[Samba] Help for the Kerberos challenged in the audience,
config files
Marco F. Cavaliere
marco.cavaliere at ulixe.com
Wed Apr 14 09:13:00 GMT 2004
Try to access by the ip address.... in my samba box with kerberos, works
this but don't the access by netbios name ....
----- Original Message -----
From: "Brett Stevens" <brett.stevens at hubbub.com.au>
To: <ewray at mmicman.com>; <samba at lists.samba.org>
Sent: Wednesday, April 14, 2004 4:56 AM
Subject: Re: [Samba] Help for the Kerberos challenged in the audience,config
files
Nsswitch set properly?
Check it and make sure there is a ³passwd files winbind ³and a ³group files
winbind²
Also check that your time is synced correctly.
From: "Edward W. Ray" <ewray at mmicman.com>
Organization: MMICMAN, LLC
Reply-To: <ewray at mmicman.com>
Date: Tue, 13 Apr 2004 19:27:14 -0700
To: "'Brett Stevens'" <brett.stevens at hubbub.com.au>, <samba at lists.samba.org>
Subject: RE: [Samba] Help for the Kerberos challenged in the audience,
config files
The error has changed since the previous e-mail:
[root at ns2 root]# net ads join -U root
root password:
[2004/04/13 19:23:05, 0] libads/kerberos.c:ads_kinit_password(133)
kerberos_kinit_password root at MMICMANHOMENET.LOCAL failed: ASN.1 failed
call to system time library
[root at ns2 root]#
Below is my smb.conf:
[root at ns2 root]# more /etc/samba/smb.conf
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings
=====================================
[global]
dns proxy = no
log file = /var/log/samba/log.%m
server string = mail
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
password server = 192.168.1.100 192.168.1.102
winbind gid = 10000-20000
workgroup = mmicmanhomenet
username map = /etc/samba/user.map
use spnego = yes
ldap ssl = yes
hosts allow = 192.168.1.
encrypt passwords = yes
realm = mmicmanhomenet.local
security = ADS
winbind uid = 10000-20000
max log size = 50
[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = yes
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /home/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
; [printers]
; comment = All Printers
; path = /var/spool/samba
; browseable = no
# Set public = yes to allow user 'guest account' to print
; guest ok = no
; writable = no
; printable = yes
# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; read only = yes
; write list = @staff
# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in
fred's
# home directory. Note that fred must have write access to the spool
directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes
# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes
# A publicly accessible directory, read/write to all users. Note that all
files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of
course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no
# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In
this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765
[root at ns2 root]#
Below is my krb5.conf:
[root at ns2 root]# more /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MMICMANHOMENET.LOCAL
[realms]
MMICMANHOMENET.LOCAL = {
kdc = 192.168.1.100:88
}
[domain_realm]
.mmicmanhomenet.local = MMICMANHOMENET.LOCAL
mmicmanhomenet.local = MMICMANHOMENET.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[root at ns2 root]#
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list