[Samba] Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.

[Markus Jansen]

Thank you very much for your hints.

I got rid of SSSD and managed to get a successful kerberos
authentication via wbinfo -K and the UPN.

But accessing via SMB (using MAC OS' smbutil or Finder) still fails with
"FAILED with error NT_STATUS_NO_SUCH_USER".

As I'm using CentOS 8, I used authselect to configure winbind
integration to PAM (do I really need this for SMB?) and enabled
"with-krb5" and "with-pamaccess" - features to let /etc/pam.d/-files be
configured automatically.

I'm really confused. What's missing?

Best,

Markus

Am 06.10.20 um 03:24 schrieb Nico Kadel-Garcia via samba:
> On Mon, Oct 5, 2020 at 11:46 AM Rowland penny via samba
> <samba at lists.samba.org> wrote:
>
>> You cannot use sssd with Samba >= 4.8.0 even red-hat tells you this.
> And sssd is *not* your friend if you do anything remotely
> sophisticated. It's configuration tools erase any sophisticated setups
> in sssd. For any even repotely sophisticated setup, I'll encourage you
> to configure Keberos and LDAP more directly.
>
>> On top of which, you should be able to authentication using a UPN:
>>
>> pi at raspberrypi:~ $ wbinfo -K SAMDOM\\rowland at samdom.example.com
>> Enter SAMDOM\rowland at samdom.example.com's password:
>> plaintext kerberos password authentication for
>> [SAMDOM\rowland at samdom.example.com] succeeded (requesting cctype: FILE)
>> credentials were put in: FILE:/tmp/krb5cc_1000
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba