[Samba] Confused about what I am seeing with domain names
David Shapiro
David.Shapiro at bcbsnc.com
Fri Feb 3 16:13:36 GMT 2006
I see you put ip of dc. When I run wbinfo --getdcname DOMAIN it does
not return back a dc.
The log.winbindd does not show anything even at log level 10:
]: Get DC name for BCBSNC
[2006/02/03 11:01:37, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
Retrieving response for pid 22330
[2006/02/03 11:03:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
Retrieving response for pid 22330
[2006/02/03 11:03:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1551)
Retrieving extra data length=251
[2006/02/03 11:08:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1529)
Retrieving response for pid 22330
[2006/02/03 11:08:07, 10]
../nsswitch/winbindd_cache.c:cache_retrieve_response(1551)
Retrieving extra data length=251
David Shapiro
Unix Team Lead
919-765-2011
>>> "Nico De Wilde" <nico at openix.be> 2/3/2006 11:05:11 AM >>>
David,
Can you add the following lines to your krb5.conf:
[realms]
DOMAIN.COM = {
kdc = ip.of.your.dc:88
admin_server = ip.of.your.dc:749
default_domain = domain.com
}
Regards,
Nico
----- Original Message -----
From: David Shapiro
To: Nico Wilde
Sent: Friday, February 03, 2006 4:50 PM
Subject: Re: [Samba] Confused about what I am seeing with domain
names
I am trying to get a aix samba server to join an ads domain. I think
I see what the DOMAIN_NETWORK is. wbinfo -D for it shows it is not an
ads server whereas the DOMAIN one is an ads server. That one is not
showing information because kerberos cannot find the kdc for some reason
that I can't figure out. It does have SRV records in dns.
Here is the krb5.conf file I am using:
mit krb5:
[libdefaults]
default_realm = DOMAIN.COM
[realms]
DOMAIN.COM = {
kdc = adsserver.domain.com
admin_server = adsserver.domain.com
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
[logging]
kdc = CONSOLE
smb.conf:
[global]
workgroup = DOMAIN
netbios name = sambaserver
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 10000-20000
idmap gid = 10000-20000
idmap backend = ad
# os level = 65
winbind enum users = yes
winbind enum groups = yes
#winbind uid = 10000-20000
#winbind gid = 10000-20000
winbind separator = /
encrypt passwords = yes
server string = samba server
security = ADS
# security = domain
realm = DOMAIN.COM
password server = adsserver.domain.com
preferred master = no
log file = /usr/local/samba/var/log.%m
log level = 10
max log size = 50
local master = No
dns proxy = No
wins server = wins02 wins03
wins proxy = no
name resolve order = hosts wins lmhosts bcast
aio read size = 1
aio write size = 1
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
[homes]
path = /home/%u
read only = No
David Shapiro
Unix Team Lead
919-765-2011
>>> "Nico De Wilde" <nico at openix.be> 2/3/2006 9:55:15 AM >>>
David,
Please post your smb.conf / nsswitch.conf/krb5.conf
What are you trying to achieve? Joining a samba server to a Windows
AD
domain?
Please provide some more information.
Thx.
Regards,
Nico
----- Original Message -----
From: "David Shapiro" <David.Shapiro at bcbsnc.com>
To: <samba at lists.samba.org>
Sent: Friday, February 03, 2006 3:49 PM
Subject: [Samba] Confused about what I am seeing with domain names
>I could not get wbinfo -g/u to work and was seeing a bunch of
errors
> related to to not being able to enumerate groups. I saw somebody
use
> idmap backend = ad and added this since I have been struggling to
get ad
> working (still not working). Now, when I run wbinfo -g/-u, I am
getting
> groups and users, but the domain it shows is different than what I
> expected. My domain I was using for workgroup line is DOMAIN, for
> example, but wbinfo -g returns back:
>
> DOMAIN_NETWORK/group
>
> Is _NETWORK something that samba added, or is theis the name of
the
> domain I should really be using? I did a grep on wbinfo -u for my
user,
> and it returned my user too. If my domain is actually
DOMAIN_NETWORK,
> is it possible my realm is not domain.com but domain_network.com
or
> something weird like that? Should I change my workgroup line to
use
> domain_network? I still can't get my kinit to find my kdc. I am
> wondering if I clear this up maybe my kdc kinit command will work.
Note
> that I did ask my nt admin to run dns nslookup checks on
> _ldap.domain.com and _kerberos.domain.com, and those did return
the
> correct results showing domain.com should be my realm.
>
> David
>
>
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list