Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments

    • Samba Authentication to AD on Top of SSSD

    Posted on

    I have a server setup for AD authentication through SSSD, and it's working great. Now, I've been asked to add a CIFS share to the server, and it will need to be accessible to AD users. Here are a couple of lines that concern me from the log:
    [2016/06/14 10:17:09.037697, 2] ../source3/librpc/crypto/gse_krb5.c:196(fill_mem_keytab_from_secrets)
    ../source3/librpc/crypto/gse_krb5.c:196: failed to fetch machine password
    [2016/06/14 10:17:09.037710, 1] ../source3/librpc/crypto/gse_krb5.c:619(gse_krb5_get_server_keytab)
    ../source3/librpc/crypto/gse_krb5.c:619: Error! Unable to set mem keytab - -1765328254
    [2016/06/14 10:17:09.037728, 1] ../auth/gensec/gensec_start.c:689(gensec_start_mech)

    And some info:

    realm list

    nghs.com
    type: kerberos
    realm-name: NGHS.COM
    domain-name: nghs.com
    configured: kerberos-member
    server-software: active-directory
    client-software: winbind
    required-package: oddjob-mkhomedir
    required-package: oddjob
    required-package: samba-winbind-clients
    required-package: samba-winbind
    required-package: samba-common
    login-formats: NGHS\%U
    login-policy: allow-any-login
    nghs.com
    type: kerberos
    realm-name: NGHS.COM
    domain-name: nghs.com
    configured: kerberos-member
    server-software: active-directory
    client-software: sssd
    required-package: oddjob
    required-package: oddjob-mkhomedir
    required-package: sssd
    required-package: adcli
    required-package: samba-common
    login-formats: %U
    login-policy: allow-permitted-logins

    net ads info

    LDAP server: 172.20.212.131
    LDAP server name: HQAUDC4.nghs.com
    Realm: NGHS.COM
    Bind Path: dc=NGHS,dc=COM
    LDAP port: 389
    Server time: Tue, 14 Jun 2016 10:24:20 EDT
    KDC server: 172.20.212.131
    Server time offset: 0

    grep -v '\;' /etc/samba/smb.conf | grep -v '#'

    [global]
    workgroup = NGHS
    server string = Samba Server Version %v

        netbios name = VEODBTST01

    log file = /var/log/samba/log.%m
    max log size = 50
    log level = 3

    passdb backend = tdbsam
    realm = NGHS.COM
    security = ads

    load printers = no
    cups options = raw
    printcap name = /dev/null

    [homes]
    comment = Home Directories
    browseable = no
    writable = yes

    [nonprdfiles]
    comment = Epic Non-Prod Files
    path = /epic/nonprdfiles
    public = yes
    writable = yes
    guest ok = no
    printable = no

    grep -v '#' /etc/krb5.conf

    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

    [libdefaults]
    dns_lookup_realm = true
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    default_realm = NGHS.COM
    default_ccache_name = KEYRING:persistent:%{uid}

    [realms]

    [domain_realm]
    .nghs.com = NGHS.COM
    nghs.com = NGHS.COM

    Any advice?

    Thanks,
    Jameson

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat