[Samba] Samba + sssd deployment: success and failure
Rowland penny
rpenny at samba.org
Tue Jun 11 19:48:00 UTC 2019
On 11/06/2019 20:38, Goetz, Patrick G via samba wrote:
> So, we have Samba file sharing working on CentOS 7.6 with sssd:
>
> [root at cns-srv-lnode2 samba]# cat /etc/redhat-release
> CentOS Linux release 7.6.1810 (Core)
> [root at cns-srv-lnode2 samba]# smbd --version
> Version 4.8.3
>
> Some smb.conf configuration details:
>
> - security = user
> - an idmap entry is unnecessary
> - disable netbios = yes
> works fine
> - pretty sure nmbd is unnecessary as well.
How are you actually running samba ?
As a standalone server or as a Unix domain member ?
If it is a Unix domain member, then you need to run winbind from Samba 4.8.0
>
> Unfortunately the same smb.conf/sssd.conf configuration does not work on
> Ubuntu 18.04:
>
> root at kraken:/var/log/samba# cat /etc/lsb-release
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=18.04
> DISTRIB_CODENAME=bionic
> DISTRIB_DESCRIPTION="Ubuntu 18.04.2 LTS"
> root at kraken:/var/log/samba# smbd --version
> Version 4.7.6-Ubuntu
>
> It appears there were some major changes between Samba 4.7.6 and Samba
> 4.8.3 ? On the functional CentOS system, when I try to map a share I
> see something like this in the log files:
>
> [2019/06/11 13:09:35.088714, 3]
> ../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
> Found account name from PAC: pgoetz [Goetz, Patrick G]
>
>
> On the Ubuntu system I see
>
> [2019/06/11 13:58:47.535611, 3]
> ../auth/ntlmssp/ntlmssp_server.c:454(ntlmssp_server_preauth)
> Got user=[pgoetz] domain=[austin] workstation=[CNS-VM-PGOETZ1]
> len1=24 len2=332
>
> What then happens is it looks for user pgoetz in a non-existent passdb
> file, maps the username to guest, which is mapped to nobody, and then
> the authentication fails.
>
> Just want to confirm that the problem is with the Samba version before
> upgrading from a PPA.
Looks to me like the problem is with sssd that doesn't use ntlm.
>
> Aside: Looks like the Samba team had a PPA for daily releases which was
> abandoned about a year ago: what happened with that?
>
Didn't know we had one, care to post a link ?
Rowland
More information about the samba
mailing list