[Pkg-samba-maint] Debian 9, Samba, AD and SSSD

Martin Scott martin.scott at anaeko.com
Thu Mar 23 13:40:41 UTC 2017


I hope someone can help answer a few questions I have regarding Debian 9,
Samba, AD and SSSD.

My goal is to manage permissions (ACL's) on samba shares from windows. I
have verified that my configuration works with Centos7, samba and sssd by
using the sssd libwbclient.

However I am restricted to using Debian OS and need to get the same

I am attempting to configure Samba on debian 9 to use libwbclient-sssd as

ln -s /usr/lib/x86_64-linux-gnu/sssd/modules/libwbclient.so.0

*Q. Is this valid? Is it possible to configure samba with the sssd
libwbclient on debian 9?*

When I do this I get logon failures  even when forcing kerberos as
authentication with smbclient -k, I am using the correct password.

SPNEGO login failed: Logon failure

session setup failed: NT_STATUS_LOGON_FAILURE

and see these errors in samba logs

  Failed to generate session_info (user and group token) for session setup:

 NT error packet at ../source3/smbd/sesssetup.c(293) cmd=115

Logon is successful when not using the sssd libwbclient, however ACL's
cannot be written from windows to the samba backend.

I need to validate that what I am trying to achieve is possible, it
certainly is on centos 7. Should it currently work with the default
packages or does it require additional dependencies? Does it require a
build from source with different configuration options?

Also if it is possible I would greatly appreciate some assistance. Knowing
whether or not it is currently possible would be a good start.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20170323/5b600671/attachment-0001.html>

More information about the Pkg-samba-maint mailing list