[Samba] samba3+ADS

subramanian.ponnusamy at iflexsolutions.com subramanian.ponnusamy at iflexsolutions.com
Thu Jan 13 22:40:21 GMT 2005


Hi ,

 

I'm using RH9, and I have compiled samba 3.0.1 compiled from sources,
with the following options:
 
./configure --with-winbind --with-winbind-auth-challenge --with-pam \




--with-acl-support --with-ldapsam --with-pam_smbpass \
--with-ads --with-ldap --with-dce-dfs --with-smbwrapper --enable-pam





 net ads join -S server.domain.com -U support
 worked fine.
 
 
I started winbindd. 'wbinfo -u' & 'wbinfo -g' can get all users & groups
from domain.
 
But the command 'getent passwd' could only show local accounts, without
any
domain mapped accounts inside.
 
Nscd service also not running. 
 
What could be the problem?  Could you please help me to resolve this
issue jelmer.
 
 
/etc/samba/smb.conf:
 
    [global]
        workgroup = OP-DOM
        realm = OPAL.I-FLEX.COM
        server string = Samba Server
        security = ADS
        password server = 169.165.63.8
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = No
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind separator = #
        winbind use default domain = Yes





/etc/krb5.conf:
 
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 
[libdefaults]
 ticket_lifetime = 24000
 default_realm = OPAL.I-FLEX.COM
 dns_lookup_realm = false
 dns_lookup_kdc = true
 
[realms]
 OPAL.I-FLEX.COM = {
  kdc = mil-dc-02.opal.i-flex.com
  admin_server = mil-dc-02.opal.i-flex.com
  default_domain = opal.i-flex.com
 }
 
[domain_realm]
 .OPAL.I-FLEX.COM = OPAL.I-FLEX.COM
 opal.i-flex.com = OPAL.I-FLEX.COM
 
[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf
 
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
 
 
/etc/nsswitch.conf:
 
    passwd:     files winbind
    shadow:     files
    group:      files winbind
 
    hosts:      files dns
 
    bootparams: nisplus [NOTFOUND=return] files
 
    ethers:     files
    netmasks:   files
    networks:   files
    protocols:  files
    rpc:        files
    services:   files
 
    netgroup:   files
 
    publickey:  nisplus
 
    automount:  files
    aliases:    files nisplus
 
 
--------------- Logs -----------------
 
/var/log/samba/log.winbindd:
 
[2005/01/14 04:03:18, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain OP-DOM OPAL.I-FLEX.COM
[2005/01/14 04:03:18, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)
[2005/01/14 04:03:20, 1]
nsswitch/winbindd_util.c:add_trusted_domains(207)
  scanning trusted domain list
[2005/01/14 04:03:21, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for singdc03$@SING.I-FLEX.COM (Cannot find
KDC for requested realm)
[2005/01/14 04:03:22, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain SING sing.i-flex.com
S-1-5-21-1390067357-1214440339-725345543
[2005/01/14 04:03:22, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for ch-dc-02$@CH.I-FLEX.COM (Cannot find
KDC for requested realm)
[2005/01/14 04:03:22, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain CH-DOM ch.i-flex.com
S-1-5-21-1937329982-1241017600-1843927889
[2005/01/14 04:03:32, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for pu-dc-02$@PUNE.I-FLEX.COM (Cannot find
KDC for requested realm)
[2005/01/14 04:03:32, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain PUNENTDOM pune.i-flex.com
S-1-5-21-475882704-881679878-1537874043
[2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for spz-dc-01$@SPZ.I-FLEX.COM (Cannot find
KDC for requested realm)
[2005/01/14 04:03:33, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain SDF1-NT-DOM spz.i-flex.com
S-1-5-21-1549417937-415303249-622671684
[2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for dcroot$@I-FLEX.COM (Cannot find KDC
for requested realm)
[2005/01/14 04:03:33, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain I-FLEX i-flex.com
S-1-5-21-1202660629-796845957-1801674531
[2005/01/14 04:03:33, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for jbdc01$@VP.I-FLEX.COM (Cannot find KDC
for requested realm)
[2005/01/14 04:03:34, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain VPNTDOM vp.i-flex.com
S-1-5-21-635063025-298412223-930774774
[2005/01/14 04:03:34, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for cvr-dc-01$@RT.I-FLEX.COM (Cannot find
KDC for requested realm)
[2005/01/14 04:03:34, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain RT-DOM rt.i-flex.com
S-1-5-21-1839471235-300689253-1848903544
[2005/01/14 04:03:50, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain FCATDOM  S-1-5-21-236523578-706837566-311576647
[2005/01/14 04:03:51, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for nydc03$@NY.I-FLEX.COM (Cannot find KDC
for requested realm)
[2005/01/14 04:03:53, 1]
nsswitch/winbindd_util.c:add_trusted_domain(150)
  Added domain NY-DOM ny.i-flex.com S-0-0
[2005/01/14 04:03:54, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)
  krb5_get_credentials failed for nydc03$@NY.I-FLEX.COM (Cannot find KDC
for requested realm)
[2005/01/14 04:03:54, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276)

 

 

 

[root at squid bin]# klist

Ticket cache: FILE:/tmp/krb5cc_0

Default principal: support at OPAL.I-FLEX.COM

 

Valid starting     Expires            Service principal

01/14/05 01:42:55  01/14/05 09:43:20
krbtgt/OPAL.I-FLEX.COM at OPAL.I-FLEX.COM

 

 

Kerberos 4 ticket cache: /tmp/tkt0

klist: You have no tickets cached

 

 

Thanks and Regards,

Subbu

Iflex Centre,

Iflex solutions Ltd.

Bangalore-+91-80-57596014

 



DISCLAIMER:
This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.


More information about the samba mailing list