[Samba] samba3+ADS
subramanian.ponnusamy at iflexsolutions.com
subramanian.ponnusamy at iflexsolutions.com
Thu Jan 13 22:40:21 GMT 2005
Hi ,
I'm using RH9, and I have compiled samba 3.0.1 compiled from sources,
with the following options:
./configure --with-winbind --with-winbind-auth-challenge --with-pam \
--with-acl-support --with-ldapsam --with-pam_smbpass \
--with-ads --with-ldap --with-dce-dfs --with-smbwrapper --enable-pam
net ads join -S server.domain.com -U support
worked fine.
I started winbindd. 'wbinfo -u' & 'wbinfo -g' can get all users & groups
from domain.
But the command 'getent passwd' could only show local accounts, without
any
domain mapped accounts inside.
Nscd service also not running.
What could be the problem? Could you please help me to resolve this
issue jelmer.
/etc/samba/smb.conf:
[global]
workgroup = OP-DOM
realm = OPAL.I-FLEX.COM
server string = Samba Server
security = ADS
password server = 169.165.63.8
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = #
winbind use default domain = Yes
/etc/krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = OPAL.I-FLEX.COM
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
OPAL.I-FLEX.COM = {
kdc = mil-dc-02.opal.i-flex.com
admin_server = mil-dc-02.opal.i-flex.com
default_domain = opal.i-flex.com
}
[domain_realm]
.OPAL.I-FLEX.COM = OPAL.I-FLEX.COM
opal.i-flex.com = OPAL.I-FLEX.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
/etc/nsswitch.conf:
passwd: files winbind
shadow: files
group: files winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
--------------- Logs -----------------
/var/log/samba/log.winbindd:
[2005/01/14 04:03:18, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain OP-DOM OPAL.I-FLEX.COM
[2005/01/14 04:03:18, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2005/01/14 04:03:20, 1]
nsswitch/winbindd_util.c:add_trusted_domains(207)
scanning trusted domain list
[2005/01/14 04:03:21, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for singdc03$@SING.I-FLEX.COM (Cannot find
KDC for requested realm)
[2005/01/14 04:03:22, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain SING sing.i-flex.com
S-1-5-21-1390067357-1214440339-725345543
[2005/01/14 04:03:22, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for ch-dc-02$@CH.I-FLEX.COM (Cannot find
KDC for requested realm)
[2005/01/14 04:03:22, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain CH-DOM ch.i-flex.com
S-1-5-21-1937329982-1241017600-1843927889
[2005/01/14 04:03:32, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for pu-dc-02$@PUNE.I-FLEX.COM (Cannot find
KDC for requested realm)
[2005/01/14 04:03:32, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain PUNENTDOM pune.i-flex.com
S-1-5-21-475882704-881679878-1537874043
[2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for spz-dc-01$@SPZ.I-FLEX.COM (Cannot find
KDC for requested realm)
[2005/01/14 04:03:33, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain SDF1-NT-DOM spz.i-flex.com
S-1-5-21-1549417937-415303249-622671684
[2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for dcroot$@I-FLEX.COM (Cannot find KDC
for requested realm)
[2005/01/14 04:03:33, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain I-FLEX i-flex.com
S-1-5-21-1202660629-796845957-1801674531
[2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for jbdc01$@VP.I-FLEX.COM (Cannot find KDC
for requested realm)
[2005/01/14 04:03:34, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain VPNTDOM vp.i-flex.com
S-1-5-21-635063025-298412223-930774774
[2005/01/14 04:03:34, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for cvr-dc-01$@RT.I-FLEX.COM (Cannot find
KDC for requested realm)
[2005/01/14 04:03:34, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain RT-DOM rt.i-flex.com
S-1-5-21-1839471235-300689253-1848903544
[2005/01/14 04:03:50, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain FCATDOM S-1-5-21-236523578-706837566-311576647
[2005/01/14 04:03:51, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for nydc03$@NY.I-FLEX.COM (Cannot find KDC
for requested realm)
[2005/01/14 04:03:53, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
Added domain NY-DOM ny.i-flex.com S-0-0
[2005/01/14 04:03:54, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
krb5_get_credentials failed for nydc03$@NY.I-FLEX.COM (Cannot find KDC
for requested realm)
[2005/01/14 04:03:54, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
[root at squid bin]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: support at OPAL.I-FLEX.COM
Valid starting Expires Service principal
01/14/05 01:42:55 01/14/05 09:43:20
krbtgt/OPAL.I-FLEX.COM at OPAL.I-FLEX.COM
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Thanks and Regards,
Subbu
Iflex Centre,
Iflex solutions Ltd.
Bangalore-+91-80-57596014
DISCLAIMER:
This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
More information about the samba
mailing list