[Samba] AD authentication on samba server using sssd

Data Control Systems - Mike Elkevizth mike at datacontrolsystems.com
Thu Jun 16 18:35:52 UTC 2016 

Have you checked to see if the server has a reverse zone entry in the AD
DNS?  I think kerberos relies on it and I'm not sure Samba creates one
automatically.  My experience has been that I have to create the reverse
zones manually.

Mike E.

On Thu, Jun 16, 2016, 12:43 PM shridhar shetty <shridhar.sanjeeva at gmail.com>
wrote:

> I got samba to work with sssd finally. :)
> Wanted to share so that it could help someone with debugging.
>
> I was trying to access the fileserver using IP address which was failing.
> It worked when using hostname to connect to the fileserver.
>
> Short explanation
> * When accessing samba fileserver using hostname, kerberos authentication
> kicks in, which works fine as expected.
> * But when accessing samba fileserver using ip address, kerberos
> authentication fails and falls back to NTLM. (NTLM is not supported in SSSD
> yet)
>
> Thanks
>
>
> On Thu, Jun 16, 2016 at 10:30 AM, shridhar shetty <
> shridhar.sanjeeva at gmail.com> wrote:
>
> > Well thanks.
> > Will post  it on the sssd list.
> >
> > On Wed, Jun 15, 2016 at 11:36 PM, Rowland penny <rpenny at samba.org>
> wrote:
> >
> >> On 15/06/16 18:24, shridhar shetty wrote:
> >>
> >>> I am trying to run samba with sssd service and AD authentication.
> >>> I have joined the linux server to the AD domain using realmd and using
> >>> sssd
> >>> to authenticate to the AD. I am able to get user list from AD using
> >>> "getent
> >>> passwd <username>".
> >>> The samba servers starts but i am unable to get the authentication
> >>> working.
> >>>
> >>> I referred the samba dos for centos7 and also installed
> >>> sssd-libwbclient.
> >>>
> >>>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/sssd-ad-integration.html
> >>>
> >>> Any pointers would be appreciated. thanks :)
> >>>
> >>
> >> Yes, try asking on the sssd mailing list, they should be able to give
> you
> >> better help than here, sssd has nothing to do with Samba.
> >> If you want to use winbind instead, then this is the place to ask.
> >>
> >> Rowland
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list