> You might want to take a look at "Integrating Red Hat Enterprise Linux
6 with Active Directory". It's the best document I've seen on this
topic. I found that Samba/Kerberos/Winbind is the most complete solution for
attaching a Samba fileserver in my AD environment.
https://access.redhat.com/sites/default/files/attachments/rhel-ad-integration-deployment-guidelines-v1.5.pdf
I already figured it out earlier this afternoon and have a working setup. Will
review the above.
[your setup instructions]
Here, I'm not modifying any of the hosts/resolv.conf/nsswitch.conf files.
This is not an integration exercise, only a samba fileserver with AD auth.
> If you are editing a smb.conf file of a previously existing Samba
fileserver, do not change the range value in the "idmap config * : range
=" parameter
winbindd(8) mentions "netlogon proxy only mode", so I commented out
all the range settings (after first verifying that it worked with them).
> 3. Start the smb and winbind services:
I find it will not work without nmb.
> 6. Verify the bind to AD is valid:
> a. net ads info
> b. net ads testjoin
Brilliant, I didn't know these commands.
> 7. Create a Kerberos /etc/krb5.keytab file:
> net ads keytab create -U username
> 8. Verify the contents of the Kerberos keytab file:
> klist -ke
This is a step I was missing. What is the purpose of the keytab? Can it help
with the default ticket FILE:/tmp/krb5cc_0 expiration?
I'm also facing this problem, although everything seems to work fine.
I've tested with smbclient and a Windows client.
# net ads testjoin
gss_init_sec_context failed with [Unspecified GSS failure. Minor code may
provide more information: No credentials cache found]
Join is OK
#