[Samba] Keytab MEMORY:cifs_srv_keytab is nonexistent or empty
Rowland penny
rpenny at samba.org
Thu May 6 16:34:58 UTC 2021
On 06/05/2021 17:24, Jeremy Monnet wrote:
> Hi,
>
> On Thu, May 6, 2021 at 2:33 PM Rowland penny via samba
> <samba at lists.samba.org> wrote:
>> On 06/05/2021 13:14, Jeremy Monnet wrote:
>>> No, I didn't see that part ?! I hope I can still authenticate user
>>> against an AD using sssd, and have samba autonomous to provide Shares
>>> ? I couldn't find any article or information on that subject ?
>>
>> Up until Samba 4.8.0 , the smbd daemon (which you need for shares) could
>> 'talk' directly to AD, so you could use sssd with Samba and have shares.
>> When Samba 4.8.0 was released, things changed, smbd can no longer 'talk'
>> to AD and on a Unix domain member, you need to use 'security = ADS' and
>> run winbind and sssd and winbind are incompatible. If you want to use
>> Samba with shares, you need to remove sssd.
>>
> So Redhat does support that
> https://access.redhat.com/solutions/3802321 (It is probably also
> behind a paywall - though I think you only need an account, not a
> paying one, never mind...)
> In short :
>
> realm join testlab.redhat.com -U Administrator --client-software=sssd
> --membership-software=samba
> and
>
> [global]
> realm = TESTLAB.REDHAT.COM
> workgroup = TESTLAB
> security = ads
> kerberos method = secrets and keytab
> [...]
> idmap config * : backend = tdb
> idmap config * : range = 10000-199999
> idmap config TESTLAB : backend = sss
> idmap config TESTLAB : range = 200000-2147483647
>
>
> I do not know whether it works by accident, but eventually I am
> authenticating via SSSD and offering Shares via smb at the same time.
> I will probably have to migrate that soon nevertheless... :-/
>
> Thanks for your insight,
>
> Jeremy
Yes they might, but, as you say, you only get authentication, you do not
get shares. You cannot run sssd and winbind together without expecting
problems, they both contain their own versions of the winbind libs.
If you just want authentication, then run sssd without Samba, but if you
require shares, then run smbd with winbind without sssd.
Rowland
More information about the samba
mailing list