Vielen Dank für die schnelle Antwort!
Unsere Konfiguration:
smb.conf
[global]
workgroup = XX-DOM
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = XX-DOM.COM
security = ads
krb5.conf
[libdefaults]
default_realm = XX-DOM.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = XX-DOM.COM
[domain/XX-DOM.COM]
id_provider = ad
access_provider = ad
ldap_id_mapping=true
krb5_server = XX-DOM.COM
ad_domain = XX-DOM.COM
krb5_realm = XX-DOM.COM
cache_credentials = True
id_provider = ad
auth_provider = krb5
krb5_server = server.xx-dom.com
krb5_ccachedir = /tmp
krb5_store_password_if_offline = True
default_shell = /bin/bash
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
ldap_idmap_autorid_compat = True
ldap_max_id = 2000200000
# Use this if users are being logged in at /.
# This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with pam_mkhomedir.so
override_homedir = /home/%d/%u
nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat sss
group: compat sss
shadow: compat sss
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files sss
ethers: db files
rpc: db files
netgroup: nis sss
sudoers: files sss
Merci und VG