[Samba] Fwd: Re: Kerberos and NTLMv2 authentication

Edouard Guigné eguigne at pasteur-cayenne.fr
Mon Jun 17 12:42:43 UTC 2019 

Hello,

Please find here the content of my smb.cnf :

[global]
         security = ads
         realm = MYDOMAIN.LOCAL
         workgroup = MYDOMAIN
         kerberos method = secrets and keytab
         server signing = mandatory
         client signing = mandatory

         hosts allow = 127. 10.X.X.
         hosts deny = 10.X.X.

         log level = 1 auth_audit:3
         local master = no
         domain master = no
         preferred master = no

         use sendfile = true

         load printers = no
         cups options = raw
         printcap name = /dev/null

        disable spoolss = yes

         vfs objects = acl_xattr
         map acl inherit = yes
         store dos attributes = yes

     idmap config * : backend = tdb

     idmap config * : range = 15000-99999

         winbind nss info = rfc2307
         idmap config MYDOMAIN : backend = ad
         idmap config MYDOMAIN : schema_mode = rfc2307

         idmap config MYDOMAIN : range = 10000-14999

         idmap config MYDOMAIN : unix_nss_info = yes

         idmap config MYDOMAIN : unix_primary_group = yes

     client min protocol = SMB2

     username map = /etc/samba/user.map

[groups]
   comment = mycomment
   path = /var/datashared
   public = no
   writable = yes

   valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL"

   vfs objects = acl_xattr streams_xattr

[homes]
         comment = Home Directories
         read only = No
         create mask = 0700
         directory mask = 0700
         valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL"
         path = /home
         hide files = /~*.tmp/profile/desktop.ini/~$*/
         browseable = no
         public = no
         guest ok = no

[printers]
         comment = All Printers
         path = /var/tmp
         printable = Yes
         create mask = 0600
         browseable = No

[print$]
         comment = Printer Drivers
         path = /var/lib/samba/drivers
         write list = root
         create mask = 0664
         directory mask = 0775

And the content of my /etc/nsswitch.conf :

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  files
aliases:    files nisplus

Best Regards

Le 17/06/2019 à 09:13, Rowland penny via samba a écrit :
> On 17/06/2019 12:56, Edouard Guigné via samba wrote:
>> Hello,
>>
>> May you answer me about my issue with kerberos ?
>>
>> About libpam-krb5 installed, I have on my system :
>> yum list krb5-workstation pam_krb5
>> krb5-workstation.x86_64 1.15.1-37.el7_6 @updates
>> pam_krb5.x86_64 2.4.8-6.el7 @base
>>
>> Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?
>
> Sorry for the late reply, yes pam_krb5 is the Centos equivalent of 
> libpam_krb5
>
> I think we need to see your entire smb.conf and the passwd & group 
> lines from /etc/nsswitch.conf
>
> Rowland
>
>
>

More information about the samba mailing list