[Samba] Keytab MEMORY:cifs_srv_keytab is nonexistent or empty
Jeremy Monnet
jmonnet at gmail.com
Thu May 6 16:24:51 UTC 2021
Hi,
On Thu, May 6, 2021 at 2:33 PM Rowland penny via samba
<samba at lists.samba.org> wrote:
>
> On 06/05/2021 13:14, Jeremy Monnet wrote:
> >
> > No, I didn't see that part ?! I hope I can still authenticate user
> > against an AD using sssd, and have samba autonomous to provide Shares
> > ? I couldn't find any article or information on that subject ?
>
>
> Up until Samba 4.8.0 , the smbd daemon (which you need for shares) could
> 'talk' directly to AD, so you could use sssd with Samba and have shares.
> When Samba 4.8.0 was released, things changed, smbd can no longer 'talk'
> to AD and on a Unix domain member, you need to use 'security = ADS' and
> run winbind and sssd and winbind are incompatible. If you want to use
> Samba with shares, you need to remove sssd.
>
So Redhat does support that
https://access.redhat.com/solutions/3802321 (It is probably also
behind a paywall - though I think you only need an account, not a
paying one, never mind...)
In short :
realm join testlab.redhat.com -U Administrator --client-software=sssd
--membership-software=samba
and
[global]
realm = TESTLAB.REDHAT.COM
workgroup = TESTLAB
security = ads
kerberos method = secrets and keytab
[...]
idmap config * : backend = tdb
idmap config * : range = 10000-199999
idmap config TESTLAB : backend = sss
idmap config TESTLAB : range = 200000-2147483647
I do not know whether it works by accident, but eventually I am
authenticating via SSSD and offering Shares via smb at the same time.
I will probably have to migrate that soon nevertheless... :-/
Thanks for your insight,
Jeremy
More information about the samba
mailing list