[Freeipa-users] a bit off topic- samba + sssd => AD
lejeczek
peljasz at yahoo.co.uk
Fri Jun 3 13:39:00 UTC 2016
hi users,
I have a samba and sssd trying AD, it's 7.2 Linux.
That linux box is via sssd and samba talking to AD DC and
win10 clients get to samba shares, getent pass sees AD
users, samba can get to DC's shares and win10's clients
shares, all good except...
smbclient @samba, in other words - to itself - fails
session setup failed: NT_STATUS_LOGON_FAILURE
and with smbclient -k
gss_init_sec_context failed with [Unspecified GSS failure.
Minor code may provide more information: Server
cifs/swir.private.dom at PRIVATE.DOM not found in Kerberos
database]
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_INTERNAL_ERROR
Failed to setup SPNEGO negTokenInit request:
NT_STATUS_INTERNAL_ERROR
session setup failed: NT_STATUS_INTERNAL_ERROR
here is a snippet from smb.conf which I thought has
relevance, I set it up following samba sssd wiki.
security = ads
realm = CCNR.DOM
workgroup = CCNR
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.swir.ccnr.keytab
client signing = auto
client use spnego = yes
encrypt passwords = yes
password server = ccnr-winsrv1.ccnr.dom
netbios name = SWIR
template shell = /bin/bash
template homedir = /home/%D/%U
preferred master = no
dns proxy = no
wins server = ccnr-winsrv1.ccnr.dom
wins proxy = no
inherit acls = Yes
map acl inherit = Yes
acl group control = yes
and in samba log:
domain_client_validate: Domain password server not available.
I've tried samba user list, dead silence.
many thanks,
L.
More information about the Freeipa-users
mailing list