samba - Jun 2016 - AD authentication on samba server using sssd

I am trying to run samba with sssd service and AD authentication.
I have joined the linux server to the AD domain using realmd and using sssd
to authenticate to the AD. I am able to get user list from AD using "getent
passwd <username>".
The samba servers starts but i am unable to get the authentication working.

I referred the samba dos for centos7 and also installed  sssd-libwbclient.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/sssd-ad-integration.html

Any pointers would be appreciated. thanks :)


OS: Centos:  7.2.1511 (Core)
Samba version: 4.2.10
sssd version: 1.13.0


Below are the files
sssd.conf
------------------
[sssd]
services = nss, pam, pac
config_file_version = 2
domains = xx.xxx.com

[nss]
allowed_shells = /bin/bash, /bin/hgcsh
shell_fallback = /bin/bash
default_shell = /bin/bash

[domain/corp.endurance.com]
ad_domain = xx.xxx.com
krb5_realm = XX.XXX.COM
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
krb5_store_password_if_offline = True
override_homedir = /home/%u




smb.conf
------------------

[global]
security = ads
workgroup = XXX
realm = XXX.XXX.COM
kerberos method = system keytab

log file = /var/log/samba/log.%m
log level = 10
max log size = 50
load printers = no
cups options = raw
printcap name = /dev/null

[myshare]
comment = My shared folder
path = /var/myshare
public = no
writable = yes
guest ok = no
valid users = @"tt at xx.xx.com"


"realmd list" output
--------------------
xx.xxx.com
  type: kerberos
  realm-name: XXX.XXX.COM
  domain-name: xx.xx.com
  configured: kerberos-member
  server-software: active-directory
  client-software: winbind
  required-package: oddjob-mkhomedir
  required-package: oddjob
  required-package: samba-winbind-clients
  required-package: samba-winbind
  required-package: samba-common
  login-formats: XXX\%U
  login-policy: allow-any-login
xx.xxx.com
  type: kerberos
  realm-name: XXX.XXX.COM
  domain-name: xx.xx.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: oddjob
  required-package: oddjob-mkhomedir
  required-package: sssd
  required-package: adcli
  required-package: samba-common
  login-formats: %U
  login-policy: allow-realm-logins

On 15/06/16 18:24, shridhar shetty wrote:
> I am trying to run samba with sssd service and AD authentication.
> I have joined the linux server to the AD domain using realmd and using sssd
> to authenticate to the AD. I am able to get user list from AD using
"getent
> passwd <username>".
> The samba servers starts but i am unable to get the authentication working.
>
> I referred the samba dos for centos7 and also installed  sssd-libwbclient.
>
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/sssd-ad-integration.html
>
> Any pointers would be appreciated. thanks :)
Yes, try asking on the sssd mailing list, they should be able to give 
you better help than here, sssd has nothing to do with Samba.
If you want to use winbind instead, then this is the place to ask.

Rowland

Well thanks.
Will post  it on the sssd list.

On Wed, Jun 15, 2016 at 11:36 PM, Rowland penny <rpenny at samba.org>
wrote:
> On 15/06/16 18:24, shridhar shetty wrote:
>
>> I am trying to run samba with sssd service and AD authentication.
>> I have joined the linux server to the AD domain using realmd and using
>> sssd
>> to authenticate to the AD. I am able to get user list from AD using
>> "getent
>> passwd <username>".
>> The samba servers starts but i am unable to get the authentication
>> working.
>>
>> I referred the samba dos for centos7 and also installed 
sssd-libwbclient.
>>
>>
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/sssd-ad-integration.html
>>
>> Any pointers would be appreciated. thanks :)
>>
>
> Yes, try asking on the sssd mailing list, they should be able to give you
> better help than here, sssd has nothing to do with Samba.
> If you want to use winbind instead, then this is the place to ask.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>