[Samba] recommended smb.conf configuration for AD with realm+sssd
alexander.fieroch at mpi-dortmund.mpg.de
Thu Apr 19 08:52:51 UTC 2018
Our linux clients are integrated to AD by the tool "realm" (no "net ads
join") and use "sssd" for authenticating AD users. What is the
recommended configuration for smb.conf to authenticate AD users for
First, it looks like the configuration for "security" should be "ADS"
and "server role" should be "member server" because these linux clients
are domain members, but manpage for smb.conf says "ADS" and "member
server" is for clients joined by the "net" utility which is not done here.
So what is the recommended configuration in smb.conf for linux clients
joined to AD by realm and use sssd for authentication?
security = ?
server role = ?
kerberos method = system keytab
Additionally I have to add manually a cifs/ SPN on the Windows DC with
setspn for that machine account to get access on its samba shares.
Can I add the cifs/ SPN entry with any linux rpc-tool?
More information about the samba