[CentOS] CentOS 6.8 and samba
isdtor
isdtor at gmail.com
Fri Sep 9 16:22:24 UTC 2016
> You might want to take a look at "Integrating Red Hat Enterprise Linux 6 with Active Directory". It's the best document I've seen on this topic. I found that Samba/Kerberos/Winbind is the most complete solution for attaching a Samba fileserver in my AD environment. https://access.redhat.com/sites/default/files/attachments/rhel-ad-integration-deployment-guidelines-v1.5.pdf
I already figured it out earlier this afternoon and have a working setup. Will review the above.
[your setup instructions]
Here, I'm not modifying any of the hosts/resolv.conf/nsswitch.conf files. This is not an integration exercise, only a samba fileserver with AD auth.
> If you are editing a smb.conf file of a previously existing Samba fileserver, do not change the range value in the "idmap config * : range =" parameter
winbindd(8) mentions "netlogon proxy only mode", so I commented out all the range settings (after first verifying that it worked with them).
> 3. Start the smb and winbind services:
I find it will not work without nmb.
> 6. Verify the bind to AD is valid:
> a. net ads info
> b. net ads testjoin
Brilliant, I didn't know these commands.
> 7. Create a Kerberos /etc/krb5.keytab file:
> net ads keytab create -U username
> 8. Verify the contents of the Kerberos keytab file:
> klist -ke
This is a step I was missing. What is the purpose of the keytab? Can it help with the default ticket FILE:/tmp/krb5cc_0 expiration?
I'm also facing this problem, although everything seems to work fine. I've tested with smbclient and a Windows client.
# net ads testjoin
gss_init_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: No credentials cache found]
Join is OK
#
More information about the CentOS
mailing list