I am trying to run samba with sssd service and AD authentication.
I have joined the linux server to the AD domain using realmd and using sssd
to authenticate to the AD. I am able to get user list from AD using "getent
passwd <username>".
The samba servers starts but i am unable to get the authentication working.
I referred the samba dos for centos7 and also installed sssd-libwbclient.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/...
Any pointers would be appreciated. thanks :)
OS: Centos: 7.2.1511 (Core)
Samba version: 4.2.10
sssd version: 1.13.0
Below are the files
sssd.conf
------------------
[sssd]
services = nss, pam, pac
config_file_version = 2
domains =
xx.xxx.com
[nss]
allowed_shells = /bin/bash, /bin/hgcsh
shell_fallback = /bin/bash
default_shell = /bin/bash
[
domain/corp.endurance.com]
ad_domain =
xx.xxx.com
krb5_realm =
XX.XXX.COM
id_provider = ad
auth_provider = ad
chpass_provider = ad
access_provider = ad
krb5_store_password_if_offline = True
override_homedir = /home/%u
smb.conf
------------------
[global]
security = ads
workgroup = XXX
realm =
XXX.XXX.COM
kerberos method = system keytab
log file = /var/log/samba/log.%m
log level = 10
max log size = 50
load printers = no
cups options = raw
printcap name = /dev/null
[myshare]
comment = My shared folder
path = /var/myshare
public = no
writable = yes
guest ok = no
valid users = @"tt at xx.xx.com"
"realmd list" output
--------------------
xx.xxx.com
type: kerberos
realm-name:
XXX.XXX.COM
domain-name:
xx.xx.com
configured: kerberos-member
server-software: active-directory
client-software: winbind
required-package: oddjob-mkhomedir
required-package: oddjob
required-package: samba-winbind-clients
required-package: samba-winbind
required-package: samba-common
login-formats: XXX\%U
login-policy: allow-any-login
xx.xxx.com
type: kerberos
realm-name:
XXX.XXX.COM
domain-name:
xx.xx.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common
login-formats: %U
login-policy: allow-realm-logins