[Pkg-samba-maint] Debian 9, Samba, AD and SSSD

Martin Scott martin.scott at anaeko.com
Fri Mar 24 09:53:32 UTC 2017 

HI,

Thanks for your reply.

It is very straightforward on centos, I install samba, sssd and
sssd-libwbclient. Deploy my config files and start all the services and it
just works.

On Debian I have installed sssd libwbclient but I am unaware of any method
other than making the symlink to get samba to use the sssd libwbclient.

Martin

On 24 March 2017 at 08:59, Mathieu Parent <math.parent at gmail.com> wrote:

> (cc-ing the sssd team)
>
> 2017-03-23 14:40 GMT+01:00 Martin Scott <martin.scott at anaeko.com>:
> > Hi,
>
> Hello,
>
> > I hope someone can help answer a few questions I have regarding Debian 9,
> > Samba, AD and SSSD.
> >
> > My goal is to manage permissions (ACL's) on samba shares from windows. I
> > have verified that my configuration works with Centos7, samba and sssd by
> > using the sssd libwbclient.
>
> Can you point to your steps on CentOS?
>
> > However I am restricted to using Debian OS and need to get the same
> > functionality.
> >
> > I am attempting to configure Samba on debian 9 to use libwbclient-sssd as
> > follows
> >
> > ln -s /usr/lib/x86_64-linux-gnu/sssd/modules/libwbclient.so.0
> > /usr/lib/x86_64-linux-gnu/libwbclient.so.0
> >
> > Q. Is this valid? Is it possible to configure samba with the sssd
> > libwbclient on debian 9?
>
> I don't know much about sssd, but you probably want to install
> libwbclient-sssd instead of this symlink.
>
> > When I do this I get logon failures  even when forcing kerberos as
> > authentication with smbclient -k, I am using the correct password.
> >
> > SPNEGO login failed: Logon failure
> >
> > session setup failed: NT_STATUS_LOGON_FAILURE
> >
> > and see these errors in samba logs
> >
> >   Failed to generate session_info (user and group token) for session
> setup:
> > NT_STATUS_LOGON_FAILURE
> >
> >  NT error packet at ../source3/smbd/sesssetup.c(293) cmd=115
> (SMBsesssetupX)
> > NT_STATUS_LOGON_FAILURE
> >
> > Logon is successful when not using the sssd libwbclient, however ACL's
> > cannot be written from windows to the samba backend.
> >
> >
> > I need to validate that what I am trying to achieve is possible, it
> > certainly is on centos 7. Should it currently work with the default
> packages
> > or does it require additional dependencies? Does it require a build from
> > source with different configuration options?
> >
> > Also if it is possible I would greatly appreciate some assistance.
> Knowing
> > whether or not it is currently possible would be a good start.
> >
> >
> > Martin.
>
> Regards
>
> --
> Mathieu Parent
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20170324/0df3daef/attachment-0001.html>

More information about the Pkg-samba-maint mailing list