[Samba] samba in large domain

Dmitry Tikhomirov chani at me.com
Fri Sep 3 06:45:15 MDT 2010 

Hi all.

In my company we have domains like   country.global.network.local
My country is russia so domain is russia.global.network.local.

I have problem with winbind, its take too much time to get groups list(wbinfo -g) or login to share.
in log.winbind i see: 

[2010/09/03 16:35:38,  2] winbindd/winbindd.c:remove_client(744)
  final write to client failed: Broken pipe

and:


[2010/09/03 16:31:59,  3] libads/ldap.c:ads_try_connect(218)
  ads_try_connect: CLDAP request 13.121.34.25 failed.
[2010/09/03 16:32:06,  1] libads/cldap.c:recv_cldap_netlogon(157)
  no reply received to cldap netlogon
[2010/09/03 16:32:06,  3] libads/ldap.c:ads_try_connect(218)
  ads_try_connect: CLDAP request 11.151.28.15 failed.
[


11.151.28.15 and 13.121.34.25 is a kdc of Norway  and finland and we have trusts between our domain
But we(from russia ) have no connection atm to this kdc.

Question:  How do i can to set winbind to use only mine kdc and dont trying to connect to other kdc ?


cat /etc/krb5.conf :


[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]

 default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
 default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
 preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC

 default_realm = RUSSIA.GLOBAL.NETWORK.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]

 RUSSIA.GLOBAL.NETWORK.LOCAL = {
  kdc = 101.17.120.23:88
  admin_server = 101.17.120.23:749
  kpasswd_server = 101.17.120.23:749
  default_domain = RUSSIA.GLOBAL.NETWORK.LOCAL
}

[domain_realm]
 .russia.global.network.localtwork = RUSSIA.GLOBAL.NETWORK.LOCAL
 russia.global.network.local = RUSSIA.GLOBAL.NETWORK.LOCAL 

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

testparm:

[global]
	workgroup = RUSSIA
	realm = RUSSIA.GLOBAL.NETWORK.LOCAL
	server string = File Server
	interfaces = lo, eth0, 101.17.120.23/24
	security = ADS
	password server = 101.17.120.23
	passdb backend = tdbsam
	log level = 3
	os level = 0
	local master = No
	domain master = No
	idmap uid = 16777216-33554431
	idmap gid = 16777216-33554431
	winbind separator = +
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = Yes
	winbind refresh tickets = Yes
	hosts allow = 127., 101.17.
	cups options = cups


uname -a
Linux mskshare 2.6.18-194.8.1.el5 #1 SMP Thu Jul 1 19:04:48 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux

Name       : samba3x
Arch       : x86_64
Version    : 3.3.8
Release    : 0.52.el5_5




Thanks for any help!

More information about the samba mailing list