Web lists-archives.com

[Samba] recommended smb.conf configuration for AD with realm+sssd


Our linux clients are integrated to AD by the tool "realm" (no "net ads join") and use "sssd" for authenticating AD users. What is the recommended configuration for smb.conf to authenticate AD users for directory shares? First, it looks like the configuration for "security" should be "ADS" and "server role" should be "member server" because these linux clients are domain members, but manpage for smb.conf says "ADS" and "member server" is for clients joined by the "net" utility which is not done here.

So what is the recommended configuration in smb.conf for linux clients joined to AD by realm and use sssd for authentication?

   security = ?
   server role = ?
   kerberos method = system keytab

Additionally I have to add manually a cifs/ SPN on the Windows DC with setspn for that machine account to get access on its samba shares.
Can I add the cifs/ SPN entry with any linux rpc-tool?


Best regards,
Alexander Fieroch

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba