[OmniOS-discuss] samba with AD on omnios
Tobias Oetiker
tobi at oetiker.ch
Tue Sep 17 15:27:54 UTC 2013
Hi Thomas,
Today Thomas Werschlein wrote:
> Hi Tobi
>
> On 16.09.2013, at 22:56, Tobias Oetiker <tobi at oetiker.ch> wrote:
>
> > I am trying to use samba/winbind to hook up our omnios box to an AD
> > server. After some fiddleling, I managed to compile samba +
> > openldap linked to the system krb5 libraries ...
> >
> > Running kclient to configure kerberos seems to work fine, but when runnning net ads join,
> > I get:
> >
> > -----------------------------------------------------------------------------------------
> > # net ads join -S ad-server -U Administrator
> > Enter Administrator's password:
> > kinit succeeded but ads_sasl_spnego_krb5_bind failed: Error in the PKCS 11 library calls
> > Failed to join domain: failed to connect to AD: Error in the PKCS 11 library calls
> > -----------------------------------------------------------------------------------------
> >
> > the thing seems to be hung up on some soft tokens, and it does also
> > not seem able to find the kerberos key cache ...
> >
> > anyone running such a setup on omnios who could give me a hint ?
>
> We are running such a setup for quite some time now.
>
> The comment in our Chef recipe for kerberos5 reads:
> "Used to *run* samba3. You can successfully compile samba with the krb5 that
> ships with OmniOS, but will not be able to 'net ads join'"
>
> IIRC it was also the PKCS 11 library calls error that lead us to compile kerberos ourselves.
:-) glad to hear I didn't do something wrong ...
> We are using krb5-1.11.1 right now and build it straight forward.
ah ... ok ... today I have experimented with the built in cifs
support, and it workes like charm ... here is what I did
the only tricky bit was, that I had to set
# sharectl set -p lmauth_level=4 smb
to make samba join with the 2012 ads server
> Currently we are using samba-3.6.18 and are compiling gamin
> 0.1.10 (to build the samba module 'notify_fam', with patches from
> Opensolaris and others to use FEN) and openldap 2.4.34 (plain
> vanilla) as prerequisites, too.
cool ... do you run a pkg repo and publish your scripts ?
my stuff is on https://github.com/oposs/pkg.oetiker.ch-build
cheers
tobi
--
Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
http://it.oetiker.ch tobi at oetiker.ch ++41 62 775 9902 / sb: -9900
More information about the OmniOS-discuss
mailing list