[Samba] LDAP + Keytab without requiring administrator logins
Rowland penny
rpenny at samba.org
Tue Feb 2 10:16:55 UTC 2021
On 02/02/2021 09:46, Christian Kuntz via samba wrote:
> Hi all!
>
> I'm currently running Debian Buster with samba version 4.9.5+dfsg-5+deb10u1
> and trying to configure my setup to require only a keytab file and no
> administrator login information to accommodate for automated smb
> provisioning.
As far as I am aware, only Administrator can join computers.
>
>
>
> I've confirmed with kerberos and sssd
Ah, there is a problem, you cannot use sssd with Samba >= 4.8.0
> that I have a connection to the
> server and can acquire the tgt, but ultimately starting the service always
> fails with this message so long as I set the passdb to ldapsam.
Why are you setting it to ldapsam ?
>
> Is this something that's supported by samba and I'm missing or have bad
> configs, or is this just not something that's supported? You can find
> testparm/config information below.
>
The use of sssd with Samba >= 4.8.0 isn't supported, you must use
winbind if you want shares, if you only required authentication, use
sssd by itself.
Rowland
More information about the samba
mailing list