[Samba] Kerberos, Samba, and XP wanting to map local users with authenticated ones
Mauricio Tavares
raubvogel at gmail.com
Tue May 31 15:29:03 MDT 2011
On Fri, May 27, 2011 at 6:28 PM, Jeremy Allison <jra at samba.org> wrote:
> On Fri, May 27, 2011 at 04:56:25PM -0400, Mauricio Tavares wrote:
>> Ok, I understand if I only have kerberos and windows, if I login as a
>> kerberos user, I better have a local user mapped to it or I will not
>> be able to login. But, now I have samba involved. If I tell it about
>> kerberos server,
>>
>> workgroup = LAZYASS
>> realm = MY.REALM
>> security = ads
>> kerberos method = system keytab
>>
>> shouldn't it see there is local (to samba's server) user bob,
>> principal bob at MY.REALM, and then mount bob's homedir if I try to login
>> as bob? Or am I missing an important step? I did join the xp box to
>> LAZYASS and can see there the fileserver's home fileshare (the only
>> thing I am exporting). But that is as far as I get.
>>
>> The exact error message I am getting is
>>
>> "The system cannot log you on due to the following error:
>>
>> Mapping between account names and security IDs was done."
>>
>> It almost sounds like it is completely ignoring the samba side of the show.
>
> Do you have winbindd running ? You need this to generate
> the local UNIX userid's that Samba will use to represent
> Windows users.
>
I dont seem to have it up and running:
[2011/05/31 16:13:04, 0]
winbindd/winbindd_cache.c:2578(initialize_winbindd_cache)
initialize_winbindd_cache: clearing cache and re-creating with
version number 1
[2011/05/31 16:13:04, 0] winbindd/winbindd_util.c:782(init_domain_list)
Could not fetch our SID - did we join?
[2011/05/31 16:13:04, 0] winbindd/winbindd.c:1399(main)
unable to initialize domain list
How can't it join the domain if it is the PDC?
More information about the samba
mailing list