[Samba] Samba SSSD authentication via userPrincipalName does not work because samba claims that the username does not exist.
rpenny at samba.org
Tue Oct 13 14:29:19 UTC 2020
On 13/10/2020 15:01, Markus Jansen via samba wrote:
> Thank you very much for your hints.
> I got rid of SSSD and managed to get a successful kerberos
> authentication via wbinfo -K and the UPN.
> But accessing via SMB (using MAC OS' smbutil or Finder) still fails with
> "FAILED with error NT_STATUS_NO_SUCH_USER".
> As I'm using CentOS 8, I used authselect to configure winbind
> integration to PAM (do I really need this for SMB?) and enabled
> "with-krb5" and "with-pamaccess" - features to let /etc/pam.d/-files be
> configured automatically.
> I'm really confused. What's missing?
Probably libpam-krb5 that Red-Hat has removed from RHEL8 and hence
Centos8, I had to compile the Centos7 package and install it before I
could get Centos8 to work correctly.
BIG NOTE: this is just my opinion.
I really do not think that red-hat wants you to use Samba with RHEL8, I
think they really want you to use sssd with freeipa instead. They have
removed openldap, smbldap-tools and libpam-krb5 that I am aware of,
there may be others.
How wedded are you to Centos ? I personally would advise you to switch
to Debian or Ubuntu, everything just works.
If you must use Centos8, then it is possible to get Linux to connect to
a Samba share running on a Centos domain member, not sure about a Mac, I
do not have one.
More information about the samba