Web lists-archives.com

Re: [Samba] Using GPO to mount shares on Linux




Hello,

My actual setup is:

   - 2 Domain Controller using Samba 4.7 stable (synced)
   - Multiple Windows Workstations that has joined the Domain without
   problem
   - 1 Linux server using Debian 8 with Samba 4.2 as Member Server joined
   also to that Domain

This setup is working as expected (some windows bugs hide network drives,
but is not samba problem). All workstations are able to login with domain
credentials, and connect to shared drives on Linux server (managed by GPO
and ACL).

Now I've an xUbuntu workstation that I want to join to that Domain and I've
used realm and sssd to the job. The basic setup works fine and:

   - I'm able to login with domain users credentials into the linux
   workstation
   - I can get the domain data like for example users and groups, and even
   use domain data to manage autofs
   - I can mount shares stored on a DC using Kerberos authentication
   - I can connect to shares using smbclient using Kerberos authentication

My problem comes when I try to mount o connect to a share that is on Member
server from the xUbuntu workstation, that give me the errors I've commented
before. After your comments and research about SPN on google I think that
maybe is the problem, but for now I'm not able to test it.

Greetings!!

2017-10-24 14:40 GMT+02:00 Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:

> On Tue, 24 Oct 2017 14:11:15 +0200
> Daniel Carrasco <d.carrasco@xxxxxxxxx> wrote:
>
> > Thanks Rowland.
> >
> > I'll give a try to both things (WG and SPN).
> >
> > To be honest, I ask here because the sssd daemon is working as
> > expected allowing the authentication of the machine to the domain,
> > and the real problem is that I'm not able to access to a shared drive
> > using a Kerberos authentication (cifs and smbclient) and i've thought
> > that maybe was a misconfiguration on member server (because works
> > fine with domain server), and this server is configured as Samba4
> > member server without sssd.
> >
>
> Sorry, but I don't understand what you are trying to say.
> Do you mean that it works on a Unix domain member against a Samba AD DC
> and the Unix domain member isn't using sssd ?
> Or do you mean something else, if so, please explain your set up.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
_________________________________________

      Daniel Carrasco Marín
      Ingeniería para la Innovación i2TIC, S.L.
      Tlf:  +34 911 12 32 84 Ext: 223
      www.i2tic.com
_________________________________________
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba