[Samba] Active Directory Integration Problems
Alberto Moreno
portsbsd at gmail.com
Mon Jul 13 17:55:55 MDT 2009
Lets see if this help.
I have setup a server a couple of weeks before, windows 2k3 AD I
add my vm centos 5.3 machine to it, I share 1 folder and add the home
users folder.
Is running and have no issue with.
Windows 2k3 domain name: DOM.local
machine name: dompdc
IP: 192.168.2.2
Network: 192.168.2.0/24
Centos machine name: dom-vmcentos(DHCP)
Kerberos: /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOM.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
DOM.LOCAL = {
admin_server = dompdc.DOM.local
default_domain = DOM.local
kdc = dompdc.DOM.local
}
[domain_realm]
.kerberos.server = DOM.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Winbind + samba running, lets go with samba:
[global]
syslog = 1
log level = 2 vfs:2
log file = /var/log/samba/%U.%m.log
utmp = Yes
load printers = no
socket options = TCP_NODELAY SO_RCVBUF=20480 SO_SNDBUF=20480
dns proxy = no
server string = vmCents 5.x Test Server
printing = cups
workgroup = DOM
netbios name = dom-vmcentos
security = ads
realm = DOM.LOCAL
allow trusted domains = Yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind separator = +
password server = dompdc.DOM.local
encrypt passwords = Yes
printcap name = /etc/printcap
max log size = 100
interfaces = eth0
bind interfaces only = Yes
local master = no
domain master = no
preferred master = no
template homedir = /home/%D/%U
template shell = /bin/bash
#unix charset = UTF-8
[homes]
comment = Home Directories DOM
browseable = no
writable = yes
#valid users = %S
create mode = 0664
directory mode = 0775
[Test]
comment = Test Directories DOM
path = /opt/test
public = yes
browseable = yes
writable = yes
valid users = DOM+username
write list = DOM+username
create mode = 0770
/etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc: files winbind
services: files
netgroup: files winbind
publickey: nisplus
automount: files winbind
aliases: files nisplus
/etc/hostname:
# Do not remove the following line, or various programs
# that require network functionality willfail.
192.168.2.118 dom-vmcentos.DOM.local dom-vmcentos
#::1 localhost6.localdomain6 localhost6
192.168.2.2 dompdc.DOM.local dompdc
Here it suppose that we already add the machine account to AD and is
working as u say.
Now lets see our shares on linux:
[root at dom-vmcentos opt]# ll
total 16
-rw-r--r-- 1 root root 146 Sep 16 2008 File
drwx------ 2 root root 12288 Feb 22 2008 lost+found
drwxr-xr-x 3 psql pvsw 1024 Jun 12 2008 PSQLDATA
drwxr-xr-x 2 DOM+username root 1024 Jun 16 15:31 test
drwxr-xr-x 3 root root 1024 Jan 8 2009 zimbra
Lest test:
[root at dom-vmcentos opt]# smbclient -L ////dom-vmcentos -U username
Password:
Domain=[DOM] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (vmCents 5.x Test Server)
Test Disk Test Directories DOM
username Disk Home Directories DOM
Domain=[DOM] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
Server Comment
--------- -------
DOM-VMCENTOS vmCents 5.x Test Server
DOMPDC
Workgroup Master
--------- -------
DOM DOMPDC
Now a mount command:
mount -t cifs //dom-vmcentos/Test -o username=username,password=passwd /mnt
[root at dom-vmcentos ~]# mount
//dom-vmcentos/Test on /mnt type cifs (rw,mand)
[root at dom-vmcentos ~]#
I can see the files inside this user home folder, create, modify, etc
even inside windows 2k3.
See u latter!!!
On Mon, Jul 13, 2009 at 9:21 AM, David Armstrong<darmstrong at moca.org> wrote:
> Brian,
>
> Which logs should I be checking?
>
> The following output comes from the winbindd.log. I replaced the FQDN
> of the domain controller in the second to last line of the log file. It
> was in the format SERVERNAME.domain.name
>
> [2009/07/13 09:16:40, 0] lib/util_sock.c:write_data(564)
> write_data: write failure. Error = Connection reset by peer
> [2009/07/13 09:16:40, 0] libsmb/clientgen.c:write_socket(158)
> write_socket: Error writing 104 bytes to socket 17: ERRNO = Connection
> reset by peer
> [2009/07/13 09:16:40, 0] libsmb/clientgen.c:cli_send_smb(188)
> Error writing 104 bytes to client. -1 (Connection reset by peer)
> [2009/07/13 09:16:40, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2223)
> cli_rpc_pipe_open: cli_nt_create failed on pipe \lsarpc to machine
> (FQDN to domain controller). Error was Write error: Connection reset by
> peer
>
> -----Original Message-----
> From: gregorcy [mailto:brian.gregorcy at utah.edu]
> Sent: Friday, July 10, 2009 12:56 PM
> To: David Armstrong
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Active Directory Integration Problems
>
>
>
> David Armstrong wrote:
>> Thanks for the replies. I have modified the share portion of my
>> smb.conf file as shown below. Still no luck.
>>
>> [test]
>> path = /home/2CP/darmstrong
>> browseable = yes
>> read only = yes
>> inherit permissions = yes
>> valid users = "2CP\darmstrong","buexec","test",itadmin
>> write list = "2CP\darmstrong","buexec","test",itadmin
>> read list =
>>
>>
>> When modifying file permissions for shares on Windows servers, I have
> to
>> log out and log back on again before the workstation recognizes them.
>> Does the same go for Samba shares?
>>
>
>
> Sounds like my first suggestion was wrong, maybe try uping the idmap
> setting.
>
>> idmap backend = rid:CHEMENG=500-100000000
>> idmap uid = 500-100000000
>> idmap gid = 500-100000000
>
> Is there anything in the logs?
>
> --
> Brian Gregorcy
> IT Manager
> University of Utah
> Department of Chemical Engineering
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
LIving the dream...
More information about the samba
mailing list