hi users,

I have a samba and sssd trying AD, it's 7.2 Linux.

That linux box is via sssd and samba talking to AD DC and win10 clients get to samba shares, getent pass sees AD users, samba can get to DC's shares and win10's clients shares, all good except...

smbclient @samba, in other words - to itself - fails

session setup failed: NT_STATUS_LOGON_FAILURE

and with smbclient -k

gss_init_sec_context failed with [Unspecified GSS failure. Minor code may provide more information: Server cifs/swir.private....@private.dom not found in Kerberos database]

SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR
session setup failed: NT_STATUS_INTERNAL_ERROR

here is a snippet from smb.conf which I thought has relevance, I set it up following samba sssd wiki.

   security = ads
  realm = CCNR.DOM
  workgroup = CCNR

  kerberos method = secrets and keytab
  dedicated keytab file = /etc/krb5.swir.ccnr.keytab
  client signing = auto
  client use spnego = yes
  encrypt passwords = yes
  password server = ccnr-winsrv1.ccnr.dom
  netbios name = SWIR

  template shell = /bin/bash
  template homedir = /home/%D/%U

  preferred master = no
  dns proxy = no
  wins server = ccnr-winsrv1.ccnr.dom
  wins proxy = no

  inherit acls = Yes
  map acl inherit = Yes
  acl group control = yes

and in samba log:

  domain_client_validate: Domain password server not available.

I've tried samba user list, dead silence.

many thanks,


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to