On Mon, 2017-02-13 at 09:32 +0100, Sumit Bose wrote:
On Sat, Feb 11, 2017 at 08:29:18PM +0000, Joakim Tjernlund wrote:
> On Sat, 2017-02-11 at 21:25 +0100, Joakim Tjernlund wrote:
> > On Sat, 2017-02-11 at 20:32 +0100, Lukas Slebodnik wrote:
> > > On (11/02/17 19:10), Joakim Tjernlund wrote:
> > > > I can not get libwbclient in sssd 1.15 work at all for samba.
> > > > samba log is not helpful either:
> > > > [2017/02/11 20:08:47.742465, 1, pid=21157, effective(0, 0), real(0,
0)] ../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego)
> > > > Failed to generate session_info (user and group token) for session
setup: NT_STATUS_LOGON_FAILURE
> > > >
> > > > Is libwbclient working in 1.15?
> > > >
> > >
> > > Which distribution do you use?
> >
> > Gentoo
>
> Can you say something about required config for sssd/samba for using
> sssd's libwbclient?
For the Samba side all is done if the Samba binaries can find and load
the library.
The most important option on the SSSD side is 'use_fully_qualified_names
= True' currently SSSD's version of libwbclient will not work with short
names.
We tried that briefly but didn't get past the login failure.
In general it has to be noted that SSSD's version of libwbclient has
some general restrictions, e.g. it only works with Kerberos
authentication not with NTLM. Since you got a NT_STATUS_LOGON_FAILURE
the client might have tried NTLM instead of Kerberos. The Samba logs
should tell you which authentication method was tried, maybe you have to
increase the 'log level' in smb.conf.
we ran smbclient -k -L <samba host> but only got the NT_STATUS_LOGON_FAILURE
I think we may have understood that sssd wbclient only works for the client?
The sever running samba fileserver cannot use sssd libwbclient, is that true?
That would explain why we could not make this work.
Jocke