
This is my smb.conf from a domain member:
[global]
workgroup = SAMDOM
realm = SAMDOM.EXAMPLE.COM
security = ADS
username map = /etc/samba/samba_usermapping
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
reset on zero vc = Yes
unix extensions = No
client signing = if_required
domain master = No
host msdfs = No
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes # <-- do you have this line
winbind offline logon = Yes
idmap config SAMDOM:range = 10000-99999
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:backend = ad
idmap config *:range = 2000-9999
idmap config * : backend = tdb
map acl inherit = Yes
hide unreadable = Yes
veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
store dos attributes = Yes
vfs objects = acl_xattr
This is on Debian Wheezy using Version 4.2.4-SerNet-Debian-7.wheezy
If you don't have the keytab, try leaving the domain and re-joining,
this should create the keytab, if you do have the keytab, remove it
then, leave and re-join.
Rowland
More information about the samba
mailing list