[CentOS] CentOS 6.8 and samba

Fri Sep 9 16:22:24 UTC 2016
isdtor <isdtor at gmail.com>

> You might want to take a look at "Integrating Red Hat Enterprise Linux 6 with Active Directory". It's the best document I've seen on this topic. I found that Samba/Kerberos/Winbind is the most complete solution for attaching a Samba fileserver in my AD environment. https://access.redhat.com/sites/default/files/attachments/rhel-ad-integration-deployment-guidelines-v1.5.pdf
I already figured it out earlier this afternoon and have a working setup. Will review the above.

Here, I'm not modifying any of the hosts/resolv.conf/nsswitch.conf files. This is not an integration exercise, only a samba fileserver with AD auth.

> If you are editing a smb.conf file of a previously existing Samba fileserver, do not change the range value in the "idmap config * : range =" parameter

winbindd(8) mentions "netlogon proxy only mode", so I commented out all the range settings (after first verifying that it worked with them).

> 3. Start the smb and winbind services:

I find it will not work without nmb.

> 6. Verify the bind to AD is valid:
> a. net ads info
> b. net ads testjoin

Brilliant, I didn't know these commands.

> 7. Create a Kerberos /etc/krb5.keytab file:
> net ads keytab create -U username
> 8. Verify the contents of the Kerberos keytab file:
> klist -ke

This is a step I was missing. What is the purpose of the keytab? Can it help with the default ticket FILE:/tmp/krb5cc_0 expiration?

I'm also facing this problem, although everything seems to work fine. I've tested with smbclient and a Windows client.

# net ads testjoin
gss_init_sec_context failed with [Unspecified GSS failure.  Minor code may provide more information: No credentials cache found]
Join is OK