[Samba] winbind problems

Thomas M. Skeren III tms3 at fskklaw.com
Tue Dec 21 01:10:52 GMT 2004


Brian Kesting wrote:

>I have tried using a + separator with no success.  I also get this in my log.winbindd file as soon as I restart winbind:
>
>[2004/12/20 17:33:27, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
>  krb5_cc_get_principal failed (No such file or directory)
>  
>
I've seen that one.  Do a kinit, and see if you get a kerberos ticket.

>
>---------- Original Message ----------------------------------
>From: Tom Skeren <tms3 at fsklaw.com>
>Date:  Mon, 20 Dec 2004 15:25:54 -0800
>
>Brian Kesting wrote:
>
>  
>
>>Hello,
>>
>>I am running a Samba server (3.0.7) on a Suse 9.2 box.  I have connected this server successfully to a Windows 2000 Active Directory (mixed mode).  I have nsswitch.conf, krb5.conf configured and winbind seems to be running properly for the most part.  With wbinfo I can get all of my user and group information.  Problem is, it seems that at random times, the samba server just stops authenticating the windows user names and accounts.  If I restart the winbind or smb service, then all seems to be well again for a while.  Right now the only way I can keep this running is to run a cron job that restartes the samba and winbind services every hour.  This is really bugging me as I cannot figure out what is going on.  Can anyone help me?  I have included some of my configuration and log files below.  Thanks in advance.
>>
>>---------/etc/samba/smb.conf----------
>># Samba Configuration File
>>
>>[global]
>>       workgroup = WAYNE
>>       realm = WAYNE.LOCAL
>>       server string = Samba Server
>>       security = ADS
>>       password server = adserver.wayne.local
>>       encrypt passwords = yes
>>       idmap uid = 10000-20000
>>       idmap gid = 10000-20000
>>       template shell = /bin/bash
>>       winbind use default domain = no
>>       winbind separator = /
>> 
>>
>>    
>>
>The separator might be a problem.
>
>  
>
>>[users]
>>       comment = Users on Linux
>>       path = /home/WAYNE
>>       read only = No
>>       browseable = Yes
>>
>>---------/etc/nsswitch.conf-------
>>passwd: files winbind
>>group:  files winbind
>>hosts:    files dns wins winbind
>>networks: files dns
>>
>>---------/etc/krb5.conf-----------
>>[libdefaults]
>>       default_realm = WAYNE.LOCAL
>>       clockskew = 300
>>
>>[realms]
>>WAYNE.LOCAL = {
>>       kdc = police.wayne.local
>>       default_domain = WAYNE.LOCAL>
>>       kpasswd_server = adserver.wayne.local
>>}
>>[domain_realm]
>>       .WAYNE.LOCAL = WAYNE.LOCAL
>>[appdefaults]
>>pam = {
>>       ticket_lifetime = 365d
>>       renew_lifetime = 365d
>>       forwardable = true
>>       proxiable = false
>>       retain_after_close = true
>>       minimum_uid = 0
>>}
>>
>>----------/var/log/samba/log.smbd--------
>>[2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/LIEUTENANT1$ is invalid on this system
>>[2004/12/20 15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/LIEUTENANT1$ is invalid on this system
>>[2004/12/20 15:25:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/LIEUTENANT1$ is invalid on this system
>>[2004/12/20 15:25:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/LIEUTENANT1$ is invalid on this system
>>.
>>.
>>.
>>[2004/12/20 16:04:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>
>>----------/var/log/samba/log.winbindd-------------------
>>[2004/12/20 16:51:07, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>[2004/12/20 16:54:52, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
>> krb5_cc_get_principal failed (No such file or directory)
>>[2004/12/20 16:56:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>[2004/12/20 16:59:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>> user 'root' does not exist
>>[2004/12/20 17:00:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>> user 'root' does not exist
>>[2004/12/20 17:01:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>[2004/12/20 17:06:24, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>[2004/12/20 17:11:40, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>[2004/12/20 17:15:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>>
>>????
>> 
>>
>>    
>>
>
>
>
>  
>



More information about the samba mailing list