[Samba] Samba / AD authentication - one machine only !!!!
Tim Holmes
tholmes at mcaschool.net
Fri Jul 22 18:00:42 GMT 2005
Folks -- thanks for all your help -- I have gotten the SAMBA
AUTHENTICATION problem resolved -- I rebuilt the machine --
That machine has had as many as 5 different samba configs on it over the
last 3 months as I have tried to get things figured out to make it work
right. So now that I had a known working configuration, I just needed
to clean all the other junk up
Thanks so much for all your help
I still have a few questions about how to configure permissions which I
posted earlier, if anyone can help out, I would appreciate it
TIM
Timothy A. Holmes
IT Manager / Webmaster / Science Teacher
Medina Christian Academy
A Higher Standard...
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14
Timothy A. Holmes
IT Manager / Webmaster / Science Teacher
Medina Christian Academy
A Higher Standard...
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14
> -----Original Message-----
> From: samba-bounces+tholmes=mcaschool.net at lists.samba.org
[mailto:samba-
> bounces+tholmes=mcaschool.net at lists.samba.org] On Behalf Of Tim Holmes
> Sent: Thursday, July 21, 2005 1:29 PM
> To: samba at lists.samba.org
> Subject: [Samba] Samba / AD authentication - one machine only !!!!
>
> Hi Folks:
>
> I am continuing to work on the samba problems. This is a weird one!!!
>
> I have 3 servers with samba running:
>
> 2 of them work perfectly and the third one refuses to authenticated
>
> I am seeing a lot of the following error
>
> [2005/07/21 12:58:21, 0] lib/util_sock.c:get_peer_addr(1000)
> getpeername failed. Error was Transport endpoint is not connected
>
>
> Googleing around has found that it seems to be related to DNS issues,
> but that makes no sense, since the two other servers running identical
> [global] sections (only differences are machine names etc) and krb5
> configurations are working fine
>
> The web server works cool
> The testbed server works kool
>
> When I try to access the file server, it asks for authentication
>
> Kinit shows no errors, so I assume that's working right
>
>
> Here is the smb.conf
> [global]
> log file = /var/log/samba/%m.log
> idmap gid = 10000-40000
> socket options = SO_RCVBUF=8192
> wins server = 192.168.0.2
> domain master = No
> realm = MCASCHOOL.NET
> netbios name = srvfs-01
> server string = MCA File Server (test conf)
> password server = srvdc01.mcaschool.net
> idmap uid = 10000-40000
> winbind enum users = yes
> winbind nested groups = Yes
> local master = No
> workgroup = MCASCHOOL
> os level = 20
> winbind enum groups = yes
> security = ads
> preferred master = no
>
> [users]
> path = /home
> read only = No
>
>
> here is the nsswitch.conf
>
> #
> # /etc/nsswitch.conf
> #
> # An example Name Service Switch config file. This file should be #
> sorted with the most-used services at the beginning.
> #
> # The entry '[NOTFOUND=return]' means that the search for an # entry
> should stop if the search in the previous entry turned # up nothing.
> Note that if the search failed due to some other reason # (like no NIS
> server responding) then the search continues with the # next entry.
> #
> # Legal entries are:
> #
> # nisplus or nis+ Use NIS+ (NIS version 3)
> # nis or yp Use NIS (NIS version 2), also called
YP
> # dns Use DNS (Domain Name Service)
> # files Use the local files
> # db Use the local database (.db) files
> # compat Use NIS on compat mode
> # hesiod Use Hesiod for user lookups
> # [NOTFOUND=return] Stop searching if not found so far
> #
>
> # To use db, put the "db" in front of "files" for entries you want to
be
> # looked up first in the databases # # Example:
> #passwd: db files nisplus nis
> #shadow: db files nisplus nis
> #group: db files nisplus nis
>
> passwd: files compat winbind
> shadow: compat
> group: files compat winbind
>
> #hosts: db files nisplus nis dns
> hosts: files dns winbind
>
> # Example - obey only what nisplus tells us...
> #services: nisplus [NOTFOUND=return] files
> #networks: nisplus [NOTFOUND=return] files
> #protocols: nisplus [NOTFOUND=return] files
> #rpc: nisplus [NOTFOUND=return] files
> #ethers: nisplus [NOTFOUND=return] files
> #netmasks: nisplus [NOTFOUND=return] files
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers: files
> netmasks: files
> networks: files
> protocols: files winbind
> rpc: files
> services: files winbind
>
> netgroup: files winbind
>
> publickey: nisplus
>
> automount: files winbind
> aliases: files nisplus
>
>
>
>
>
> And the /etc/krb5.conf
>
>
> [libdefaults]
> default_realm = MCASCHOOL.NET
>
> [realms]
> MCASCHOOL.NET = {
> kdc = srvdc01.mcaschool.net
> }
>
> [domain_realm]
> .mcaschool.net = MCASCHOOL.NET
> mcaschool.net = MCASCHOOL.NET
>
>
>
> here is the /etc/hosts
>
> # Do not remove the following line, or various programs # that require
> network functionality will fail.
> 127.0.0.1 srvfs-01 localhost.localdomain localhost
> 192.168.0.5 srvfs-01 srvfs-01.mcaschool.net srvfs-01
>
>
>
> And last but not least the /etc/resolv.conf
>
> domain mcaschool.net
> nameserver 192.168.0.2
>
>
>
> This one has me totally stumped, because one of the servers that is
> running is running an exactly identical hardware set
>
> Any suggestions would be most helpful
>
>
>
> Timothy A. Holmes
>
> IT Manager / Webmaster / Science Teacher
>
> Medina Christian Academy
> A Higher Standard...
>
> Jeremiah 33:3
> Jeremiah 29:11
> Esther 4:14
>
> Timothy A. Holmes
>
> IT Manager / Webmaster / Science Teacher
>
> Medina Christian Academy
> A Higher Standard...
>
> Jeremiah 33:3
> Jeremiah 29:11
> Esther 4:14
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list