[Samba] Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.

Markus Jansen jansen at schmitzmine.eu
Tue Oct 13 14:01:38 UTC 2020

Thank you very much for your hints.

I got rid of SSSD and managed to get a successful kerberos
authentication via wbinfo -K and the UPN.

But accessing via SMB (using MAC OS' smbutil or Finder) still fails with

As I'm using CentOS 8, I used authselect to configure winbind
integration to PAM (do I really need this for SMB?) and enabled
"with-krb5" and "with-pamaccess" - features to let /etc/pam.d/-files be
configured automatically.

I'm really confused. What's missing?



Am 06.10.20 um 03:24 schrieb Nico Kadel-Garcia via samba:
> On Mon, Oct 5, 2020 at 11:46 AM Rowland penny via samba
> <samba at lists.samba.org> wrote:
>> You cannot use sssd with Samba >= 4.8.0 even red-hat tells you this.
> And sssd is *not* your friend if you do anything remotely
> sophisticated. It's configuration tools erase any sophisticated setups
> in sssd. For any even repotely sophisticated setup, I'll encourage you
> to configure Keberos and LDAP more directly.
>> On top of which, you should be able to authentication using a UPN:
>> pi at raspberrypi:~ $ wbinfo -K SAMDOM\\rowland at samdom.example.com
>> Enter SAMDOM\rowland at samdom.example.com's password:
>> plaintext kerberos password authentication for
>> [SAMDOM\rowland at samdom.example.com] succeeded (requesting cctype: FILE)
>> credentials were put in: FILE:/tmp/krb5cc_1000
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list