[Samba] winbind problems

Brian Kesting bkesting at cityofwayne.org
Tue Dec 21 01:41:40 GMT 2004 

So the kticket needs to be valid for any samba/winbind services to work properly?  It appears that when I issued the kinit command, my ticket will expire in about 10 hours with a ticket renewable lifetime of 1 week......how do I change that?  

I am still getting the odd messages in my winbind log file though....I am really perplexed.

---------- Original Message ----------------------------------
From: "Thomas M. Skeren III" <tms3 at fskklaw.com>
Date:  Mon, 20 Dec 2004 17:19:22 -0800

Brian Kesting wrote:

>I have changed the separator to '+'
>
>Also, my kerberos ticket was expired.....i re-issued a kinit username at DOMAIN command to renew it.
>
>Could that be the source of my problems?
>  
>
Yes.

>---------- Original Message ----------------------------------
>From: "Thomas M. Skeren III" <tms3 at fskklaw.com>
>Date:  Mon, 20 Dec 2004 17:09:33 -0800
>
>Brian Kesting wrote:
>
>  
>
>>I have tried using a + separator with no success.
>> 
>>
>>    
>>
>I use _ which works well.  I'm just guessing here, but *nix's use / as a 
>very significant charactrer.
>
>  
>
>>---------- Original Message ----------------------------------
>>From: Tom Skeren <tms3 at fsklaw.com>
>>Date:  Mon, 20 Dec 2004 15:25:54 -0800
>>
>>Brian Kesting wrote:
>>
>> 
>>
>>    
>>
>>>Hello,
>>>
>>>I am running a Samba server (3.0.7) on 
>>>      
>>>
>
>a Suse 9.2 box.  I have connected this server successfully to a Windows 2000 Active Directory (mixed mode).  I have nsswitch.conf, krb5.conf configured and winbind seems to be running properly for the most part.  With wbinfo I can get all of my user and group information.  Problem is, it seems that at random times, the samba server just stops authenticating the windows user names and accounts.  If I restart the winbind or smb service, then all seems to be well again for a while.  Right now the only way I can keep this running is to run a cron job that restartes the samba and winbind services every hour.  This is really bugging me as I cannot figure out what is going on.  Can anyone help me?  I have included some of my configuration and log files below.  Thanks in advance.
>  
>
>>>---------/etc/samba/smb.conf----------
>>># Samba Configuration File
>>>
>>>[global]
>>>      workgroup = WAYNE
>>>      realm = WAYNE.LOCAL
>>>      server string = Samba Server
>>>      security = ADS
>>>      password server = adserver.wayne.local
>>>      encrypt passwords = yes
>>>      idmap uid = 10000-20000
>>>      idmap gid = 10000-20000
>>>      template shell = /bin/bash
>>>      winbind use default domain = no
>>>      winbind separator = /
>>>
>>>
>>>   
>>>
>>>      
>>>
>>The separator might be a problem.
>>
>> 
>>
>>    
>>
>>>[users]
>>>      comment = Users on Linux
>>>      path = /home/WAYNE
>>>      read only = No
>>>      browseable = Yes
>>>
>>>---------/etc/nsswitch.conf-------
>>>passwd: files winbind
>>>group:  files winbind
>>>hosts:    files dns wins winbind
>>>networks: files dns
>>>
>>>---------/etc/krb5.conf-----------
>>>[libdefaults]
>>>      default_realm = WAYNE.LOCAL
>>>      clockskew = 300
>>>
>>>[realms]
>>>WAYNE.LOCAL = {
>>>      kdc = police.wayne.local
>>>      default_domain = WAYNE.LOCAL>
>>>      kpasswd_server = adserver.wayne.local
>>>}
>>>[domain_realm]
>>>      .WAYNE.LOCAL = WAYNE.LOCAL
>>>[appdefaults]
>>>pam = {
>>>      ticket_lifetime = 365d
>>>      renew_lifetime = 365d
>>>      forwardable = true
>>>      proxiable = false
>>>      retain_after_close = true
>>>      minimum_uid = 0
>>>}
>>>
>>>----------/var/log/samba/log.smbd--------
>>>[2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/LIEUTENANT1$ is invalid on this system
>>>[2004/12/20 15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/LIEUTENANT1$ is invalid on this system
>>>[2004/12/20 15:25:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/LIEUTENANT1$ is invalid on this system
>>>[2004/12/20 15:25:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/LIEUTENANT1$ is invalid on this system
>>>.
>>>.
>>>.
>>>[2004/12/20 16:04:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>>[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>>[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>>
>>>----------/var/log/samba/log.winbindd-------------------
>>>[2004/12/20 16:51:07, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>>[2004/12/20 16:54:52, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
>>>krb5_cc_get_principal failed (No such file or directory)
>>>[2004/12/20 16:56:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>>[2004/12/20 16:59:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>>>user 'root' does not exist
>>>[2004/12/20 17:00:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>>>user 'root' does not exist
>>>[2004/12/20 17:01:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>>[2004/12/20 17:06:24, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>>[2004/12/20 17:11:40, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>>[2004/12/20 17:15:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>>>
>>>????
>>>
>>>
>>>   
>>>
>>>      
>>>
>>
>> 
>>
>>    
>>
>
>
>
>
>  
>

More information about the samba mailing list