Samba/AD/Kerberos
Ron Short
short at sgi.com
Mon Dec 29 15:43:52 GMT 2008
We only have Winbind running onthe Samba server
> # Samba config file created using SWAT
> # from 162.49.57.179 (162.49.57.179)
> # Date: 2007/04/10 14:33:48
>
> # Global parameters
> [global]
> workgroup = NMCS
> realm = NMCS.SDMENGINEERING.COM
> netbios name = MCSSAN
> name resolve order = lmhosts host wins bcast
> interfaces = 162.49.57.50/0xffffff00
> bind interfaces only = Yes
> security = ADS
> auth methods = winbind
> password server = dmcontroller1.nmcs.sdmengineering.com,
> dmcontroller2.nmcs.sdmengineering.com
> passwd program = /usr/bin/passwd %u
> passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n
> max log size = 500
> max xmit = 65535
> os level = 0
> preferred master = No
> local master = No
> domain master = No
> wins server = 162.49.57.15
> ldap ssl = no
> idmap uid = 15000-20000
> idmap gid = 15000-20000
> comment = %h (Samba %v)
> hosts allow = 162.49.57.
> hide dot files = No
> locking = No
> share modes = No
> vfs objects = sgistats, sgisendfile
>
> # client use spnego = yes
> # server signing = auto
> # client signing = yes
>
> # log level = 10
>
> [library]
> path = /media/library
> read only = No
> directory mask = 0775
>
> #[workarea]
> # path = /work/workarea
> # read only = No
> # guest ok = Yes
>
> [cam]
> path = /media2/cam
> read only = No
> directory mask = 0775
Scott Grizzard wrote:
> Is WINS running on the Samba server?
>
> Please post a copy of your smb.conf.
>
> - Scott Grizzard
>
> On Dec 29, 2008, at 9:35 AM, Ron Short wrote:
>
>> We have a situation where we have a Samba server setup on an SGI Irix
>> system working with a Microsoft 2003 Domain Controller and using
>> Kerberos. We can successfully join the Samba server to the domain.
>> We can also get a valid kerberos ticket for the administrator account
>>
>> This was working well until the Active Directory server was reboot.
>> Now we are having trouble connecting to the Samba share using the
>> Netbios name, i.e. MCSSAN\Library for example. Now it this the case
>> where we can't connect supplying the user/password (we are using the
>> domain/username combination). However we can connect if the IP
>> address is used. Also if we delete the machine account from the
>> domain controller it also works fine.
>>
>> Any pointers are appreciated as to what might have happened and what
>> can be done to correct the problem.
>>
>> --
>> Ron Short email: short at sgi.com
>> Solutions Architect office: 651/683-5680
>> SGI Global Professional Services fax: 651/683-5599
>
More information about the samba-technical
mailing list