[Samba] Samba 3.2 experiences
jelmer.jaarsma at sara.nl
Thu Jul 24 14:30:03 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
I've been trying to get Samba 3.2 to work in the past few days, and I'm
running into a few problems which I have been unable to solve myself.
My first problem isn't blocking for me, but it seems not consistent with
documentation. I can't join my server using a domain admin's kerberos
ticket. I need to specify "-U <username" and then type in the password
The second problem is weird, and I'm not sure if it's a problem, but
when I join the domain (with specifying -U <username>) I get an error
telling me that it failed to create the Kerberos keytab. If I run a
testjoin after that it tells me everything is okay :-)
Output of a "net ads join -d3" and a listing of the created keytab over
So far I've assumed that the error about not being able to join the
domain is bogus, since everything appears to be working. A "wbinfo -u"
returns all users it ought to report.
However, I can't get the nss details from the trusted domain. It's
working awesome for the primary domain though (where the Samba machine
is in itself). What am I doing wrong here? Please see my smb.conf linked
at the bottom.
I hope I'm providing enough information, if not, please let me know and
I'll provide whatever is needed
Thanks in advance,
== Configuration details ==
I'm using Ubuntu Hardy 8.04 with the package from the Intrepid
repository (which is synched with Debian), currently at version
3.2.0-4ubuntu1. I also build the package for libtalloc1 from Intrepid
(version 1.2.0~git20080616-1) which is Jelmer Vernooij's package)
My smb.conf: http://pastebin.org/56705
My krb5.conf: http://pastebin.org/56707
Our Windows environment exists of w2k8 servers, running in w2k3 native
mode. We have 4 domains in total with some trusts in between them, the
domains are: KA, VANCIS, PROJECTS and VPROJECTS.
KA and VANCIS trust eachother
KA and PROJECTS trust eachother
VANCIS and VPROJECTS trust eachother
All trusts are 2-way, non-transitive
The schema for the KA and VANCIS domains have been extended with the
rfc2307 schema and for the relevent users and groups the details have
been filled in.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba