I’m working on setting up Samba to serve files from a server attached to our 
IPA domain. I followed the directions in 
Everything seems to work and I can access the files from another RHEL server 
attached to the same domain using a Kerberos ticket from a user from the 
trusted AD domain. However, I can’t access this share from a windows client 
that is also attached to the trusted AD domain.

My smb.conf is as follows:
        workgroup = IPA
        realm = IPA.DOMAIN
        kerberos method = dedicated keytab
        dedicated keytab file = FILE:/etc/samba/samba.keytab
        log file = /var/log/samba/log.%m
        log level = 3
        security = ads
        load printers = no
        disable spoolss = yes
        map to guest = Never
        restrict anonymous = 2

        path = /var/www
        writable = yes
        browsable = yes

I put the keytab in place from the cifs service from the IPA server.

I feel like I’m missing something small, but I can’t seem to find it. Logs from 
samba are here:

Andy Brook
Sr. Systems Administrator | Center for Research Informatics | University of 
T: 773-834-0458 |

This e-mail is intended only for the use of the individual or entity to which
it is addressed and may contain information that is privileged and confidential.
If the reader of this e-mail message is not the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this
communication is prohibited. If you have received this e-mail in error, please 
notify the sender and destroy all copies of the transmittal. 

Thank you
University of Chicago Medicine and Biological Sciences 

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to