[Samba] member server and kerberos
Mark Le Noury
markl at bbd.co.za
Fri Oct 15 14:58:42 GMT 2004
Hi,
I had the exact same problem yesterday - which I managed to somehow
correct.
What I think happened was that after I had re-compiled kerberos support
into samba, I forgot to copy the new libnns_winbind.so to the /lib
directory.
Once I had copied the new library, I did a "killall -9 winbindd" and a
"service smb stop" and then restarted it all again. It just seemed to
work after that.
But I am just taking a huge guess about that being the cause - I could
have been something else that I changed by mistake.
I also found it necessary to build and install krb5-1.3.5 from MIT in
order to get everything to work correctly together. The older version of
kerberos that came with my distribution just wasn't happy talking to my
windows server. (Although I am using windows server 2003)
Thanks,
Mark
-----Original Message-----
From: samba-bounces+markl=bbd.co.za at lists.samba.org
[mailto:samba-bounces+markl=bbd.co.za at lists.samba.org] On Behalf Of
thomas constans
Sent: 15 October 2004 04:46 PM
To: samba at lists.samba.org
Subject: [Samba] member server and kerberos
hello
i have been struggling for to long trying to setup the following
configuration:
debian samba 3 member server of a win 2000 AD
here is my configuration:
## smb.conf ##
[global]
log level = 4
interfaces = 192.168.10.11/255.255.255.0
workgroup = datom
realm = datom.dyndns.org
server string = samba membre
security = ads
netbios name = cafeine
log file = /var/log/samba/samba.log
max log size = 50
idmap uid = 10000-20000
idmap gid = 10000-20000
password server = nicotine.datom.dyndns.org
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master
= no domain master = no preferred master = no domain logons = no dns
proxy = no obey pam restrictions = Yes winbind separator = / inherit
acls = yes inherit permissions = yes admin users =
DATOM.DYNDNS.ORG/administrateur winbind enum users = yes winbind enum
groups = yes
[share]
comment = partage
path = /home/samba
browseable = yes
## krb5.conf ##
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
#ticket_lifetime = 24000
default_realm = DATOM.DYNDNS.ORG
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
DATOM.DYNDNS.ORG = {
kdc = NICOTINE.DATOM.DYNDNS.ORG:88
admin_server = DATOM.DYNDNS.ORG:749
default_domain = DATOM.DYNDNS.ORG
}
[domain_realm]
.datom.dyndns.org = DATOM.DYNDNS.ORG
datom.dyndns.org = DATOM.DYNDNS.ORG
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
## nsswitch.conf ##
passwd: files winbind #ldap
group: files winbind #ldap
shadow: files #ldap
tests effectués:
# kinit administrateur + mdp -> ok
# net ads join
[2004/10/15 16:30:32, 0] libads/ldap.c:ads_add_machine_acct(1283)
ads_add_machine_acct: Host account for cafeine already exists -
modifying old account Using short domain name -- DATOM Joined 'CAFEINE'
to realm 'DATOM.DYNDNS.ORG'
# klist -5
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur at DATOM.DYNDNS.ORG
Valid starting Expires Service principal
10/15/04 13:50:20 10/15/04 23:50:20
krbtgt/DATOM.DYNDNS.ORG at DATOM.DYNDNS.ORG
10/15/04 13:50:54 10/15/04 23:50:20 nicotine$@DATOM.DYNDNS.ORG
10/15/04 13:50:55 10/15/04 23:50:20 kadmin/changepw at DATOM.DYNDNS.ORG
# wbinfo -D datom
Name : DATOM
Alt_Name : datom.dyndns.org
SID : S-1-5-21-1214440339-616249376-839522115
Active Directory : Yes
Native : No
Primary : Yes
Sequence : -1
# wbinfo -g
BUILTIN/System Operators
BUILTIN/Replicators
BUILTIN/Guests
BUILTIN/Power Users
BUILTIN/Print Operators
BUILTIN/Administrators
BUILTIN/Account Operators
BUILTIN/Backup Operators
BUILTIN/Users
BUT
# wbinfo -u
Error looking up domain users
i suspect a kerberos configuration issue because reverting to a security
= domain model, and everything works perfectly
can anybody shed a light on this ???
thanx in advance
--
thomas constans <thomas.constans at opendoor.fr>
openDoor.fr
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list