[Samba] winbind problems
Thomas M. Skeren III
tms3 at fskklaw.com
Tue Dec 21 01:10:52 GMT 2004
Brian Kesting wrote:
>I have tried using a + separator with no success. I also get this in my log.winbindd file as soon as I restart winbind:
>
>[2004/12/20 17:33:27, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
> krb5_cc_get_principal failed (No such file or directory)
>
>
I've seen that one. Do a kinit, and see if you get a kerberos ticket.
>
>---------- Original Message ----------------------------------
>From: Tom Skeren <tms3 at fsklaw.com>
>Date: Mon, 20 Dec 2004 15:25:54 -0800
>
>Brian Kesting wrote:
>
>
>
>>Hello,
>>
>>I am running a Samba server (3.0.7) on a Suse 9.2 box. I have connected this server successfully to a Windows 2000 Active Directory (mixed mode). I have nsswitch.conf, krb5.conf configured and winbind seems to be running properly for the most part. With wbinfo I can get all of my user and group information. Problem is, it seems that at random times, the samba server just stops authenticating the windows user names and accounts. If I restart the winbind or smb service, then all seems to be well again for a while. Right now the only way I can keep this running is to run a cron job that restartes the samba and winbind services every hour. This is really bugging me as I cannot figure out what is going on. Can anyone help me? I have included some of my configuration and log files below. Thanks in advance.
>>
>>---------/etc/samba/smb.conf----------
>># Samba Configuration File
>>
>>[global]
>> workgroup = WAYNE
>> realm = WAYNE.LOCAL
>> server string = Samba Server
>> security = ADS
>> password server = adserver.wayne.local
>> encrypt passwords = yes
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>> template shell = /bin/bash
>> winbind use default domain = no
>> winbind separator = /
>>
>>
>>
>>
>The separator might be a problem.
>
>
>
>>[users]
>> comment = Users on Linux
>> path = /home/WAYNE
>> read only = No
>> browseable = Yes
>>
>>---------/etc/nsswitch.conf-------
>>passwd: files winbind
>>group: files winbind
>>hosts: files dns wins winbind
>>networks: files dns
>>
>>---------/etc/krb5.conf-----------
>>[libdefaults]
>> default_realm = WAYNE.LOCAL
>> clockskew = 300
>>
>>[realms]
>>WAYNE.LOCAL = {
>> kdc = police.wayne.local
>> default_domain = WAYNE.LOCAL>
>> kpasswd_server = adserver.wayne.local
>>}
>>[domain_realm]
>> .WAYNE.LOCAL = WAYNE.LOCAL
>>[appdefaults]
>>pam = {
>> ticket_lifetime = 365d
>> renew_lifetime = 365d
>> forwardable = true
>> proxiable = false
>> retain_after_close = true
>> minimum_uid = 0
>>}
>>
>>----------/var/log/samba/log.smbd--------
>>[2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/LIEUTENANT1$ is invalid on this system
>>[2004/12/20 15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/LIEUTENANT1$ is invalid on this system
>>[2004/12/20 15:25:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/LIEUTENANT1$ is invalid on this system
>>[2004/12/20 15:25:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/LIEUTENANT1$ is invalid on this system
>>.
>>.
>>.
>>[2004/12/20 16:04:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>> Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>
>>----------/var/log/samba/log.winbindd-------------------
>>[2004/12/20 16:51:07, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>[2004/12/20 16:54:52, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
>> krb5_cc_get_principal failed (No such file or directory)
>>[2004/12/20 16:56:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>[2004/12/20 16:59:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>> user 'root' does not exist
>>[2004/12/20 17:00:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>> user 'root' does not exist
>>[2004/12/20 17:01:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>[2004/12/20 17:06:24, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>[2004/12/20 17:11:40, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>> Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>[2004/12/20 17:15:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>>
>>????
>>
>>
>>
>>
>
>
>
>
>
More information about the samba
mailing list