[Samba] Urgent... winbind and keytab file creation

Oliver Weinmann oliver.weinmann at vega.de
Wed Apr 2 14:41:58 GMT 2008 

Ok. i got it. I had to change the parameter for:

krb5_ccache_type = FILE

now the users get a "cached" ticket at login. COOL :)

but when the automount daemon tries to mount their home it fails:

Apr  2 16:41:09 rhel4wbtest2 rpc.gssd[1793]: WARNING: Failed to create
krb5 context for user with uid 82967 for server ds-san-02.vegagroup.net
Apr  2 16:41:12 rhel4wbtest2 rpc.gssd[1793]: rpcsec_gss:
gss_init_sec_context: (major) Miscellaneous failure - (minor) No
credentials found with supported encryption types

Cheers,
Oli
-----Original Message-----
From: samba-bounces+oliver.weinmann=vega.de at lists.samba.org
[mailto:samba-bounces+oliver.weinmann=vega.de at lists.samba.org] On Behalf
Of Oliver Weinmann
Sent: 02 April 2008 16:31
To: Gerald (Jerry) Carter
Cc: samba at lists.samba.org
Subject: RE: [Samba] Urgent... winbind and keytab file creation

Sounds cool.

i made the changes. When i login as an ad user i don't get a ticket? Is
there anything else i need to set?

Cheers  

-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Sent: 02 April 2008 16:08
To: Oliver Weinmann
Cc: samba at lists.samba.org
Subject: Re: [Samba] Urgent... winbind and keytab file creation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oliver Weinmann wrote:
> how? when i use pam_winbind to login and automount to mount a users 
> home with kerberos security i dont get a TGT at login. So this doesn't

> seem to work with pam_winbind or?

Install examples/pam_winbind/pam_winbind.conf to /etc/security/ and
enable the krb5_auth option.

Also set "winbind refresh tickets = yes" in smb.conf.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFH85NJIR7qMdg1EfYRArVHAJ4sn70tRJV6uM7coc9id1CjgUMlHQCfcJ7k
XPb8CJDfP62ida5MuNjbEn4=
=/0bH
-----END PGP SIGNATURE-----

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________

More information about the samba mailing list