[Samba] Samba + Windows 2003 AD
Avron Gray
agray at aeso.ca
Thu Jan 8 17:59:06 GMT 2009
I have two domains. One is production and one is development.
- - - - - -
Development domain:
bash-2.05# cat /etc/resolv.conf
domain dev.ca
search dev.ca
nameserver yyy.yyy.yyy.xx
nameserver yyy.yyy.yyy.yy
bash-2.05# ping -I 1 dev.ca
PING dev.ca: 56 data bytes
64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=0. time=14. ms
64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=1. time=21. ms
^C
- - - - - -
Production domain:
bash-2.05# cat /etc/resolv.conf
doamin prod.ca
search prod.ca
nameserver xxx.xxx.xxx.xx
nameserver xxx.xxx.xxx.yy
bash-2.05# ping -I 1 prod.ca
PING prod.ca: 56 data bytes
64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=0. time=0. ms
64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=1. time=0. ms
^C
- - - - - -
I have one host that sees BOTH domains:
# cat /etc/resolv.conf
doamin dev.ca
search dev.ca prod.ca
nameserver yyy.yyy.yyy.xx
nameserver yyy.yyy.yyy.yy
nameserver xxx.xxx.xxx.xx
bash-2.05# ping -I 1 dev.ca
PING dev.ca: 56 data bytes
64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=0. time=14. ms
64 bytes from ddc01.dev.ca (yyy.yyy.yyy.zz): icmp_seq=1. time=21. ms
^C
bash-2.05# ping -I 1 prod.ca
PING prod.ca: 56 data bytes
64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=0. time=0. ms
64 bytes from pdc01 (xxx.xxx.xxx.zz): icmp_seq=1. time=0. ms
^C
- - - - - -
Can you ping XXX.UNDERVISNING.LOCAL by IP address? Can you nslookup
XXX.UNDERVISNING.LOCAL?
- Avron
________________________________
From: Henrik Dige Semark [mailto:hendigsem at hotmail.com]
Sent: Thursday, January 08, 2009 10:48 AM
To: Avron Gray; Samba list
Subject: RE: [Samba] Samba + Windows 2003 AD
When I run
mail:~# ping -I eth3 bgdc.birke-gym.dk
PING bgdc.birke-gym.dk (10.3.17.1) from 10.3.16.1 eth3: 56(84) bytes of
data.
64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=1 ttl=128
time=0.142 ms
64 bytes from bgdc.birke-gym.dk (10.3.17.1): icmp_seq=2 ttl=128
time=0.230 ms
but if I just type:
mail:~# ping -I eth3 birke-gym.dk
ping: unknown host birke-gym.dk
and no, I cant ping anything with XXX.UNDERVISNING.LOCAL
How do I set this up in my resolv.conf ?
If it's possible can you then post your resolv.conf ? Solaris an Debian
is much alike :P
----
Med Venlig Hilsen / Best regards
Henrik Dige Semark
________________________________
Subject: RE: [Samba] Samba + Windows 2003 AD
Date: Thu, 8 Jan 2009 10:36:51 -0700
From: agray at aeso.ca
To: hendigsem at hotmail.com; samba at lists.samba.org
Is the name of the existing Windows Domain "UNDERVISNING.LOCAL"?
On my host:
tstsmb08|/#ping -I 1 domain.ca
PING domain.ca: 56 data bytes
64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=0. time=1.12 ms
64 bytes from dc2.domain.ca (192.168.1.12): icmp_seq=1. time=0.622 ms
^C
Now, if you run:
ping -I 1 birke-gym.dk
the domain controller should respond
Can you ping any hosts on the undervisning.local domain?
ie:
ping -I 1 hostname1.undervisning.local
ping -I 1 hostname2.undervisning.local
- Avron
________________________________
From: Henrik Dige Semark [mailto:hendigsem at hotmail.com]
Sent: Thursday, January 08, 2009 10:24 AM
To: Avron Gray; Samba list
Subject: RE: [Samba] Samba + Windows 2003 AD
Im trying to join a already existing Windows Domain :)
---- Med Venlig Hilsen / Best regards
Henrik Dige Semark
> Subject: RE: [Samba] Samba + Windows 2003 AD
> Date: Thu, 8 Jan 2009 10:22:05 -0700
> From: agray at aeso.ca
> To: hendigsem at hotmail.com; samba at lists.samba.org
>
> Are you trying to join an existing Windows domain? Or create a new
domain?
