Jeremy Monnet
2021-May-06 12:14 UTC
[Samba] Keytab MEMORY:cifs_srv_keytab is nonexistent or empty
Le jeu. 6 mai 2021 ? 12:43, Rowland penny via samba <samba at lists.samba.org> a ?crit :> On 06/05/2021 11:26, Jeremy Monnet via samba wrote: > > Hello, > > > > We have just upgraded a RHEL 7 to RHEL 8 virtual machine with samba > > providing CIFS shares. We already had a hard time setting up sssd to > > authenticate against the AD 2012R2 (we followed > > https://access.redhat.com/solutions/5728591 ) > > > That link is behind a 'paywall' (or similar), but you mention 'samba', > shares' and 'sssd' in the same sentence, are you aware that you can no > longer use sssd with Samba and shares ? >No, I didn't see that part ?! I hope I can still authenticate user against an AD using sssd, and have samba autonomous to provide Shares ? I couldn't find any article or information on that subject ? security = user is set automatically by realm when joining the domain. Which made me think it was set to work :-) Thanks, Jeremy
Rowland penny
2021-May-06 12:32 UTC
[Samba] Keytab MEMORY:cifs_srv_keytab is nonexistent or empty
On 06/05/2021 13:14, Jeremy Monnet wrote:> > ?No, I didn't see that part ?! I hope I can still authenticate user > against an AD using sssd, and have samba autonomous to provide Shares? > ? I couldn't find any article or information on that subject ?Up until Samba 4.8.0 , the smbd daemon (which you need for shares) could 'talk' directly to AD, so you could use sssd with Samba and have shares. When Samba 4.8.0 was released, things changed, smbd can no longer 'talk' to AD and on a Unix domain member, you need to use 'security = ADS' and run winbind and sssd and winbind are incompatible. If you want to use Samba with shares, you need to remove sssd.> > security = user is set automatically by realm when joining the domain. > Which made me think it was set to work :-) >If that is the case, then it is probably a bug in realmd, use 'net ads join' to join the domain. Rowland