Hello, replied inline below El mié, 28-12-2016 a las 18:15 -0500, William Muriithi escribió: > Hello > > I am trying to setup a samba share - actually replace winbind on a > current samba server and I am basing my change on these instructions. > > http://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_Wit > h_IPA > > The IPA servers is version ipa-server-4.4.0-14.el7 and I have trust > established between AD and IPA. Samba server is on RHEL 6.8 > > Ideally, I would prefer to leave samba on RHEL 6 and it looks like > RHEL 6 is currently using sssd-1.13.3-22.el6_8.4.x86_64. According > to > above link, you need sssd v1.12.2 and above. Would the version on > RHEL > 6 above be bundling sssd-libwbclient by any chance? If not, is it > possible to install sssd-libwbclient on RHEL 6?
You could try installing sssd-1.14 from a COPR repo, like https://copr. fedorainfracloud.org/coprs/g/sssd/sssd-1-14/ > Also, on smb.conf, its a bit ambiguous what REALM need to be used. > Does one need to use IPA REALM or active directory REALM on these two > lines below? > > workgroup = MY > realm = MY.REALM The samba fileserver will be a member of the ipa domain, so you should use freeipa's kerberos realm in the 'realm' parameter in smb.conf. As for the 'workgroup' parameter, you can find the appropriate value in the 'NetBios Name' parameter from the 'ipa trustconfig-show' command output. > Lastly, when I followed the above article to setup samba, I got the > following errors when I attempted to connect to samba from Windows. > What would be potential places to go check for misconfiguration? > > Dec 28 17:49:41 manganese smbd: [2016/12/28 17:49:41.503322, > 0] libads/kerberos_verify.c:75(ads_dedicated_keytab_verify_ticket) > Dec 28 17:49:41 manganese smbd: krb5_rd_req failed (Wrong > principal in request) > Dec 28 17:49:41 manganese smbd: [2016/12/28 17:49:41.507090, > 0] libads/kerberos_verify.c:75(ads_dedicated_keytab_verify_ticket) > Dec 28 17:49:41 manganese smbd: krb5_rd_req failed (Wrong > principal in request) Check that you're using the proper realm and workgroup in smb.conf, that the principal used by samba is cifs/<server fqdn>@<IPA REALM> Best regards -- Loris Santamaria linux user #70506 xmpp:lo...@lgs.com.ve Links Global Services, C.A. http://www.lgs.com.ve Tel: 0286 952.06.87 Cel: 0414 095.00.10 sip:1...@lgs.com.ve ------------------------------------------------------------ "If I'd asked my customers what they wanted, they'd have said a faster horse" - Henry Ford -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project