[Samba] Question: Samba and YP-Yellow Pages relation.

Rowland Penny rpenny at samba.org
Thu Apr 5 21:03:19 UTC 2018


On Thu, 5 Apr 2018 17:01:22 -0300
"Suporte - KONTROL" <suporte at kontrolsecurity.com.br> wrote:

> Hi Rowland,
> First of all, thanks Much for the message. Appreciate it!
> 
> Here more details...
> The users do not log into the pfSense. The Samba is being used to
> authenticate users with the proxy (squid) in a pfsense environment
> (Freebsd) The PfSense box is added to the AD Domain as a "Member"
> only, so that way the proxy can authenticate against the AD via
> NTLM/Kerberos.
> 
> Here is part of my script to add/leave Domain and also to create a
> keytab file to use against Kerberos.
> 
> 
> #joining a Domain
> net ads join createupn=HTTP/hostname001.corp at DOMAIN.CORP -k  
> echo
> #adding SPN HTTP 
> echo "Adding the SPN HTTP"
> net ads keytab add HTTP
> echo
> #Generating keytab file
> net ads keytab create -k
> 

You can get the keytab created during the join by adding:

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab

To smb.conf before the join, not sure about the UPN though, never tried
it.

It sounds like you are running Samba as a Unix domain member, any
chance of seeing the (sanitized) smb.conf ? Also what is the AD DC ?

Not sure why you want to disable YP, squid is known to work with the
default Samba

Rowland



More information about the samba mailing list