[Samba] winbind and getent

Gabriel Petrescu gabrielescu at gmail.com
Thu Jul 30 08:33:59 MDT 2009


yes, and it looks like:

[logging]
    default = FILE:/var/log/krb5.log

[libdefaults]
    default_realm = MYDOMAIN.LOCAL
    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true

[realms]
    MYDOMAIN.LOCAL = {
        kdc = server.mydomain.local
        admin_server = server.mydomain.local
        default_domain = MYDOMAIN.LOCAL
    }

[domain_realm]
    .mydomain.local = MYDOMAIN.LOCAL
    mydomain.local = MYDOMAIN.LOCAL




On Thu, Jul 30, 2009 at 5:26 PM, Hoover, Tony<hoover at sal.ksu.edu> wrote:
> Have you configured your /etc/krb5.conf file?
>
>
>
>
>
> ------------------------------------------------------------------------
> Tony Hoover, Network Administrator
> KSU - Salina, College of Technology and Aviation
> (785) 826-2660
>
> "Don't Blend in..."
> ------------------------------------------------------------------------
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of Gabriel Petrescu
> Sent: Thursday, July 30, 2009 8:39 AM
> To: John Stile
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] winbind and getent
>
> hi:)
>
> in my case it's working:
>
>> wbinfo Shows winbind is doing lookups from ADS
>>  wbinfo -u
>>  wbinfo -g
>>  wbinfo -a mydomain+myuser%mypassword
>
> and i get an error here:
>
>  kinit tests
> kinit(v5): Client not found in Kerberos database while getting initial
> credentials
>
>
> any advice here?
>
> gabi
>
> On Wed, Jul 29, 2009 at 6:58 PM, John Stile<john at stilen.com> wrote:
>> On Wed, 2009-07-29 at 22:33 +1000, tsg-samba wrote:
>>> Hi Volker,
>>>
>>> Yes  in smb.conf i have:
>>>         winbind enum users = Yes
>>>         winbind enum groups = Yes
>>
>> getent Shows nsswitch is correct, to resolve ADS users and groups.
>>  getent passwd
>>  getent group
>>
>> wbinfo Shows winbind is doing lookups from ADS
>>  wbinfo -u
>>  wbinfo -g
>>  wbinfo -a mydomain+myuser%mypassword
>>
>> kinit tests if kerberose can authenticate
>>  kinit myuser
>>
>> If 'wbinfo -g' shows   MYDOMAIN+Domain Users,
>> maybe your share should have a line like:
>>  valid users = @"MYDOMAIN+Domain Users"
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list