Do I need Active Directory? - Samba nad Kerberos

[zszpiegz]

Hi.
I trying to set up Samba and Kerberos Server, but I have a problems. I have three computers. First with Kerberos Server and Samba, Second with debian as client, and third Service, also Debian. Kerberos is certainly well configured because ssh with kerberos authentication works. Do I need Active Directory if client is system Debian?
My config smb.conf:

Code: Select all

[global]
	workgroup = UCZELNIA GROUP
	netbios name = SERVER
	security = ads
   realm = UCZELNIA.LOCAL
   server role = standalone server
   dns forwarder = 8.8.8.8
   encrypt passwords = yes
   kerberos method = secrets and keytab

[data]
	comment = Data
	path = /export
	read only = no
	guest only = no

I would be very grateful for your help

[marcetm]

Hi zszpiegz,

I've got to answer you with two other questions:

1.- What do you want to do?
If you just want to share files in a LAN you don't need any Active Directory.

2.- What exactly are your problems?

By the way, I don't understand which is the function of the third machine of your network.

[zszpiegz]

1. I want share files in LAN between linux systems.

When I run command:
"smbclient -L //server -U%" samba working perfectly, but "smbclient -k -L //server" didn't work.
I get a message:

Code: Select all

gss_init_sec_context failed with [ Miscellaneous failure (see text): unable to reach any KDC in realm UCZELNIA.LOCAL]
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR
session setup failed: NT_STATUS_INTERNAL_ERROR

Bind is configured and running because I tested it. Winbind installed.
This is scheme:


My config files

krb5.conf

Code: Select all

[libdefaults]
        default_realm = UCZELNIA.LOCAL
        dns_lookup_realm = false
        dns_lookup_kdc = false
[realms]
        UCZELNIA.LOCAL = {
                kdc = server.uczelnia.local
                admin_server = server.uczelnia.local
                default_domain = uczelnia.local
        }

[domain_realm]
        .uczelnia.local = UCZELNIA.LOCAL
        uczelnia.local = UCZELNIA.LOCAL

smb.conf

Code: Select all

[global]
	workgroup = SERVER
	realm = UCZELNIA.LOCAL
	netbios name = SERVER
	dns forwarder = 8.8.8.8
	security = ads
	encrypt passwords = yes
	kerberos method = secrets and keytab

[netlogon]
	path = /var/lib/samba/sysvol/uczelnia.local/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

hosts

Code: Select all

127.0.0.1	localhost
192.168.1.100	server.uczelnia.local	server
192.168.1.101	service.uczelnia.local	service
192.168.1.102	client.uczelnia.local	client

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

resolv.conf

Code: Select all

nameserver 192.168.1.100
nameserver 8.8.8.8
domain uczelnia.local
search uczelnia.local

Verifying DNS:

$ host -t SRV _ldap._tcp.uczelnia.local
_ldap._tcp.uczelnia.local has SRV record 0 100 389 server.uczelnia.local.

$ host -t SRV _kerberos._udp.uczelnia.local
_kerberos._udp.uczelnia.local has SRV record 0 100 88 server.uczelnia.local.

$ host -t A server.uczelnia.local
server.uczelnia.local has address 192.168.1.100

[phenest]

You haven't actually said what the problem is.

1. I want share files in LAN between linux systems.

Is that working or not?

When I run command:
"smbclient -L //server -U%" samba working perfectly, but "smbclient -k -L //server" didn't work.
I get a message:

Code: Select all

gss_init_sec_context failed with [ Miscellaneous failure (see text): unable to reach any KDC in realm UCZELNIA.LOCAL]
SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR
session setup failed: NT_STATUS_INTERNAL_ERROR

If the first command works, why are you worried about the second one?

What you're explaining in your posts doesn't match your thread title.

[zszpiegz]

I need to authenticate kerberos and it does not work. This is the problem
Share files without Kerberos authentication working.