[Samba] winbind problems
Brian Kesting
bkesting at cityofwayne.org
Tue Dec 21 01:41:40 GMT 2004
So the kticket needs to be valid for any samba/winbind services to work properly? It appears that when I issued the kinit command, my ticket will expire in about 10 hours with a ticket renewable lifetime of 1 week......how do I change that?
I am still getting the odd messages in my winbind log file though....I am really perplexed.
---------- Original Message ----------------------------------
From: "Thomas M. Skeren III" <tms3 at fskklaw.com>
Date: Mon, 20 Dec 2004 17:19:22 -0800
Brian Kesting wrote:
>I have changed the separator to '+'
>
>Also, my kerberos ticket was expired.....i re-issued a kinit username at DOMAIN command to renew it.
>
>Could that be the source of my problems?
>
>
Yes.
>---------- Original Message ----------------------------------
>From: "Thomas M. Skeren III" <tms3 at fskklaw.com>
>Date: Mon, 20 Dec 2004 17:09:33 -0800
>
>Brian Kesting wrote:
>
>
>
>>I have tried using a + separator with no success.
>>
>>
>>
>>
>I use _ which works well. I'm just guessing here, but *nix's use / as a
>very significant charactrer.
>
>
>
>>---------- Original Message ----------------------------------
>>From: Tom Skeren <tms3 at fsklaw.com>
>>Date: Mon, 20 Dec 2004 15:25:54 -0800
>>
>>Brian Kesting wrote:
>>
>>
>>
>>
>>
>>>Hello,
>>>
>>>I am running a Samba server (3.0.7) on
>>>
>>>
>
>a Suse 9.2 box. I have connected this server successfully to a Windows 2000 Active Directory (mixed mode). I have nsswitch.conf, krb5.conf configured and winbind seems to be running properly for the most part. With wbinfo I can get all of my user and group information. Problem is, it seems that at random times, the samba server just stops authenticating the windows user names and accounts. If I restart the winbind or smb service, then all seems to be well again for a while. Right now the only way I can keep this running is to run a cron job that restartes the samba and winbind services every hour. This is really bugging me as I cannot figure out what is going on. Can anyone help me? I have included some of my configuration and log files below. Thanks in advance.
>
>
>>>---------/etc/samba/smb.conf----------
>>># Samba Configuration File
>>>
>>>[global]
>>> workgroup = WAYNE
>>> realm = WAYNE.LOCAL
>>> server string = Samba Server
>>> security = ADS
>>> password server = adserver.wayne.local
>>> encrypt passwords = yes
>>> idmap uid = 10000-20000
>>> idmap gid = 10000-20000
>>> template shell = /bin/bash
>>> winbind use default domain = no
>>> winbind separator = /
>>>
>>>
>>>
>>>
>>>
>>>
>>The separator might be a problem.
>>
>>
>>
>>
>>
>>>[users]
>>> comment = Users on Linux
>>> path = /home/WAYNE
>>> read only = No
>>> browseable = Yes
>>>
>>>---------/etc/nsswitch.conf-------
>>>passwd: files winbind
>>>group: files winbind
>>>hosts: files dns wins winbind
>>>networks: files dns
>>>
>>>---------/etc/krb5.conf-----------
>>>[libdefaults]
>>> default_realm = WAYNE.LOCAL
>>> clockskew = 300
>>>
>>>[realms]
>>>WAYNE.LOCAL = {
>>> kdc = police.wayne.local
>>> default_domain = WAYNE.LOCAL>
>>> kpasswd_server = adserver.wayne.local
>>>}
>>>[domain_realm]
>>> .WAYNE.LOCAL = WAYNE.LOCAL
>>>[appdefaults]
>>>pam = {
>>> ticket_lifetime = 365d
>>> renew_lifetime = 365d
>>> forwardable = true
>>> proxiable = false
>>> retain_after_close = true
>>> minimum_uid = 0
>>>}
>>>
>>>----------/var/log/samba/log.smbd--------
>>>[2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/LIEUTENANT1$ is invalid on this system
>>>[2004/12/20 15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/LIEUTENANT1$ is invalid on this system
>>>[2004/12/20 15:25:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/LIEUTENANT1$ is invalid on this system
>>>[2004/12/20 15:25:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/LIEUTENANT1$ is invalid on this system
>>>.
>>>.
>>>.
>>>[2004/12/20 16:04:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>>[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>>[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
>>>Username WAYNE/DISPATCH_GW1$ is invalid on this system
>>>
>>>----------/var/log/samba/log.winbindd-------------------
>>>[2004/12/20 16:51:07, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>>[2004/12/20 16:54:52, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
>>>krb5_cc_get_principal failed (No such file or directory)
>>>[2004/12/20 16:56:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>>[2004/12/20 16:59:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>>>user 'root' does not exist
>>>[2004/12/20 17:00:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>>>user 'root' does not exist
>>>[2004/12/20 17:01:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>>[2004/12/20 17:06:24, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>>[2004/12/20 17:11:40, 1] libsmb/ntlmssp.c:ntlmssp_update(245)
>>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command
>>>[2004/12/20 17:15:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059)
>>>
>>>????
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
More information about the samba
mailing list