samba - Jun 2016 - AD authentication on samba server using sssd

Well thanks.
Will post  it on the sssd list.

On Wed, Jun 15, 2016 at 11:36 PM, Rowland penny <rpenny at samba.org>
wrote:
> On 15/06/16 18:24, shridhar shetty wrote:
>
>> I am trying to run samba with sssd service and AD authentication.
>> I have joined the linux server to the AD domain using realmd and using
>> sssd
>> to authenticate to the AD. I am able to get user list from AD using
>> "getent
>> passwd <username>".
>> The samba servers starts but i am unable to get the authentication
>> working.
>>
>> I referred the samba dos for centos7 and also installed 
sssd-libwbclient.
>>
>>
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/sssd-ad-integration.html
>>
>> Any pointers would be appreciated. thanks :)
>>
>
> Yes, try asking on the sssd mailing list, they should be able to give you
> better help than here, sssd has nothing to do with Samba.
> If you want to use winbind instead, then this is the place to ask.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

I got samba to work with sssd finally. :)
Wanted to share so that it could help someone with debugging.

I was trying to access the fileserver using IP address which was failing.
It worked when using hostname to connect to the fileserver.

Short explanation
* When accessing samba fileserver using hostname, kerberos authentication
kicks in, which works fine as expected.
* But when accessing samba fileserver using ip address, kerberos
authentication fails and falls back to NTLM. (NTLM is not supported in SSSD
yet)

Thanks


On Thu, Jun 16, 2016 at 10:30 AM, shridhar shetty <
shridhar.sanjeeva at gmail.com> wrote:
> Well thanks.
> Will post  it on the sssd list.
>
> On Wed, Jun 15, 2016 at 11:36 PM, Rowland penny <rpenny at samba.org>
wrote:
>
>> On 15/06/16 18:24, shridhar shetty wrote:
>>
>>> I am trying to run samba with sssd service and AD authentication.
>>> I have joined the linux server to the AD domain using realmd and
using
>>> sssd
>>> to authenticate to the AD. I am able to get user list from AD using
>>> "getent
>>> passwd <username>".
>>> The samba servers starts but i am unable to get the authentication
>>> working.
>>>
>>> I referred the samba dos for centos7 and also installed
>>> sssd-libwbclient.
>>>
>>>
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/sssd-ad-integration.html
>>>
>>> Any pointers would be appreciated. thanks :)
>>>
>>
>> Yes, try asking on the sssd mailing list, they should be able to give
you
>> better help than here, sssd has nothing to do with Samba.
>> If you want to use winbind instead, then this is the place to ask.
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>

Have you checked to see if the server has a reverse zone entry in the AD
DNS?  I think kerberos relies on it and I'm not sure Samba creates one
automatically.  My experience has been that I have to create the reverse
zones manually.

Mike E.

On Thu, Jun 16, 2016, 12:43 PM shridhar shetty <shridhar.sanjeeva at
gmail.com>
wrote:
> I got samba to work with sssd finally. :)
> Wanted to share so that it could help someone with debugging.
>
> I was trying to access the fileserver using IP address which was failing.
> It worked when using hostname to connect to the fileserver.
>
> Short explanation
> * When accessing samba fileserver using hostname, kerberos authentication
> kicks in, which works fine as expected.
> * But when accessing samba fileserver using ip address, kerberos
> authentication fails and falls back to NTLM. (NTLM is not supported in SSSD
> yet)
>
> Thanks
>
>
> On Thu, Jun 16, 2016 at 10:30 AM, shridhar shetty <
> shridhar.sanjeeva at gmail.com> wrote:
>
> > Well thanks.
> > Will post  it on the sssd list.
> >
> > On Wed, Jun 15, 2016 at 11:36 PM, Rowland penny <rpenny at
samba.org>
> wrote:
> >
> >> On 15/06/16 18:24, shridhar shetty wrote:
> >>
> >>> I am trying to run samba with sssd service and AD
authentication.
> >>> I have joined the linux server to the AD domain using realmd
and using
> >>> sssd
> >>> to authenticate to the AD. I am able to get user list from AD
using
> >>> "getent
> >>> passwd <username>".
> >>> The samba servers starts but i am unable to get the
authentication
> >>> working.
> >>>
> >>> I referred the samba dos for centos7 and also installed
> >>> sssd-libwbclient.
> >>>
> >>>
>
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/sssd-ad-integration.html
> >>>
> >>> Any pointers would be appreciated. thanks :)
> >>>
> >>
> >> Yes, try asking on the sssd mailing list, they should be able to
give
> you
> >> better help than here, sssd has nothing to do with Samba.
> >> If you want to use winbind instead, then this is the place to ask.
> >>
> >> Rowland
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>