[Samba] winbinb problem related to kerberos.

Lombardo Federico ego_pfe at hotmail.com
Fri Oct 17 08:22:55 GMT 2003 

I've a little stupid problem with winbindd
when I start it I can read in winbind log:

[2003/10/17 10:17:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(149)
  Added domain GRANDI_STAZIONI GSTAZIONI.IT
[2003/10/17 10:17:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)
[2003/10/17 10:17:47, 0] libads/kerberos.c:ads_kinit_password(133)
  kerberos_kinit_password HOST/norad at GSTAZIONI.IT failed: Client not found
in Kerberos database
[2003/10/17 10:17:47, 1] nsswitch/winbindd_ads.c:ads_cached_connection(64)
  ads_connect for domain GRANDI_STAZIONI failed: Operations error
[2003/10/17 10:17:47, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
  scanning trusted domain list
[2003/10/17 10:17:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(149)
  Added domain GSTEST  S-1-5-21-602162358-220523388-725345543
[2003/10/17 10:17:47, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
  scanning trusted domain list


from my smb.conf:

[global]
encrypt passwords = Yes
winbind separator = +
winbind cache time = 10
template homedir = /home/%D/%U
template shell = /bin/bash
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
workgroup = GRANDI_STAZIONI
server string = norad
security = ads
log file = /var/log/samba/log.%m
max log size = 50
password server = MASTER BDC
realm = GSTAZIONI.IT
passdb backend = tdbsam
socket options = TCP_NODELAY  SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = 192.168.5.1 192.168.0.1
wins proxy = yes
dns proxy = yes
[public]
comment = none
writeable = yes
public = yes
browseable = yes
path = /home/samba
read only = No
create mask = 0777
directory mask = 0777
guest ok = No


Note that I've successfully created a machine account into the domain with
the command: net ads join -U administrator.

from my krb5.conf:

[libdefaults]
         default_realm = GSTAZIONI.IT
         default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
         default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
         permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
         krb4_config = /etc/krb.conf
         krb4_realms = /etc/krb.realms
         kdc_timesync = 1
         ccache_type = 4
         forwardable = true
         proxiable = true
         v4_instance_resolve = false
         v4_name_convert = {
                 host = {
                         rcmd = host
                        ftp = ftp
                 }
                 plain = {
                         something = something-else
}
         }
[realms]
GSTAZIONI.IT = {
          kdc = 192.168.5.1:88
          kdc = 192.168.0.1:88
}
[domain_realm]
.gstazioni.it = GSTAZIONI.IT
gstazioni.it = GSTAZIONI.IT
[login]
         krb4_convert = true
         krb4_get_tickets = true


which thing cause this problem ?
how to solve ?
another problem is that I can list users and group with the net ads users
command, but not with wbinfo, why ?


Thank in advance,

Best regards.

Federico

More information about the samba mailing list