[Samba] Sharing directory via Samba using AD credentials
rpenny at samba.org
Tue Jun 11 15:49:13 UTC 2019
On 11/06/2019 16:38, Zach Doman via samba wrote:
> Thanks for the reply, Rowland.
> I managed to solve the issue without using winbind after doing some additional reading and digging around in my own environment. Due to the many times I have rebuilt my test host, the servicePrincipalName attribute within AD went missing somehow. This caused the Windows smb requests that I expected to be negotiated via kerberos to always fall back to NTLM (as noted in the log lines I posted previously) which isn’t supported by SSSD. Once this host attribute was updated to contain the right values (removing the computer object and re-joining to AD), SSO Kerberos authentication worked as I expected it to.
You have hit one of the problems with using sssd, but it is your choice
to use sssd, what I can point out is that from Samba 4.8.0, you MUST run
winbind on a Unix domain member.
More information about the samba