[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-users
Subject: Re: [SSSD-users] Fwd: Attempting to Get sssd to Work With Samba 4.3 Active Directory
From: Scott Harvey` <sbharvey () verizon ! net>
Date: 2015-01-06 5:11:17
Message-ID: 54AB6E75.7010401 () verizon ! net
[Download RAW message or body]
On 1/5/2015 2:45 AM, Jakub Hrozek wrote:
> On Sun, Jan 04, 2015 at 04:33:29PM -0800, Scott Harvey` wrote:
> > Tried to post before but the body had too much data
> > deleted graphics from body.
> I think the sssd config file and logs would be nice to see. And since
> Samba is more-or-less an AD DC, maybe even enrolling the client would be
> possible with adcli:
> https://jhrozek.livejournal.com/3581.html
>
> But it looks like you've enrolled the client already.
> _______________________________________________
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
Thank you for getting back.
When you say "enroll a client" what do you mean? I have an spn
that I set up that is the machine name of my dc controller as instructed by
https://wiki.samba.org/index.php?title=Local_user_management_and_authentication/sssd&oldid=9652
# samba-tool domain exportkeytab /etc/krb5.sssd.keytab --principal=dc1$
# chown root:root /etc/krb5.sssd.keytab
# chmod 600 /etc/krb5.sssd.keytab
dc1 is netserver02 in my case.
Contents of the sssd config file:
--------------------------------------------------
[sssd]
services = nss, pam
config_file_version = 2
domains = netserver02.harvey.net
#domains = default
debug_level = 2
#
filter_users_in_groups = false
#
#ldap_user_principal = netserver02$.harvey.net@HARVEY.NET
#
#ldap_referrals = true
#
[nss]
#
allowed_shells = /bin/bash
shell_fallback = /bin/bash
#
[pam]
[domain/netserver02.harvey.net]
#[domain/default]
# Using id_provider=ad sets the best defaults on its own
id_provider = ad
# In sssd, the default access provider is always 'permit'. The AD access
# provider by default checks for account expiration
access_provider = ad
#
#dyndns_update=false
# Uncomment to use POSIX attributes on the server
ldap_id_mapping=false
#ad_enable_dns_sites = true
# Uncomment if the client machine hostname doesn't match the
# computer object on the DC.
#ad_hostname = dc1.samdom.example.com
ad_hostname = netserver02.harvey.net
#Uncomment if DNS SRV resolution is not working
#ad_server = netserver02.harvey.net
# Uncomment if the domain section is named differently than your Samba
domain
#ad_domain = harvey.net
# Enumeration is discouraged for performance reasons.
#enumerate = true
# location of the keytab
# Make sure this is generated before use..
krb5_keytab=/etc/krb5.sssd.keytab
------------------------------------------------------------------------------------------------------------------------ \
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic