Samba problems joing to a Windows 2003 ADS
David kacuba
thewho212000 at yahoo.com
Tue May 6 16:33:24 GMT 2008
I get errors with wbinfo-u error looking up domain users.
wbinfo -u
BUILTIN+administrators
BUILTIN+users.
nsswitch/winbindd_util.c:trustdom_recv(235)
Could not receive trustdoms
[2008/05/06 12:18:02, 1] nsswitch/winbindd_util.c:trustdom_recv(235)
Could not receive trustdoms
[2008/05/06 12:23:02, 1] nsswitch/winbindd_util.c:trustdom_recv(235)
Could not receive trustdoms
[2008/05/06 12:27:57, 1] nsswitch/winbindd_ads.c:ads_cached_connection(128)
ads_connect for domain FAMILYENRICHMEN failed: Invalid credentials
[2008/05/06 12:28:29, 1] nsswitch/winbindd_util.c:trustdom_recv(235)
Could not receive trustdoms
2008/05/06 11:25:06, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
Username FAMILYENRICHMEN+dkacuba is invalid on this system
here is my smb.conf
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = FAMILYENRICHMEN
# server string is the equivalent of the NT Description field
server string = Samba Server
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.0.1 192.168.2. 127.
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers = yes
# It should not be necessary to spell out the print system type unless
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
; remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
; remote announce = 192.168.1.255 192.168.2.44
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 122
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = no
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = no
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# All NetBIOS names must be resolved to IP Addresses
# 'Name Resolve Order' allows the named resolution mechanism to be specified
# the default order is "host lmhosts wins bcast". "host" means use the unix
# system gethostbyname() function call that will use either /etc/hosts OR
# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
# and the /etc/resolv.conf file. "host" therefore is system configuration
# dependant. This parameter is most often of use to prevent DNS lookups
# in order to resolve NetBIOS names to IP Addresses. Use with care!
# The example below excludes use of name resolution for machines that are NOT
# on the local network segment
# - OR - are not deliberately to be known via lmhosts or via WINS.
; name resolve order = wins lmhosts bcast
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = no
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = 192.168.1.155
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = no
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
# this has been changed in version 1.9.18 to no.
; dns proxy = no
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
; preserve case = no
; short preserve case = no
# Default case is normally upper case for all DOS files
; default case = lower
# Be very careful with case sensitivity - it can break things!
; case sensitive = no
#============================ Share Definitions ==============================
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /sbin/nologin
winbind use default domain = true
security = ads
realm = FamilyEnrichmentNetwork.local
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
client use spnego = Yes
encrypt passwords = yes
guest ok = no
guest account = nobody
; spnego = yes
oplocks = no
level2 oplocks = no
kernel oplocks = no
[homes]
comment = Home Directories
browseable = no
writeable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /home/netlogon
; guest ok = yes
; writable = no
; share modes = no
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = FamilyEnrichmentNetwork.local
dns_lookup_realm = False
dns_lookup_kdc = False
ticket_lifetime = 24h
forwardable = yes
[realms]
FamilyEnrichmentNetwork.lcoal = {
kdc = 192.168.0.1
admin_server = 192.168.0.1
default_domain = FamilyEnrichmentNetwork.local
}
[domain_realm]
.FamilyEnrichmentNetwork.local = FamilyEnrichmentNetwork.local
FamilyEnrichmentNetwork.local= FamilyEnrichmentNetwork.local
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = FamilyEnrichmentNetwork.local
dns_lookup_realm = False
dns_lookup_kdc = False
ticket_lifetime = 24h
forwardable = yes
nsswitch.conf
nsspasswd: files winbind
shadow: files winbind
group: files winbind
Thanks for your help sorry so long
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
More information about the samba-technical
mailing list