>
> - Avron
>
> -----Original Message-----
> From: samba-bounces+agray=aeso.ca at lists.samba.org
[mailto:samba-bounces+agray=aeso.ca at lists.samba.org] On Behalf Of Henrik
Dige Semark
> Sent: Thursday, January 08, 2009 10:16 AM
> To: Samba list
> Subject: RE: [Samba] Samba + Windows 2003 AD
>
>
>
> How can I ping
> UNDERVISNING.LOCAL when its just the domain ? the windows server that
runs the domain is bgdc.birke-gym.dk and I can ping that just fine
>
>
>
> My resolv.conf
> ---------------
> search birke-gym.dk
> nameserver 127.0.0.1
>
>
> My nsswitch.conf
> ---------------
> passwd: files winbind compat
> group: files winbind compat
> shadow: files winbind compat
>
> hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
> networks: files
>
> protocols: files winbind db files
> services: files winbind db files
>
> ethers: db files
> rpc: db files
>
> netgroup: files winbind nis
> automount: files winbind
>
> is I'm missing something ?
>
> ----
>
> Med Venlig Hilsen / Best regards
>
> Henrik Dige Semark
>
>
>
> Subject: RE: [Samba] Samba + Windows 2003 AD
> Date: Thu, 8 Jan 2009 09:54:22 -0700
> From: agray at aeso.ca
> To: hendigsem at hotmail.com
>
>
>
>
>
>
>
>
>
>
> Can you :
> ping -I 1 UNDERVISNING.LOCAL
>
> No? Check resolv.conf or nsswitch.conf
>
> (I have a SUN Solaris background - not much
> Debian)
>
> For more help, please include samba at lists.samba.org in to: or
> cc:
>
> Good luck (held og lykke)!
> (Sorry, I don't speak Danish... )
>
> - Avron
>
>
>
> From: Henrik Dige Semark [mailto:hendigsem at hotmail.com]
>
> Sent: Thursday, January 08, 2009 9:48 AM
> To: Avron
> Gray
> Subject: RE: [Samba] Samba + Windows 2003 AD
>
>
>
>
>
>
> Hey thanx for the quick answer
> :)
>
> When I try the net ads testjoin its not very informative :P
>
> #
> net ads testjoin MAIL$@UNDERVISNING.LOCAL's password:
> [2009/01/08
> 17:39:52, 0] utils/net_ads.c:ads_startup(289)
> ads_connect: Operations
> error
> Join to domain is not valid
>
>
>
>
>
> I have also tried wbinfo --all-domains
> but it can't see the domain I try to connect to, will this say that my
smb.conf
> I rung in some point ?
>
>
>
> I have an older SMB witch is running a
> Domain it self, and it can see the domain when I run this command
> ----
>
> Med Venlig Hilsen / Best regards
> Henrik Dige Semark
>
>
>
> >
> Subject: RE: [Samba] Samba + Windows 2003 AD
> > Date: Thu, 8 Jan 2009
> 09:25:47 -0700
> > From: agray at aeso.ca
> > To: hendigsem at hotmail.com;
> samba at lists.samba.org
> >
> > Have you run:
> > net ads
> testjoin
> >
> > Does it say "Join is OK"?
> >
> >
> >
> This might not be related...
