[Pkg-samba-maint] Debian 9, Samba, AD and SSSD
math.parent at gmail.com
Fri Mar 24 08:59:42 UTC 2017
(cc-ing the sssd team)
2017-03-23 14:40 GMT+01:00 Martin Scott <martin.scott at anaeko.com>:
> I hope someone can help answer a few questions I have regarding Debian 9,
> Samba, AD and SSSD.
> My goal is to manage permissions (ACL's) on samba shares from windows. I
> have verified that my configuration works with Centos7, samba and sssd by
> using the sssd libwbclient.
Can you point to your steps on CentOS?
> However I am restricted to using Debian OS and need to get the same
> I am attempting to configure Samba on debian 9 to use libwbclient-sssd as
> ln -s /usr/lib/x86_64-linux-gnu/sssd/modules/libwbclient.so.0
> Q. Is this valid? Is it possible to configure samba with the sssd
> libwbclient on debian 9?
I don't know much about sssd, but you probably want to install
libwbclient-sssd instead of this symlink.
> When I do this I get logon failures even when forcing kerberos as
> authentication with smbclient -k, I am using the correct password.
> SPNEGO login failed: Logon failure
> session setup failed: NT_STATUS_LOGON_FAILURE
> and see these errors in samba logs
> Failed to generate session_info (user and group token) for session setup:
> NT error packet at ../source3/smbd/sesssetup.c(293) cmd=115 (SMBsesssetupX)
> Logon is successful when not using the sssd libwbclient, however ACL's
> cannot be written from windows to the samba backend.
> I need to validate that what I am trying to achieve is possible, it
> certainly is on centos 7. Should it currently work with the default packages
> or does it require additional dependencies? Does it require a build from
> source with different configuration options?
> Also if it is possible I would greatly appreciate some assistance. Knowing
> whether or not it is currently possible would be a good start.
More information about the Pkg-samba-maint