[Samba] Issues with mounting Samba shares after update
mathias dufresne
infractory at gmail.com
Mon Aug 28 20:16:17 UTC 2017
If you are using SSSD, why use sssd-libwbclient?
I set up recently a Samba file server with SSSD (to use uidNumber and
gidNumber from AD without modifying AD schema because Winbind can't do that
with MS AD, only with Samba AD) and I don't remember to have used anything
about Winbind.
It was on some Debian 9.0.
sssd.conf was:
[sssd]
domains = ad.example.com
config_file_version = 2
services = nss, pam
[domain/ad.example.com]
ad_domain = ad.example.com
krb5_realm = AD.EXAMPLE.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
krb5_store_password_if_offline = True
ldap_sasl_authid = HOSTNAME$
#ldap_id_mapping = True
ldap_id_mapping = False
ldap_schema = ad
access_provider = ad
id_provider = ad
use_fully_qualified_names = False
fallback_homedir = /home/%u
default_shell = /bin/bash
ldap_user_name = samAccountName
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_gecos = DisplayName
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = loginShell
and smb.conf was:
[global]
workgroup = AD
password server = dc01.ad.example.com
realm = AD.EXAMPLE.COM
security = ads
server string = Samba Server Version %v
log level = 1
local master = no
domain master = no
preferred master = no
[homes]
comment = Home Directories
browseable = no
writable = yes
path = /home/%u
Please note its late here, I did that quickly this summer and that was
grabbed from notes I took, not sure it work as is...
2017-08-28 21:41 GMT+02:00 Kristian Petersen via samba <
samba at lists.samba.org>:
> Actually it isn't part of AD at all. We are using FreeIPA and Samba. We
> just finally figured this out with the help of some folks at Red Hat. It
> turned out there was a bug in one of the libraries that came along with
> sssd (sssd-libwbclient I believe). Their suggestion to use winbind and the
> version of the same library that came with it seems to have solved our
> problem instantly. It appears that Red Hat is recommending not upgrading
> to RHEL 7.4 until this bug is resolved.
>
> However, a new file server we are setting up that appears to have the same
> issue is not fixed by doing those same things making it a bit confusing.
> We have compared config files between them, and they appear to be the same,
> which makes it even more confusing.
>
> On Mon, Aug 28, 2017 at 8:26 AM, Emmanuel Florac <eflorac at intellique.com>
> wrote:
>
> > Le Fri, 18 Aug 2017 13:28:25 -0600
> > Kristian Petersen via samba <samba at lists.samba.org> écrivait:
> >
> > > Our fileserver (running RHEL 7.4) has suddenly stopped allowing
> > > access to network shares through Samba. It is running Samba 4.6.2.
> > > When someone tries to mount a shared folder it prompts them for a
> > > username and password which fails even when the password is correct,
> > > rather than using their valid Kerberos ticket as it has in the past.
> > > Anyone here has a similar experience or suggestions as to where to
> > > begin? The NT Hashes stored in LDAP are definitely accessible to the
> > > server (we ran some test ldapsearch commands), so even if we weren't
> > > using Kerberos that should be working (but it isn't).
> >
> > Kerberos ticket, so I suppose it's part of an AD domain. Maybe your
> > server clock has drifted away from the ADS? What does "net ads
> > testjoin" say?
> >
> > --
> > ------------------------------------------------------------------------
> > Emmanuel Florac | Direction technique
> > | Intellique
> > | <eflorac at intellique.com>
> > | +33 1 78 94 84 02
> > ------------------------------------------------------------------------
> >
>
>
>
> --
> Kristian Petersen
> System Administrator
> Dept. of Chemistry and Biochemistry
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list