I have a samba and sssd trying AD, it's 7.2 Linux.
That linux box is via sssd and samba talking to AD DC and
win10 clients get to samba shares, getent pass sees AD
users, samba can get to DC's shares and win10's clients
shares, all good except...
smbclient @samba, in other words - to itself - fails
session setup failed: NT_STATUS_LOGON_FAILURE
and with smbclient -k
gss_init_sec_context failed with [Unspecified GSS failure.
Minor code may provide more information: Server
cifs/swir.private....@private.dom not found in Kerberos
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed:
Failed to setup SPNEGO negTokenInit request:
session setup failed: NT_STATUS_INTERNAL_ERROR
here is a snippet from smb.conf which I thought has
relevance, I set it up following samba sssd wiki.
security = ads
realm = CCNR.DOM
workgroup = CCNR
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.swir.ccnr.keytab
client signing = auto
client use spnego = yes
encrypt passwords = yes
password server = ccnr-winsrv1.ccnr.dom
netbios name = SWIR
template shell = /bin/bash
template homedir = /home/%D/%U
preferred master = no
dns proxy = no
wins server = ccnr-winsrv1.ccnr.dom
wins proxy = no
inherit acls = Yes
map acl inherit = Yes
acl group control = yes
and in samba log:
domain_client_validate: Domain password server not available.
I've tried samba user list, dead silence.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project