> >
> > I had to compile samba 3.0.33 to
> get around a Windows Domain restriction
> > issue:
> >
> https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that
> >
> if the \NETLOGON pipe is opened up on the Windows AD server, the join
> >
> works fine. As soon as it is restricted via domain policies, it
> >
> restricts anonymous access to the ports. As soon as this happens, we
are
> >
> unable to complete a net join ads successfully.
> >
> > - Avron
> >
>
> > -----Original Message-----
> > From:
> samba-bounces+agray=aeso.ca at lists.samba.org
> >
> [mailto:samba-bounces+agray=aeso.ca at lists.samba.org] On Behalf Of
Henrik
> >
> Dige Semark
> > Sent: Thursday, January 08, 2009 9:13 AM
> > To: Samba
> list
> > Subject: [Samba] Samba + Windows 2003 AD
> >
> >
> >
> Hey, I don't know if this is the right list to ask this question in,
but
> >
> I have tried on the IRC (irc.freenode.net #samba) and people on there
> >
> advised me to try here instead.
> >
> >
> > I have:
> >
> Debian 4.0r4
> > Samba version 3.0.24 - mail.birke-gym.dk -
> 10.3.16.1
> > krb5 Version 1.4.4-7etch6
> > Kernel Version
> 2.6.18-6-amd64
> >
> > A Windows Server 2003 SP2 with AD/DC -
> bgdc.birke-gym.dk - 10.3.17.1
> >
> >
>
------------------------------------------------------------------------
> >
> --------------
> >
> > When I try to connect my samba to the DC I get
> this output:
> >
> > # net ads join -U Administrator
> --debuglevel=10
> > [2009/01/08 17:10:15, 5]
> lib/debug.c:debug_dump_status(391)
> > INFO: Current debug levels:
> >
> all: True/10
> > tdb: False/0
> > printdrivers: False/0
> > lanman:
> False/0
> > smb: False/0
> > rpc_parse: False/0
> > rpc_srv:
> False/0
> > rpc_cli: False/0
> > passdb: False/0
> > sam:
> False/0
> > auth: False/0
> > winbind: False/0
> > vfs:
> False/0
> > idmap: False/0
> > quota: False/0
> > acls:
> False/0
> > locking: False/0
> > msdfs: False/0
> > dmapi:
> False/0
> > [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953)
> >
> lp_load: refreshing parameters
> > [2009/01/08 17:10:15, 3]
> param/loadparm.c:init_globals(1418)
> > Initialising global
> parameters
> > [2009/01/08 17:10:15, 3]
> param/params.c:pm_process(572)
> > params.c:pm_process() - Processing
> configuration file
> > "/etc/samba/smb.conf"
> > [2009/01/08 17:10:15,
> 3] param/loadparm.c:do_section(3695)
> > Processing section
> "[global]"
> > doing parameter server string = Debian 4.0 - Samba %v -
> BDC
> > doing parameter netbios name = mail
> > [2009/01/08 17:10:15, 4]
> param/loadparm.c:handle_netbios_name(3053)
> > handle_netbios_name: set
> global_myname to: MAIL
> > doing parameter workgroup = UNDERVISNING
> >
> doing parameter display charset = ASCII
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(105)
> > Attempting to register new charset
> UCS-2LE
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(113)
> > Registered charset UCS-2LE
> >
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> >
> Attempting to register new charset UTF-16LE
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(113)
> > Registered charset
> UTF-16LE
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(105)
> > Attempting to register new charset
> UCS-2BE
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(113)
> > Registered charset UCS-2BE
> >
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> >
> Attempting to register new charset UTF-16BE
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(113)
> > Registered charset
> UTF-16BE
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(105)
> > Attempting to register new charset
> UTF8
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(113)
> > Registered charset UTF8
> >
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> >
> Attempting to register new charset UTF-8
