I too am running into this problem. Looking forward to some feedback regarding this issue.
> On Sep 15, 2016, at 7:04 AM, Brook, Andy [CRI] <[email protected]> > wrote: > > All, > I’m working on setting up Samba to serve files from a server attached to our > IPA domain. I followed the directions in > https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA. > Everything seems to work and I can access the files from another RHEL server > attached to the same domain using a Kerberos ticket from a user from the > trusted AD domain. However, I can’t access this share from a windows client > that is also attached to the trusted AD domain. > > My smb.conf is as follows: > [global] > workgroup = IPA > realm = IPA.DOMAIN > kerberos method = dedicated keytab > dedicated keytab file = FILE:/etc/samba/samba.keytab > log file = /var/log/samba/log.%m > log level = 3 > security = ads > load printers = no > disable spoolss = yes > map to guest = Never > restrict anonymous = 2 > > [spacetest] > path = /var/www > writable = yes > browsable = yes > > I put the keytab in place from the cifs service from the IPA server. > > I feel like I’m missing something small, but I can’t seem to find it. Logs > from samba are here: http://pastebin.com/aMDXfR78 > > Andy Brook > Sr. Systems Administrator | Center for Research Informatics | University of > Chicago > T: 773-834-0458 | http://cri.uchicago.edu > > ******************************************************************************** > This e-mail is intended only for the use of the individual or entity to which > it is addressed and may contain information that is privileged and > confidential. > If the reader of this e-mail message is not the intended recipient, you are > hereby notified that any dissemination, distribution or copying of this > communication is prohibited. If you have received this e-mail in error, > please > notify the sender and destroy all copies of the transmittal. > > Thank you > University of Chicago Medicine and Biological Sciences > ******************************************************************************** > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
