[Samba] samba3.0.14a, Windows2003, ADS

Wed May 11 17:54:19 GMT 2005

Platform is RedHat....
$ ps -axc | grep winbind
 4792 ?        S      0:00 winbindd
 4793 ?        S      0:00 winbindd

Michael Joyner wrote:

> wbinfo -p is trying to tell you the wrong thing. :)
>
> ps axc | grep winbind
>
> if there is no output your winbind is not running.
>
> what is your platform?
>
> SuSE, RedHat, FreeBSD, Other?
>
> If SuSE, you have to do a chkconfig -a winbind, rcwinbind start
>
> If FreeBSD, there are some rc vars you have to set in /etc/rc.conf, if 
> you look in /usr/local/etc/rc.d/samba.sh it will show you their names.
>
> For RedHat, there is a similar process as chkconfig, but I don't 
> remember what it is right off hand.
>
>
> Danna Dowdy wrote:
>
>> Please forgive the long post but I am at my wits end here!  Below are 
>> the files that I have configured, the results of several commands, 
>> and some output from log files.... ANY HELP AT ALL??!!
>>
>> wbinfo -p
>> Ping to winbindd failed on fd -1
>> could not ping winbindd!
>>
>> wbinfo -t
>> checking the trust secret via RPC calls failed
>> error code was  (0x0)
>> Could not check secret
>>
>> kinit and klist seem to work
>> Ticket cache: FILE:/tmp/krb5cc_503
>> Default principal: username at DOMAIN
>> Valid starting     Expires            Service principal
>> 05/11/05 12:59:46  05/11/05 22:59:46  krbtgt/DOMAIN at DOMAIN
>> Kerberos 4 ticket cache: /tmp/tkt503
>> klist: You have no tickets cached
>>
>> When I run net ads users, I get back all users in Active Directory
>>
>>
>> Configured Samba with this
>>
>> ./configure -with-ldap -with-ads -with-krb5 -with-pam -with-winbind
>>
>> smb.conf
>> [global]
>> realm = DOMAIN
>> workgroup=WORKGRP
>> password server = CONTROLLER
>> security = ADS
>> encrypt passwords = yes
>>
>> # winbind configuration: mapping ADS users to
>> # uid's and gid's, enabling the enumeration of users
>> # and groups.
>> # winbind separator is the character that separates
>> # user or group names from the domain name.
>>
>> winbind separator = @
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>> winbind enum users=yes
>> winbind enum groups=yes
>>
>> /etc/krb5.conf
>>
>> [logging]
>> default = FILE:/var/log/krb5libs.log
>> kdc = FILE:/var/log/krb5kdc.log
>> admin_server = FILE:/var/log/kadmind.log
>>
>> [libdefaults]
>> ticket_lifetime = 24000
>> default_realm = DOMAIN
>>
>>
>> [realms]
>> DOMAIN = {
>>  kdc = CONTROLLER
>> }
>>
>> [domain_realm]
>> CONTROLLER = DOMAIN
>>
>> [kdc]
>> profile = /var/kerberos/krb5kdc/kdc.conf
>>
>> [appdefaults]
>> pam = {
>>   debug = false
>>   ticket_lifetime = 36000
>>   renew_lifetime = 36000
>>   forwardable = true
>>   krb4_convert = false
>> }
>>
>> pam.d/samba
>> Auth required /lib/security/pam_winbind.so
>> Account required /lib/security/pam_winbind.so
>>
>> nsswitch.conf
>> passwd:     files winbind
>> shadow:     files
>> group:      files winbind
>>
>> winbindd.log
>> [2005/05/11 12:34:43, 1] libsmb/clikrb5.c:ads_krb5_mk_req(415)
>>  ads_krb5_mk_req: krb5_mk_req_extended failed (Ticket expired)
>> [2005/05/11 12:34:43, 1] 
>> libsmb/cliconnect.c:cli_session_setup_kerberos(539)
>>  spnego_gen_negTokenTarg failed: Ticket expired
>> [2005/05/11 12:34:43, 1] 
>> nsswitch/winbindd_ads.c:ads_cached_connection(81)
>>  ads_connect for domain DOMAIN failed: Cannot read password
>> [2005/05/11 12:34:43, 1] nsswitch/winbindd_util.c:init_domain_list(322)
>>  Could not fetch sid for our domain DOMAIN
>> [2005/05/11 12:34:43, 1] 
>> libsmb/cliconnect.c:cli_session_setup_kerberos(539)
>>  spnego_gen_negTokenTarg failed: No credentials cache found
>>
>>
>>
>