Web lists-archives.com

Re: [Samba] Using GPO to mount shares on Linux




On Thu, 26 Oct 2017 16:08:57 +0200
Daniel Carrasco <d.carrasco@xxxxxxxxx> wrote:

> Hello,
> 
> I'm using sssd because works fine, is the first time I join a domain
> with a Linux box and I need an easy and fast guide to make it work.
> SSSD allow me to cache the use credentials and autofs mounts, so if
> domain fails the computer will work without problem.
> 
> Finally is a problem of spn. I've opened the ADSI editor and I've
> added the CIFS name to the list of SPN in shares server and now works
> fine. Both ways works fine (autofs and smbclient).
> 
> Thanks to your comment about SPN (I didn't know what is), I've known
> where to search and a simple way to solve it.
> 
> Can I suggest to add this spn when a Linux member joins the domain?,
> because maybe give problems on other builds that use kerberos to mount
> shares.

It is possible cache the users credentials with winbind, not sure about
autofs.

Whilst the SPN is required for your setup, not everybody uses sssd and
autofs, both of which have nothing to do with Samba.

If you have these lines in a Samba Unix domain member smb.conf:

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    winbind refresh tickets = Yes

and use 'net ads join -U Administrator' to join the domain, you will get
a keytab created for you, but it will not contain an SPN for cifs, you
will have to added it.

It is Autofs that requires the SPN, so this program should document the
need for the SPN, not Samba, but I am sure you have found out that the
Autofs documentation is abysmal.

Rowland
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba