On Wed, 25 Oct 2017 10:23:19 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > I commented below. > > P.s. @Rowland, i dont believe this is a sssd problem but a old bug in > samba. >Hi Louis, I never said this was a sssd problem, I just cannot see how you can fix a potential Samba problem when the OP isn't using much of Samba. He is using 'samba-common samba-common-bin samba-libs'. These, by themselves, don't do much, but when coupled with something else, they help the 'something else' to work. In this instance the 'something else' is 'sssd' and 'sssd-tools' and these are not Samba packages, so, in my opinion, the OP will get better help from the sssd-users mailing list. If it turns out to be a Samba problem, then we can try to help the OP to fix it, but a sssd problem has to be ruled out first, mainly because sssd is the main component in use here. I also cannot really understand why the OP is using sssd, when it is just as easy to use Samba instead (by the way, do you think the OP is aware that he is using the sssd version of winbind ?) Rowland
Hello, I'm using sssd because works fine, is the first time I join a domain with a Linux box and I need an easy and fast guide to make it work. SSSD allow me to cache the use credentials and autofs mounts, so if domain fails the computer will work without problem. Finally is a problem of spn. I've opened the ADSI editor and I've added the CIFS name to the list of SPN in shares server and now works fine. Both ways works fine (autofs and smbclient). Thanks to your comment about SPN (I didn't know what is), I've known where to search and a simple way to solve it. Can I suggest to add this spn when a Linux member joins the domain?, because maybe give problems on other builds that use kerberos to mount shares. Greetings!! El 25 oct. 2017 12:01, "Rowland Penny via samba" <samba at lists.samba.org> escribió: On Wed, 25 Oct 2017 10:23:19 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > I commented below. > > P.s. @Rowland, i dont believe this is a sssd problem but a old bug in > samba. >Hi Louis, I never said this was a sssd problem, I just cannot see how you can fix a potential Samba problem when the OP isn't using much of Samba. He is using 'samba-common samba-common-bin samba-libs'. These, by themselves, don't do much, but when coupled with something else, they help the 'something else' to work. In this instance the 'something else' is 'sssd' and 'sssd-tools' and these are not Samba packages, so, in my opinion, the OP will get better help from the sssd-users mailing list. If it turns out to be a Samba problem, then we can try to help the OP to fix it, but a sssd problem has to be ruled out first, mainly because sssd is the main component in use here. I also cannot really understand why the OP is using sssd, when it is just as easy to use Samba instead (by the way, do you think the OP is aware that he is using the sssd version of winbind ?) Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On Thu, 26 Oct 2017 16:08:57 +0200 Daniel Carrasco <d.carrasco at i2tic.com> wrote:> Hello, > > I'm using sssd because works fine, is the first time I join a domain > with a Linux box and I need an easy and fast guide to make it work. > SSSD allow me to cache the use credentials and autofs mounts, so if > domain fails the computer will work without problem. > > Finally is a problem of spn. I've opened the ADSI editor and I've > added the CIFS name to the list of SPN in shares server and now works > fine. Both ways works fine (autofs and smbclient). > > Thanks to your comment about SPN (I didn't know what is), I've known > where to search and a simple way to solve it. > > Can I suggest to add this spn when a Linux member joins the domain?, > because maybe give problems on other builds that use kerberos to mount > shares.It is possible cache the users credentials with winbind, not sure about autofs. Whilst the SPN is required for your setup, not everybody uses sssd and autofs, both of which have nothing to do with Samba. If you have these lines in a Samba Unix domain member smb.conf: dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = Yes and use 'net ads join -U Administrator' to join the domain, you will get a keytab created for you, but it will not contain an SPN for cifs, you will have to added it. It is Autofs that requires the SPN, so this program should document the need for the SPN, not Samba, but I am sure you have found out that the Autofs documentation is abysmal. Rowland