On 17/06/2019 12:56, Edouard Guign? via samba wrote:> Hello, > > May you answer me about my issue with kerberos ? > > About libpam-krb5 installed, I have on my system : > yum list krb5-workstation pam_krb5 > krb5-workstation.x86_64 1.15.1-37.el7_6 @updates > pam_krb5.x86_64 2.4.8-6.el7 @base > > Is pam_krb5 equivalent to libpam-krb5 on centos 7 ?Sorry for the late reply, yes pam_krb5 is the Centos equivalent of libpam_krb5 I think we need to see your entire smb.conf and the passwd & group lines from /etc/nsswitch.conf Rowland
Hello, Please find here the content of my smb.cnf : [global] ??????? security = ads ??????? realm = MYDOMAIN.LOCAL ??????? workgroup = MYDOMAIN ??????? kerberos method = secrets and keytab ??????? server signing = mandatory ??????? client signing = mandatory ??????? hosts allow = 127. 10.X.X. ??????? hosts deny = 10.X.X. ??????? log level = 1 auth_audit:3 ??????? local master = no ??????? domain master = no ??????? preferred master = no ??????? use sendfile = true ??????? load printers = no ??????? cups options = raw ??????? printcap name = /dev/null ? ? ?? disable spoolss = yes ??????? vfs objects = acl_xattr ??????? map acl inherit = yes ??????? store dos attributes = yes ??? idmap config * : backend = tdb ??? idmap config * : range = 15000-99999 ??? ??? winbind nss info = rfc2307 ??? ??? idmap config MYDOMAIN : backend = ad ??? ??? idmap config MYDOMAIN : schema_mode = rfc2307 ??? ??? idmap config MYDOMAIN : range = 10000-14999 ??? ??? idmap config MYDOMAIN : unix_nss_info = yes ??? ??? idmap config MYDOMAIN : unix_primary_group = yes ??? client min protocol = SMB2 ??? username map = /etc/samba/user.map [groups] ? comment = mycomment ? path = /var/datashared ? public = no ? writable = yes ? valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL" ? vfs objects = acl_xattr streams_xattr [homes] ??????? comment = Home Directories ??????? read only = No ??????? create mask = 0700 ??????? directory mask = 0700 ??????? valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL" ??????? path = /home ??????? hide files = /~*.tmp/profile/desktop.ini/~$*/ ??????? browseable = no ??????? public = no ??????? guest ok = no [printers] ??????? comment = All Printers ??????? path = /var/tmp ??????? printable = Yes ??????? create mask = 0600 ??????? browseable = No [print$] ??????? comment = Printer Drivers ??????? path = /var/lib/samba/drivers ??????? write list = root ??????? create mask = 0664 ??????? directory mask = 0775 And the content of my /etc/nsswitch.conf : bootparams: nisplus [NOTFOUND=return] files ethers:???? files netmasks:?? files networks:?? files protocols:? files rpc:??????? files services:?? files sss netgroup:?? files sss publickey:? nisplus automount:? files aliases:??? files nisplus Best Regards Le 17/06/2019 ? 09:13, Rowland penny via samba a ?crit?:> On 17/06/2019 12:56, Edouard Guign? via samba wrote: >> Hello, >> >> May you answer me about my issue with kerberos ? >> >> About libpam-krb5 installed, I have on my system : >> yum list krb5-workstation pam_krb5 >> krb5-workstation.x86_64 1.15.1-37.el7_6 @updates >> pam_krb5.x86_64 2.4.8-6.el7 @base >> >> Is pam_krb5 equivalent to libpam-krb5 on centos 7 ? > > Sorry for the late reply, yes pam_krb5 is the Centos equivalent of > libpam_krb5 > > I think we need to see your entire smb.conf and the passwd & group > lines from /etc/nsswitch.conf > > Rowland > > >
On 17/06/2019 13:42, Edouard Guign? via samba wrote:> Hello, > > Please find here the content of my smb.cnf : > > [global] > ??????? security = ads > ??????? realm = MYDOMAIN.LOCAL > ??????? workgroup = MYDOMAIN > ??????? kerberos method = secrets and keytab > ??????? server signing = mandatory > ??????? client signing = mandatory > > ??????? hosts allow = 127. 10.X.X. > ??????? hosts deny = 10.X.X. > > ??????? log level = 1 auth_audit:3 > ??????? local master = no > ??????? domain master = no > ??????? preferred master = no > > ??????? use sendfile = true > > ??????? load printers = no > ??????? cups options = raw > ??????? printcap name = /dev/null > > ? ? ?? disable spoolss = yes > > ??????? vfs objects = acl_xattr > ??????? map acl inherit = yes > ??????? store dos attributes = yes > > ??? idmap config * : backend = tdb > > ??? idmap config * : range = 15000-99999 > > ??? ??? winbind nss info = rfc2307 > ??? ??? idmap config MYDOMAIN : backend = ad > ??? ??? idmap config MYDOMAIN : schema_mode = rfc2307 > > ??? ??? idmap config MYDOMAIN : range = 10000-14999 > > ??? ??? idmap config MYDOMAIN : unix_nss_info = yes > > ??? ??? idmap config MYDOMAIN : unix_primary_group = yes > > ??? client min protocol = SMB2 > > ??? username map = /etc/samba/user.map > > [groups] > ? comment = mycomment > ? path = /var/datashared > ? public = no > ? writable = yes > > ? valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL" > > ? vfs objects = acl_xattr streams_xattr > > [homes] > ??????? comment = Home Directories > ??????? read only = No > ??????? create mask = 0700 > ??????? directory mask = 0700 > ??????? valid users = @"utilisateurs du domaine at MYDOMAIN.LOCAL" > ??????? path = /home > ??????? hide files = /~*.tmp/profile/desktop.ini/~$*/ > ??????? browseable = no > ??????? public = no > ??????? guest ok = no > > [printers] > ??????? comment = All Printers > ??????? path = /var/tmp > ??????? printable = Yes > ??????? create mask = 0600 > ??????? browseable = No > > [print$] > ??????? comment = Printer Drivers > ??????? path = /var/lib/samba/drivers > ??????? write list = root > ??????? create mask = 0664 > ??????? directory mask = 0775 >Provided you have added uidNumbers to your users and (at least) a gidNumber to Domain Users, that smb.conf has nothing major wrong.> And the content of my /etc/nsswitch.conf : > > bootparams: nisplus [NOTFOUND=return] files > > ethers:???? files > netmasks:?? files > networks:?? files > protocols:? files > rpc:??????? files > services:?? files sss > > netgroup:?? files sss > > publickey:? nisplus > > automount:? files > aliases:??? files nisplusYour nsswitch.conf is a different matter, you either do not have the passwd, group and shadow lines or you have chosen not to show them. Rowland