[Samba] Kerberos authentication problems
David Nalley
davidnalley at BryanRamey.com
Thu Mar 25 03:03:47 GMT 2004
> -----Original Message-----
> From: Brett Stevens [mailto:brett.stevens at hubbub.com.au]
> Can you publish (sanitized) the following
>
> /etc/nsswitch
> Samba.conf
> krb5.conf
>
> Thanks
As you can see, I tried to be liberal with permissions while testing,
and planned to tighten down. Thanks for taking a look
nsswitch.conf:
passwd: files winbind
shadow: files
group: files winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
default_tkt_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
[realms]
DOMAIN.COM = {
kdc = KDC.DOMAIN.COM
admin_server = KDC.DOMAIN.COM
default_domain = DOMAIN.COM
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
smb.conf:
[global]
netbios name = SAMBASRVR
Server String = "File Server"
workgroup = DOMAIN
security = ADS
log file = /var/log/%m.log
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = yes
realm = DOMAIN.COM
encrypt passwords = yes
password server = 192.168.XXX.XXX
local master = no
winbind use default domain = yes
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
client use spnego = yes
[public]
path = /tmp
guest ok = yes
writeable = yes
browseable = yes
public = yes
More information about the samba
mailing list