[Samba] Fwd: Re: Kerberos and NTLMv2 authentication
Edouard Guigné
eguigne at pasteur-cayenne.fr
Mon Jun 17 12:42:43 UTC 2019
Hello,
Please find here the content of my smb.cnf :
[global]
security = ads
realm = MYDOMAIN.LOCAL
workgroup = MYDOMAIN
kerberos method = secrets and keytab
server signing = mandatory
client signing = mandatory
hosts allow = 127. 10.X.X.
hosts deny = 10.X.X.
log level = 1 auth_audit:3
local master = no
domain master = no
preferred master = no
use sendfile = true
load printers = no
cups options = raw
printcap name = /dev/null
disable spoolss = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
idmap config * : backend = tdb
idmap config * : range = 15000-99999
winbind nss info = rfc2307
idmap config MYDOMAIN : backend = ad
idmap config MYDOMAIN : schema_mode = rfc2307
idmap config MYDOMAIN : range = 10000-14999
idmap config MYDOMAIN : unix_nss_info = yes
idmap config MYDOMAIN : unix_primary_group = yes
client min protocol = SMB2
username map = /etc/samba/user.map
[groups]
comment = mycomment
path = /var/datashared
public = no
writable = yes
valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL"
vfs objects = acl_xattr streams_xattr
[homes]
comment = Home Directories
read only = No
create mask = 0700
directory mask = 0700
valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL"
path = /home
hide files = /~*.tmp/profile/desktop.ini/~$*/
browseable = no
public = no
guest ok = no
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
And the content of my /etc/nsswitch.conf :
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss
publickey: nisplus
automount: files
aliases: files nisplus
Best Regards
Le 17/06/2019 à 09:13, Rowland penny via samba a écrit :
> On 17/06/2019 12:56, Edouard Guigné via samba wrote:
>> Hello,
>>
>> May you answer me about my issue with kerberos ?
>>
>> About libpam-krb5 installed, I have on my system :
>> yum list krb5-workstation pam_krb5
>> krb5-workstation.x86_64 1.15.1-37.el7_6 @updates
>> pam_krb5.x86_64 2.4.8-6.el7 @base
>>
>> Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?
>
> Sorry for the late reply, yes pam_krb5 is the Centos equivalent of
> libpam_krb5
>
> I think we need to see your entire smb.conf and the passwd & group
> lines from /etc/nsswitch.conf
>
> Rowland
>
>
>
More information about the samba
mailing list