Re: [Samba] 4.5 -> 4.8 samba fails to start
- Date: Wed, 27 Jun 2018 08:00:14 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] 4.5 -> 4.8 samba fails to start
On Tue, 26 Jun 2018 16:22:36 -0500
Chad William Seys <cwseys@xxxxxxxxxxxxxxxx> wrote:
> Hi Rowland,
> Thanks for your explanation.
> We have set up Samba to authenticate users against an external MIT
> Kerberos server and usernames match those in Unix password files.
> The setup was almost exactly like the Ubuntu help page:
> There are others who have also set up Samba this way:
> and others who have contacted the mailing list for help in setting
> up Samba this way:
> After a hint from the Debian bug report (thanks Dan!) I was able
> to get Samba working with the external MIT KDC using SSSD. (A
> working config is below for the interested.)
Samba does not support sssd, it isn't a Samba product
> However, it would be great if this would function using all Samba
> software as previously.
It is supported, you just have to use winbind and join the domain.
> Is there a way to set up winbind/idmap to restore the behavior
> that "smbd directly contacts domain controllers"? (Quoted phrase from
> the 4.8 release notes.)
Don't think so, the option was explicitly removed from smbd.
> Thanks for the great software!
> # Global parameters
> # Note that some of these will vary depending on your setup!
> # E.g. do you use vfs_fruit?
> dns proxy = No
> hostname lookups = Yes
> kerberos method = secrets and keytab
> logging = syslog@1 /var/log/samba/log.%m
> map to guest = Bad User
> max log size = 100000
> panic action = /usr/share/samba/panic-action %d
> realm = YOUR.KERB.REALM
> security = USER
> server signing = required
> server string = %h server
> workgroup = MYWORKGR
> fruit:nfs_aces = no
> idmap config * : backend = tdb
Nice STANDALONE SERVER smb.conf.
To unsubscribe from this list go to the following URL and read the