Web lists-archives.com

Re: [Samba] Question: Samba and YP-Yellow Pages relation.




On Thu, 5 Apr 2018 17:01:22 -0300
"Suporte - KONTROL" <suporte@xxxxxxxxxxxxxxxxxxxxxx> wrote:

> Hi Rowland,
> First of all, thanks Much for the message. Appreciate it!
> 
> Here more details...
> The users do not log into the pfSense. The Samba is being used to
> authenticate users with the proxy (squid) in a pfsense environment
> (Freebsd) The PfSense box is added to the AD Domain as a "Member"
> only, so that way the proxy can authenticate against the AD via
> NTLM/Kerberos.
> 
> Here is part of my script to add/leave Domain and also to create a
> keytab file to use against Kerberos.
> 
> 
> #joining a Domain
> net ads join createupn=HTTP/hostname001.corp@xxxxxxxxxxx -k  
> echo
> #adding SPN HTTP 
> echo "Adding the SPN HTTP"
> net ads keytab add HTTP
> echo
> #Generating keytab file
> net ads keytab create -k
> 

You can get the keytab created during the join by adding:

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab

To smb.conf before the join, not sure about the UPN though, never tried
it.

It sounds like you are running Samba as a Unix domain member, any
chance of seeing the (sanitized) smb.conf ? Also what is the AD DC ?

Not sure why you want to disable YP, squid is known to work with the
default Samba

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba