[Samba] Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.

Rowland penny rpenny at samba.org
Tue Oct 13 14:29:19 UTC 2020

On 13/10/2020 15:01, Markus Jansen via samba wrote:
> Thank you very much for your hints.
> I got rid of SSSD and managed to get a successful kerberos
> authentication via wbinfo -K and the UPN.
> But accessing via SMB (using MAC OS' smbutil or Finder) still fails with
> As I'm using CentOS 8, I used authselect to configure winbind
> integration to PAM (do I really need this for SMB?) and enabled
> "with-krb5" and "with-pamaccess" - features to let /etc/pam.d/-files be
> configured automatically.
> I'm really confused. What's missing?
Probably libpam-krb5 that Red-Hat has removed from RHEL8 and hence 
Centos8, I had to compile the Centos7 package and install it before I 
could get Centos8 to work correctly.

BIG NOTE: this is just my opinion.

I really do not think that red-hat wants you to use Samba with RHEL8, I 
think they really want you to use sssd with freeipa instead. They have 
removed openldap, smbldap-tools  and libpam-krb5 that I am aware of, 
there may be others.

How wedded are you to Centos ? I personally would advise you to switch 
to Debian or Ubuntu, everything just works.

If you must use Centos8, then it is possible to get Linux to connect to 
a Samba share running on a Centos domain member, not sure about a Mac, I 
do not have one.


More information about the samba mailing list