Hide Forgot
This is similar to "Bug 1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo". I am installing Samba file server using sssd for integration with 2008 R2 AD. I can access AD from RHEL server but I cannot be authenticated from Windows. I found "WBC_ERR_NOT_IMPLEMENTED" in the logs and then discussion around Bug 1175511. Initially. I've got [root@aozarh7file ~]# alternatives --display libwbclient.so.0.12-64 libwbclient.so.0.12-64 - status is auto. link currently points to /usr/lib64/sssd/modules/libwbclient.so.0.12.0 /usr/lib64/samba/wbclient/libwbclient.so.0.12 - priority 10 /usr/lib64/sssd/modules/libwbclient.so.0.12.0 - priority 20 Current `best' version is /usr/lib64/sssd/modules/libwbclient.so.0.12.0. After changing to winbind everything works and I can authenticate from Windows [root@aozarh7file ~]# alternatives --set libwbclient.so.0.12-64 /usr/lib64/samba/wbclient/libwbclient.so.0.12 [root@aozarh7file ~]# [root@aozarh7file ~]# alternatives --display libwbclient.so.0.12-64 libwbclient.so.0.12-64 - status is manual. link currently points to /usr/lib64/samba/wbclient/libwbclient.so.0.12 /usr/lib64/samba/wbclient/libwbclient.so.0.12 - priority 10 /usr/lib64/sssd/modules/libwbclient.so.0.12.0 - priority 20 Current `best' version is /usr/lib64/sssd/modules/libwbclient.so.0.12.0. Winbind is not installed on the server [root@aozarh7file ~]# yum list installed | grep winbin [root@aozarh7file ~]# yum list installed | grep sssd python-sssdconfig.noarch 1.14.0-43.el7 @rhel-7-server-rpms sssd.x86_64 1.14.0-43.el7 @rhel-7-server-rpms sssd-ad.x86_64 1.14.0-43.el7 @rhel-7-server-rpms sssd-client.x86_64 1.14.0-43.el7 @rhel-7-server-rpms sssd-common.x86_64 1.14.0-43.el7 @rhel-7-server-rpms sssd-common-pac.x86_64 1.14.0-43.el7 @rhel-7-server-rpms sssd-ipa.x86_64 1.14.0-43.el7 @rhel-7-server-rpms sssd-krb5.x86_64 1.14.0-43.el7 @rhel-7-server-rpms sssd-krb5-common.x86_64 1.14.0-43.el7 @rhel-7-server-rpms sssd-ldap.x86_64 1.14.0-43.el7 @rhel-7-server-rpms sssd-libwbclient.x86_64 1.14.0-43.el7 @rhel-7-server-rpms sssd-proxy.x86_64 1.14.0-43.el7 @rhel-7-server-rpms Version-Release number of selected component (if applicable): How reproducible: I am not sure, I guess I installed samba after sssd Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
There is no package which requires sssd-libwbclient. # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.3 Beta (Maipo) # repoquery --provides sssd-libwbclient sssd-libwbclient = 1.14.0-43.el7 sssd-libwbclient(x86-64) = 1.14.0-43.el7 # repoquery --whatrequires sssd-libwbclient # repoquery --whatrequires 'sssd-libwbclient(x86-64)' So you can just remove it or not install it in the first place. The alternatives settings are chosen in a way that whenever sssd-libwbclient is installed it has a higher priority than Samba's libwbclient. Since no package will pull in sssd-libwbclient automatically it must be installed manually and it should only be installed if it is needed and the feature set it provides is sufficient. HTH bye, Sumit
(In reply to Sumit Bose from comment #1) > There is no package which requires sssd-libwbclient. > > # cat /etc/redhat-release > Red Hat Enterprise Linux Server release 7.3 Beta (Maipo) > # repoquery --provides sssd-libwbclient > sssd-libwbclient = 1.14.0-43.el7 > sssd-libwbclient(x86-64) = 1.14.0-43.el7 > # repoquery --whatrequires sssd-libwbclient > # repoquery --whatrequires 'sssd-libwbclient(x86-64)' > > > So you can just remove it or not install it in the first place. > > The alternatives settings are chosen in a way that whenever sssd-libwbclient > is installed it has a higher priority than Samba's libwbclient. Since no > package will pull in sssd-libwbclient automatically it must be installed > manually and it should only be installed if it is needed and the feature set > it provides is sufficient. > > HTH > > bye, > Sumit Hi Sumit, I was just following "Red Hat Enterprise Linux 7 Windows Integration Guide" which states: "Packages Required for Accessing a CIFS Share with SSSD For a client to use SSSD to access a CIFS share, the following two packages are required. sssd-client The sssd-client package is installed automatically as an SSSD dependency. The package ..... sssd-libwbclient The sssd-libwbclient package is not installed automatically" Regards Eugene
Hi Eugene, this makes sense, but please note that the guide also says "If you require NTLM authentication or NetBIOS name lookup, use Winbind for accessing a CIFS share instead of SSSD.". SSSD currently only supports Kerberos authentication from Windows clients which is in general available in an AD domain but under certain conditions the Windows clients will fall back to NTLM. Typical reasons for the fallback to NTLM are trying to access the file server with the IP address or with a short (NetBIOS) name instead of the fully-qualified DNS name. Another reason might be that no 'cifs/fully.qualified.name' service principal is created for the file-server. HTH bye, Sumit
It looks like the main problem here is that the Windows Integration Guide does not explain all this clearly. Therefore, I'm changing the component to the doc component. We will have a look at the guide and see if we can make any editing changes that would make the situation clearer.
I reviewed "Accessing a CIFS share with SSSD" and updated the section to clarify its contents. I've sent the update for peer review.
I've implemented feedback from peer review and sent the section for SME review.
I'm renaming this BZ to make sure it corresponds to the doc task the original report turned into.
We've reviewed the section to make it clearer, covering also the issues from the original report. The new section is named 4.4. Using SMB shares with SSSD and will be available with the next minor release.
The update is now available on the Customer Portal. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/index.html