On 1/5/2015 2:45 AM, Jakub Hrozek wrote:
On Sun, Jan 04, 2015 at 04:33:29PM -0800, Scott Harvey` wrote:
> Tried to post before but the body had too much data
> deleted graphics from body.
I think the sssd config file and logs would be nice to see. And since
Samba is more-or-less an AD DC, maybe even enrolling the client would be
possible with adcli:
https://jhrozek.livejournal.com/3581.html
But it looks like you've enrolled the client already.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Thank you for getting back.
When you say "enroll a client" what do you mean? I have an spn
that I set up that is the machine name of my dc controller as instructed by
https://wiki.samba.org/index.php?title=Local_user_management_and_authenti...
# samba-tool domain exportkeytab /etc/krb5.sssd.keytab --principal=dc1$
# chown root:root /etc/krb5.sssd.keytab
# chmod 600 /etc/krb5.sssd.keytab
dc1 is netserver02 in my case.
Contents of the sssd config file:
--------------------------------------------------
[sssd]
services = nss, pam
config_file_version = 2
domains =
netserver02.harvey.net
#domains = default
debug_level = 2
#
filter_users_in_groups = false
#
#ldap_user_principal = netserver02$.harvey.net(a)HARVEY.NET
#
#ldap_referrals = true
#
[nss]
#
allowed_shells = /bin/bash
shell_fallback = /bin/bash
#
[pam]
[
domain/netserver02.harvey.net]
#[domain/default]
# Using id_provider=ad sets the best defaults on its own
id_provider = ad
# In sssd, the default access provider is always 'permit'. The AD access
# provider by default checks for account expiration
access_provider = ad
#
#dyndns_update=false
# Uncomment to use POSIX attributes on the server
ldap_id_mapping=false
#ad_enable_dns_sites = true
# Uncomment if the client machine hostname doesn't match the
# computer object on the DC.
#ad_hostname =
dc1.samdom.example.com
ad_hostname =
netserver02.harvey.net
#Uncomment if DNS SRV resolution is not working
#ad_server =
netserver02.harvey.net
# Uncomment if the domain section is named differently than your Samba
domain
#ad_domain =
harvey.net
# Enumeration is discouraged for performance reasons.
#enumerate = true
# location of the keytab
# Make sure this is generated before use..
krb5_keytab=/etc/krb5.sssd.keytab
------------------------------------------------------------------------------------------------------------------------