[Samba] winbind and getent
Gabriel Petrescu
gabrielescu at gmail.com
Thu Jul 30 08:33:59 MDT 2009
yes, and it looks like:
[logging]
default = FILE:/var/log/krb5.log
[libdefaults]
default_realm = MYDOMAIN.LOCAL
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
MYDOMAIN.LOCAL = {
kdc = server.mydomain.local
admin_server = server.mydomain.local
default_domain = MYDOMAIN.LOCAL
}
[domain_realm]
.mydomain.local = MYDOMAIN.LOCAL
mydomain.local = MYDOMAIN.LOCAL
On Thu, Jul 30, 2009 at 5:26 PM, Hoover, Tony<hoover at sal.ksu.edu> wrote:
> Have you configured your /etc/krb5.conf file?
>
>
>
>
>
> ------------------------------------------------------------------------
> Tony Hoover, Network Administrator
> KSU - Salina, College of Technology and Aviation
> (785) 826-2660
>
> "Don't Blend in..."
> ------------------------------------------------------------------------
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of Gabriel Petrescu
> Sent: Thursday, July 30, 2009 8:39 AM
> To: John Stile
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] winbind and getent
>
> hi:)
>
> in my case it's working:
>
>> wbinfo Shows winbind is doing lookups from ADS
>> wbinfo -u
>> wbinfo -g
>> wbinfo -a mydomain+myuser%mypassword
>
> and i get an error here:
>
> kinit tests
> kinit(v5): Client not found in Kerberos database while getting initial
> credentials
>
>
> any advice here?
>
> gabi
>
> On Wed, Jul 29, 2009 at 6:58 PM, John Stile<john at stilen.com> wrote:
>> On Wed, 2009-07-29 at 22:33 +1000, tsg-samba wrote:
>>> Hi Volker,
>>>
>>> Yes in smb.conf i have:
>>> winbind enum users = Yes
>>> winbind enum groups = Yes
>>
>> getent Shows nsswitch is correct, to resolve ADS users and groups.
>> getent passwd
>> getent group
>>
>> wbinfo Shows winbind is doing lookups from ADS
>> wbinfo -u
>> wbinfo -g
>> wbinfo -a mydomain+myuser%mypassword
>>
>> kinit tests if kerberose can authenticate
>> kinit myuser
>>
>> If 'wbinfo -g' shows MYDOMAIN+Domain Users,
>> maybe your share should have a line like:
>> valid users = @"MYDOMAIN+Domain Users"
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list