[Samba] Problems with authenticating linux against Windows 2000 Active Directory

Marcelin Bruno bruno.marcelin at clermont.cemagref.fr
Fri Jun 10 08:25:51 GMT 2005 

Hi,

I am trying to authenticating Linux (Debian) against Windows 2000 Active
Directory. It works but i have errors in winbindd logs.
This is how my Active Directory Forest is organized :
myCompany.com
Site1.myCompany.com
Site2.myCompany.com
Site3.myCompany.com
...
SiteX.myCompany.com

I am in the site1 and samba speaks with all the other sites. Why? How to
prevent that?

This my configuration files and the log file

######## Smf.conf #############

        workgroup = SITE1
        realm = SITE1.MYCOMPANY.COM
        security = ADS
        obey pam restrictions = Yes
        password server = PasswordServerName
        passdb backend = tdbsam, guest
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        log file = /var/log/samba/log.%m
        max log size = 1000
        name resolve order = lmhosts host bcast
        dns proxy = No
        idmap uid = 500-10000000
        idmap gid = 500-10000000
        template homedir = /home/%U
        template shell = /bin/bash
        winbind use default domain = Yes
        winbind nested groups = Yes
        invalid users = root


########## krb5.conf ############

[libdefaults]
        default_realm = SITE1.MYCOMPANY.COM
        dns_lookup_realm = false

[realms]
SITE1.MYCOMPANY.COM= {
         kdc = kdc.SITE1.MYCOMPANY.COM
        }

[domain_realm]
.site1.mycompany.com=SITE1.MYCOMPANY.COM


########## log.winbindd ##########

ads_krb5_mk_req: krb5_get_credentials failed for
server$@SITE2.MYCOMPANY.COM (Cannot resolve network address for KDC in
requested realm)
[2005/06/10 10:10:50, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain SITE2-NBT failed: Cannot resolve network
address for KDC in requested realm
[2005/06/10 10:10:51, 1] libsmb/clikrb5.c:ads_krb5_mk_req(389)
  ads_krb5_mk_req: krb5_get_credentials failed for
server$@SITE3.MYCOMPANY.COM (Cannot resolve network address for KDC in
requested realm)
[2005/06/10 10:10:51, 1] libsmb/clikrb5.c:ads_krb5_mk_req(389)
  ads_krb5_mk_req: krb5_get_credentials failed for
server$@SITE3.MYCOMPANY.COM (Cannot resolve network address for KDC in
requested realm)
[2005/06/10 10:10:51, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain SITE3 failed: Cannot resolve network address
for KDC in requested realm
[2005/06/10 10:10:51, 1] libsmb/clikrb5.c:ads_krb5_mk_req(389)
  ads_krb5_mk_req: krb5_get_credentials failed for
server$@SITE4.MYCOMPANY.COM (Cannot resolve network address for KDC in
requested realm)
[2005/06/10 10:10:51, 1] libsmb/clikrb5.c:ads_krb5_mk_req(389)
  ads_krb5_mk_req: krb5_get_credentials failed for
server$@SITE4.MYCOMPANY.COM (Cannot resolve network address for KDC in
requested realm)
[2005/06/10 10:10:51, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain SITE4-NBT failed: Cannot resolve network
address for KDC in requested realm

Any Ideas?
Bruno

More information about the samba mailing list