[Samba] LDAP + Keytab without requiring administrator logins

Rowland penny rpenny at samba.org
Tue Feb 2 10:16:55 UTC 2021

On 02/02/2021 09:46, Christian Kuntz via samba wrote:
> Hi all!
> I'm currently running Debian Buster with samba version 4.9.5+dfsg-5+deb10u1
> and trying to configure my setup to require only a keytab file and no
> administrator login information to accommodate for automated smb
> provisioning.

As far as I am aware, only Administrator can join computers.

> I've confirmed with kerberos and sssd

Ah, there is a problem, you cannot use sssd with Samba >= 4.8.0

>   that I have a connection to the
> server and can acquire the tgt, but ultimately starting the service always
> fails with this message so long as I set the passdb to ldapsam.

Why are you setting it to ldapsam ?

> Is this something that's supported by samba and I'm missing or have bad
> configs, or is this just not something that's supported? You can find
> testparm/config information below.

The use of sssd with Samba >= 4.8.0 isn't supported, you must use 
winbind if you want shares, if you only required authentication, use 
sssd by itself.


More information about the samba mailing list