[Samba] Samba + SSSD: confirmed working for Samba versions 4.7.6 and 4, 8.3

Rowland penny rpenny at samba.org
Wed Jun 19 12:40:24 UTC 2019


On 19/06/2019 13:26, Goetz, Patrick G via samba wrote:
> A couple of days ago I posted about not being able to authenticate AD
> domain users when trying to mount SMB shares.  Turns out my problem was
> that I hadn't set a netbios name in /etc/samba/smb.conf, even though I
> have netbios turned off!  Understood that this isn't supported, but for
> the benefit of others searching this forum (and posts come up a lot in
> searches), here is the smb.conf configuration that works with sssd on
> Ubuntu 18.04:
>
>
> [global]
>
>     netbios name = cns-bio-krak1
>     workgroup = AUSTIN
>     client signing = yes
>     client use spnego = yes
>     kerberos method = secrets and keytab
>     realm = AUSTIN.UTEXAS.EDU
>     security = ads
>     allow trusted domains = yes
>     disable netbios = yes
>
>     log level = 1
>     guest account = nobody
>
>     vfs objects = acl_xattr
>     map acl inherit = yes
>     store dos attributes = yes
>
>     server role = auto
>     obey pam restrictions = yes
>
>     load printers = no
>     cups options = raw
>
>
> Everything else is pretty much left at the defaults.  Printing is turned
> off because we don't configure printers on these servers, and no
> idmap'ing is necessary.  The nmbd service is off and masked, winbind
> isn't installed, and the only open port is 445.  Share services are now
> mountable on SMB domain clients.  Still need to find out if there is a
> way to allow a few non-domain machines to mount shares.
>
> The only thing not working properly with Samba 4.7.6  (this was working
> with 4.8.3, then we somehow broke it) is using some critical net commands:
>
>     root at kraken:/etc/samba# net rpc rights list -U cns-pgoetz
>     Enter cns-pgoetz's password:
>     Could not connect to server 127.0.0.1
>     Connection failed: NT_STATUS_NO_LOGON_SERVERS
>
> This is making it difficult to assign administrative rights from the
> Windows side (as per Rowland's suggestion).  We were able to get this
> working with sssd and Samba 4.8.3, no luck yet with 4.7.6.
>
I am surprised that you got it working with 4.8.x, this is the minor 
version that now requires that winbind is run.

This is the last post on this thread I will allow, I will just discard 
any further posts, this thread has run to its extent.

Rowland





More information about the samba mailing list