[Samba] AD integration issues
Andrew Bartlett
abartlet at samba.org
Sat Sep 15 12:56:07 UTC 2018
On Fri, 2018-09-14 at 14:58 -0700, Jagga Soorma via samba wrote:
> Hello,
>
> I have a CentOS 7 system configured as a samba server using ADS
> security. I am able to get users to login from PC's that are part of
> the AD domain but users coming from systems that are not part of the
> AD domain are not able to access the smb shares. Here is more
> information about the enviornment and issue:
You are running Samba as a member of an AD domain, but not not running
winbindd, so each smbd needs to contact the DC to check the password.
We removed that code from later Samba versions as it was not reliable.
In this case it seems that either SMB1 or something about the NTLMSSP
mode we chose is being used by Samba is disabled on the server.
Your in-domain users are being accepted because we can decrypt the
kerberos ticket, presumably by the keytab that you somehow provided.
Rowland is guessing you are using sssd to provide that, is that
correct?
In any case, I suggest joining the domain and using winbindd.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list