You might want to take a look at "Integrating Red Hat Enterprise Linux 6 with Active Directory". It's the best document I've seen on this topic. I found that Samba/Kerberos/Winbind is the most complete solution for attaching a Samba fileserver in my AD environment. https://access.redhat.com/sites/default/files/attachments/rhel-ad-integratio...
I already figured it out earlier this afternoon and have a working setup. Will review the above.
[your setup instructions]
Here, I'm not modifying any of the hosts/resolv.conf/nsswitch.conf files. This is not an integration exercise, only a samba fileserver with AD auth.
If you are editing a smb.conf file of a previously existing Samba fileserver, do not change the range value in the "idmap config * : range =" parameter
winbindd(8) mentions "netlogon proxy only mode", so I commented out all the range settings (after first verifying that it worked with them).
- Start the smb and winbind services:
I find it will not work without nmb.
- Verify the bind to AD is valid:
a. net ads info b. net ads testjoin
Brilliant, I didn't know these commands.
- Create a Kerberos /etc/krb5.keytab file:
net ads keytab create -U username 8. Verify the contents of the Kerberos keytab file: klist -ke
This is a step I was missing. What is the purpose of the keytab? Can it help with the default ticket FILE:/tmp/krb5cc_0 expiration?
I'm also facing this problem, although everything seems to work fine. I've tested with smbclient and a Windows client.
# net ads testjoin gss_init_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: No credentials cache found] Join is OK #