[Samba] Samba 3 with ADS problem
Fabio Bucciarelli
fbucciarelli at regione.emilia-romagna.it
Thu Apr 27 07:34:28 GMT 2006
Hi Jasmine.
You have to copy the nss library in the /usr/lib directory:
root# cp ../samba/source/nsswitch/libnss_winbind.so /usr/lib
and, in case of Solaris:
root# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1
root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1
root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2
Then, you have to edit the /etc/nsswitch.conf file:
passwd: files winbind
shadow: files
group: files winbind
If you have the nscd (the name service caching) daemon running, shutdown it and then you can try again:
root# getent passwd
You can find documentation in http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
About the krb5.conf file, I suggest to try with dns_lookup_kdc =false (it is possible your DNS server is not configured to resolve the kdc for your realm), but if you joined to the domain the kerberos configuration should be ok.
What if you try:
./net ads testjoin ?
Fabio
On Wed, 2006-04-26 at 14:24 -0700, jasmine mary wrote:
> Hi all,
>
> I have started my work of Samba authentaication usiing AD with Samba 3.0.7,
> openldap-2.3.9,kerberos 1.4.3 on Solaris 8.
>
> My first question is can i implement it on Solaris box? because where ever i
> see, i could see the document for Linux and Debian.
>
> Let me explain what i did. I compiled the Kerberos and LDAP package first.
> After that i compiled the samba package. Samba is compiled successfully with
> the support of ADS, LDAP and Kerberos. I came to know this from these
> commands
>
> smbd -b | grep LDAP
> smbd -b | grep ADS
> smbd -b | grep krb
> smbd -b | grep winbind
>
> I edited the kerberos file as follows..
>
>
> [libdefaults]
> default_realm = SE.JASMINE.ORG
> dns_lookup_kdc = true
>
> [realms]
> SE.JASMINE.ORG = {
> kdc = se.jasmine.org
> }
>
> [domain_realm]
> .se.jasmine.org = SE.JASMINE.ORG
> [logging]
> default = FILE:/var/krb5/kdc.log
> kdc = FILE:/var/krb5/kdc.log
> kdc_rotate = {
> period = 1d
> versions = 10
> }
>
> [appdefaults]
> kinit = {
> renewable = true
> forwardable= true
> }
>
>
> se.jasmine.org is the realm name. Server name is alos the same one. It will
> 5 servers are there for doing fail over.
>
>
> I joined the samba server with the domain using net ads join. It added
> successfully. i can able to get the list of AD users and groups using
> wbcinfo -u and -g respectively.
>
>
> smb.conf file
>
> [global]
> workgroup = SE
> realm = se.jasmine.org
> security = ADS
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> encrypt passwords = yes
> log level = 3
> log file = /var/log/samba/%m
>
> [jasmine]
> path = /home/jselvaraj
> guest ok = Yes
>
> So far everyhitng is good..I am facing the following problems.
>
> 1. i couldnt get the getent username/group from AD. It only displays the
> local user information.What does it mean? whether isnt it added
> succussfully?
>
> 2. ./net ads info displays the "Didn't find the ldap server!" error
>
> 3. kinit gives this error "kinit: Cannot contact any KDC for requested realm
> while getting initial credentials", ebventhough i can ping my samba server
> from the windows and the reverse. There is no firewall problem too.
>
> 4. Did i need to edit the pam configuration files. Each document gives the
> different type of following. I couldnt find the correct steps to implement
> it on Solaris.Pls anyone who implemented it give the url u referred.
>
>
> I dont know what steps i am missing and what to do next.
>
> FYI..In my company they already imlemented this samba with AD. But they
> never touched kr5.conf file. Users much be created with AD username to
> access the share. It doubles the work. So i am starting the enhancement work
> of it but from scratches (ie, compiling the LDAP, Samba,Kerberos)
>
> Please help me out.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
> View this message in context: http://www.nabble.com/Samba-3-with-ADS-problem-t1514307.html#a4110019
> Sent from the Samba - General forum at Nabble.com.
>
More information about the samba
mailing list