Samba on AD integrated server

Issues related to configuring your network
Post Reply
andreiv3103
Posts: 12
Joined: 2009/10/26 10:21:14

Samba on AD integrated server

Post by andreiv3103 » 2014/09/24 10:33:53

I followed this tutorial http://jhrozek.livejournal.com/3581.html to join my CentOS 6.5 server to a Windows 2008 R2 AD domain.

It worked perfectly, I can do su domain_user or log in through ssh with domain account.
But samba seems to be unable to authenticate users through sssd.

I installed samba and created a minimal smb.conf like this:

[global]
workgroup = localdomain
server string = Samba Server Version %v
security = domain
encrypt passwords = yes
passdb backend = tdbsam
realm = localdomain.com

# Not interested in printers
load printers = no
cups options = raw
printcap name = /dev/null

# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 50

# ############ THE SHARES ############ #

[homes]
comment = Home Directories
browseable = no
writable = yes

This samba config works perfectly with centos 7 and realmd, but it seems not to work with centos 6.5 and the method mentioned above.

Could it be the samba version?
On Centos 6.5 is Version 3.6.9-169.el6_5
On Centos 7 is Version 4.1.1

The error is:
connect_to_domain_password_server: unable to open the domain client session to machine DC.LOCALDOMAIN.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.

Thanks.

andreiv3103
Posts: 12
Joined: 2009/10/26 10:21:14

Re: Samba on AD integrated server

Post by andreiv3103 » 2014/09/24 11:44:14

I just solved my problem.
Added the following line to smb.conf:
kerberos method = secrets and keytab

And now it works! I don't really know why, but this makes it work.

swellbot
Posts: 1
Joined: 2017/11/20 19:29:16

Re: Samba on AD integrated server

Post by swellbot » 2017/11/21 19:22:25

This post helped me a lot.
Seemed to be the only post that had this exact recommendation and it worked for me when many other things did not.

My background:
Running RHEL 7.1 Did upgrade to newest packages available as of recent date, gave server a restart to leverage newest kernel and such.
Samba then refused to show list of shares. Checked out logs, multiple error messages
"client not found in Kerberos database"
"pre-authentication failed"
among others.
I did things like making sure my case/CASE was consistent in the smbd/sssd. unregistered and registered with the domain. Few others.
Made sure kerberos and ad auth worked otherwise from my server.
Only thing that resolved my issue was adding the line recommended in this post to my smbd.conf and restarting the service.

Post Reply