[Samba] Question: Samba and YP-Yellow Pages relation.
Rowland Penny
rpenny at samba.org
Thu Apr 5 21:03:19 UTC 2018
On Thu, 5 Apr 2018 17:01:22 -0300
"Suporte - KONTROL" <suporte at kontrolsecurity.com.br> wrote:
> Hi Rowland,
> First of all, thanks Much for the message. Appreciate it!
>
> Here more details...
> The users do not log into the pfSense. The Samba is being used to
> authenticate users with the proxy (squid) in a pfsense environment
> (Freebsd) The PfSense box is added to the AD Domain as a "Member"
> only, so that way the proxy can authenticate against the AD via
> NTLM/Kerberos.
>
> Here is part of my script to add/leave Domain and also to create a
> keytab file to use against Kerberos.
>
>
> #joining a Domain
> net ads join createupn=HTTP/hostname001.corp at DOMAIN.CORP -k
> echo
> #adding SPN HTTP
> echo "Adding the SPN HTTP"
> net ads keytab add HTTP
> echo
> #Generating keytab file
> net ads keytab create -k
>
You can get the keytab created during the join by adding:
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
To smb.conf before the join, not sure about the UPN though, never tried
it.
It sounds like you are running Samba as a Unix domain member, any
chance of seeing the (sanitized) smb.conf ? Also what is the AD DC ?
Not sure why you want to disable YP, squid is known to work with the
default Samba
Rowland
More information about the samba
mailing list