[Samba] Can't setup kerberos auth for samba4 server?
Thomas Schweikle
tschweikle at gmail.com
Wed Oct 16 08:56:49 UTC 2019
Hi!
Setup: Debian, Samba 4.11
After successfully setting up samba4, I want this machine to authenticate
against the running samba4-server. I've created /etc/krb5.conf:
[libdefaults]
default_realm = ADA.DE <http://ada.de/>
dns_lookup_realm = false
dns_lookup_kdc = true
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
fcc-mit-ticketflags = true
[realms]
ADA.DE <http://ada.de/> = {
kdc = ad01.ada.de
kdc = ad02.ada.de
admin_server = ad01.ada.de
chpasswd_server = ad01.ada.de
default_domain = ada.de
}
[domain_realm]
.ada.de = ADA.DE <http://ada.de/>
ada.de = ADA.DE <http://ada.de/>
kinit works:
# kinit Administrator
Passwort für Administrator at ADA.DE:
Warnung: Ihr Passwort wird in 39 Tagen am Mo 25 Nov 2019 08:22:41 CET
ablaufen.
#klist
Ticketzwischenspeicher: FILE:/tmp/krb5cc_0
Standard-Principal: Administrator at ADA.DE
Valid starting Expires Service principal
16.10.2019 10:22:13 16.10.2019 20:22:13 krbtgt/ADA.DE at ADA.DE
erneuern bis 17.10.2019 10:22:08
But:
# net ads join -k
Host is not configured as a member server.
Invalid configuration. Exiting....
Failed to join domain: This operation is only allowed for the PDC of the
domain.
It is quite true this host is not configured as a member server -- it is
the PDC! So what do I have to do to make this host use the running samba4
to authenticate users? sssd fails because it cant find /etc/krb5.keytab.
/etc/sssd/sssd.conf is set to:
[sssd]
services = nss, pam, autofs
domains = ADA.DE <http://ada.de/>
debug_level = 0x0270
[domain/ADA.DE <http://ada.de/>]
enumerate = true
cache_credentials = True
krb5_realm = ADA.DE <http://ada.de/>
ldap_search_base = dc=ada,dc=de
krb5_server = ad01.ada.de, ad02.ada.de
id_provider = ad
auth_provider = ad
ldap_uri = ldap://ad01.ada.de:389/, ldap://ad02.ada.de:389/
ldap_id_use_start_tls = True
ldap_tls_cacertdir = /etc/openldap/cacerts
debug_level = 0x0270
[nss]
homedir_substring = /home
debug_level = 0x0270
[pam]
debug_level = 0x0270
[sudo]
debug_level = 0x0270
[autofs]
debug_level = 0x0270
[ssh]
debug_level = 0x0270
[pac]
debug_level = 0x0270
[ifp]
debug_level = 0x0270
[secrets]
debug_level = 0x0270
[session_recording]
debug_level = 0x0270
Any hint, link, Howto would be great help!
--
Thomas
More information about the samba
mailing list