Do I need Active Directory? - Samba nad Kerberos

New to Debian (Or Linux in general)? Ask your questions here!

Do I need Active Directory? - Samba nad Kerberos

Postby zszpiegz » 2017-04-29 12:13

Hi.
I trying to set up Samba and Kerberos Server, but I have a problems. I have three computers. First with Kerberos Server and Samba, Second with debian as client, and third Service, also Debian. Kerberos is certainly well configured because ssh with kerberos authentication works. Do I need Active Directory if client is system Debian?
My config smb.conf:
Code: Select all
[global]
   workgroup = UCZELNIA GROUP
   netbios name = SERVER
   security = ads
   realm = UCZELNIA.LOCAL
   server role = standalone server
   dns forwarder = 8.8.8.8
   encrypt passwords = yes
   kerberos method = secrets and keytab

[data]
   comment = Data
   path = /export
   read only = no
   guest only = no


I would be very grateful for your help :)
zszpiegz
 
Posts: 3
Joined: 2017-04-29 11:56

Re: Do I need Active Directory? - Samba nad Kerberos

Postby marcetm » 2017-05-04 18:01

Hi zszpiegz,

I've got to answer you with two other questions:

1.- What do you want to do?
If you just want to share files in a LAN you don't need any Active Directory.

2.- What exactly are your problems?

By the way, I don't understand which is the function of the third machine of your network.
marcetm
 
Posts: 118
Joined: 2015-08-02 21:30

Re: Do I need Active Directory? - Samba nad Kerberos

Postby zszpiegz » 2017-05-07 08:46

1. I want share files in LAN between linux systems.

When I run command:
"smbclient -L //server -U%" samba working perfectly, but "smbclient -k -L //server" didn't work.
I get a message:
Code: Select all
gss_init_sec_context failed with [ Miscellaneous failure (see text): unable to reach any KDC in realm UCZELNIA.LOCAL]
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR
session setup failed: NT_STATUS_INTERNAL_ERROR


Bind is configured and running because I tested it. Winbind installed.
This is scheme:
Image

My config files

krb5.conf
Code: Select all
[libdefaults]
        default_realm = UCZELNIA.LOCAL
        dns_lookup_realm = false
        dns_lookup_kdc = false
[realms]
        UCZELNIA.LOCAL = {
                kdc = server.uczelnia.local
                admin_server = server.uczelnia.local
                default_domain = uczelnia.local
        }

[domain_realm]
        .uczelnia.local = UCZELNIA.LOCAL
        uczelnia.local = UCZELNIA.LOCAL


smb.conf
Code: Select all
[global]
   workgroup = SERVER
   realm = UCZELNIA.LOCAL
   netbios name = SERVER
   dns forwarder = 8.8.8.8
   security = ads
   encrypt passwords = yes
   kerberos method = secrets and keytab

[netlogon]
   path = /var/lib/samba/sysvol/uczelnia.local/scripts
   read only = No

[sysvol]
   path = /var/lib/samba/sysvol
   read only = No


hosts
Code: Select all
127.0.0.1   localhost
192.168.1.100   server.uczelnia.local   server
192.168.1.101   service.uczelnia.local   service
192.168.1.102   client.uczelnia.local   client

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


resolv.conf
Code: Select all
nameserver 192.168.1.100
nameserver 8.8.8.8
domain uczelnia.local
search uczelnia.local


Verifying DNS:

$ host -t SRV _ldap._tcp.uczelnia.local
_ldap._tcp.uczelnia.local has SRV record 0 100 389 server.uczelnia.local.


$ host -t SRV _kerberos._udp.uczelnia.local
_kerberos._udp.uczelnia.local has SRV record 0 100 88 server.uczelnia.local.


$ host -t A server.uczelnia.local
server.uczelnia.local has address 192.168.1.100
zszpiegz
 
Posts: 3
Joined: 2017-04-29 11:56

Re: Do I need Active Directory? - Samba nad Kerberos

Postby phenest » 2017-05-07 09:51

You haven't actually said what the problem is.

zszpiegz wrote:1. I want share files in LAN between linux systems.

Is that working or not?

zszpiegz wrote:When I run command:
"smbclient -L //server -U%" samba working perfectly, but "smbclient -k -L //server" didn't work.
I get a message:
Code: Select all
gss_init_sec_context failed with [ Miscellaneous failure (see text): unable to reach any KDC in realm UCZELNIA.LOCAL]
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR
session setup failed: NT_STATUS_INTERNAL_ERROR

If the first command works, why are you worried about the second one?

What you're explaining in your posts doesn't match your thread title.
Dell XPS 17 L702X i7 2860QM 2.5GHz - 32GB RAM - 4G WWAN - Pioneer TD05-BDR
NEC Spirit 550 P4 3.8GHz HT - 2GB RAM - nVidia 7600GT - Pioneer BDR-209DBK
ASUS P8P67 EVO i7 3770K - 32GB RAM - 2x nVidia 660GTX SLI'd
User avatar
phenest
 
Posts: 1441
Joined: 2010-03-09 09:38
Location: The Matrix

Re: Do I need Active Directory? - Samba nad Kerberos

Postby zszpiegz » 2017-05-07 20:07

I need to authenticate kerberos and it does not work. This is the problem
Share files without Kerberos authentication working.
zszpiegz
 
Posts: 3
Joined: 2017-04-29 11:56


Return to Beginners Questions

Who is online

Users browsing this forum: bigrigdriver, JonPaul and 7 guests

fashionable