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(113)
> > Registered charset UTF-8
> >
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> >
> Attempting to register new charset ASCII
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(113)
> > Registered charset ASCII
> >
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> >
> Attempting to register new charset 646
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(113)
> > Registered charset 646
> >
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> >
> Attempting to register new charset ISO-8859-1
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(113)
> > Registered charset
> ISO-8859-1
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(105)
> > Attempting to register new charset
> UCS2-HEX
> > [2009/01/08 17:10:15, 5]
> lib/iconv.c:smb_register_charset(113)
> > Registered charset
> UCS2-HEX
> > doing parameter unix charset = UTF-8
> > doing parameter
> dos charset = ASCII
> > doing parameter Inherit permissions = yes
> >
> doing parameter Inherit owner = yes
> > doing parameter security =
> ADS
> > doing parameter idmap uid = 500-10000000
> > doing parameter
> idmap gid = 500-10000000
> > doing parameter template shell =
> /bin/bash
> > doing parameter winbind use default domain = yes
> > doing
> parameter winbind separator = %
> > doing parameter winbind enum users =
> yes
> > doing parameter winbind enum groups = yes
> > doing parameter
> template homedir = /home/%D/%U
> > doing parameter client use spnego =
> yes
> > doing parameter password server = bgdc.birke-gym.dk
> > doing
> parameter encrypt passwords = Yes
> > doing parameter realm =
> UNDERVISNING.LOCAL
> > doing parameter wins server =
> bgdc.birke-gym.dk
> > doing parameter nt acl support = true
> > doing
> parameter os level = 1000
> > doing parameter preferred master = no
> >
> doing parameter domain master = no
> > doing parameter local master =
> no
> > doing parameter domain logons = no
> > doing parameter hide
> special files = Yes
> > doing parameter hide unreadable = Yes
> > doing
> parameter disable netbios = yes
> > doing parameter name resolve order =
> wins lmhosts hosts bcast
> > doing parameter log level = 10
> > doing
> parameter log file = /var/log/samba/UNDERVISNING
> > [2009/01/08 17:10:15,
> 4] param/loadparm.c:lp_load(4984)
> > pm_process() returned Yes
> >
> [2009/01/08 17:10:15, 7] param/loadparm.c:lp_servicenumber(5120)
> >
> lp_servicenumber: couldn't find homes
> > [2009/01/08 17:10:15, 10]
> param/loadparm.c:set_server_role(4229)
> > set_server_role: role =
> ROLE_DOMAIN_MEMBER
> > [2009/01/08 17:10:15, 5]
> lib/util.c:init_names(286)
> > Netbios name list:-
> >
> my_netbios_names[0]="MAIL"
> > [2009/01/08 17:10:15, 2]
> lib/interface.c:add_interface(81)
> > added interface ip=194.182.87.97
> bcast=194.182.87.127
> > nmask=255.255.255.128
> > [2009/01/08 17:10:15,
> 2] lib/interface.c:add_interface(81)
> > added interface ip=194.182.87.2
> bcast=194.182.87.127
> > nmask=255.255.255.128
> > [2009/01/08 17:10:15,
> 2] lib/interface.c:add_interface(81)
> > added interface ip=194.182.87.98
> bcast=194.182.87.127
> > nmask=255.255.255.128
> > [2009/01/08 17:10:15,
> 2] lib/interface.c:add_interface(81)
> > added interface ip=194.182.87.121
> bcast=194.182.87.127
> > nmask=255.255.255.128
> > [2009/01/08 17:10:15,
> 2] lib/interface.c:add_interface(81)
> > added interface ip=10.3.255.1
> bcast=10.3.255.255 nmask=255.255.255.0
> > [2009/01/08 17:10:15, 2]
> lib/interface.c:add_interface(81)
> > added interface ip=10.3.16.1
> bcast=10.3.31.255 nmask=255.255.240.0
> > [2009/01/08 17:10:15, 2]
> lib/interface.c:add_interface(81)
> > added interface ip=10.3.2.250
> bcast=10.3.3.255 nmask=255.255.254.0
> > [2009/01/08 17:10:15, 2]
> lib/interface.c:add_interface(81)
> > added interface ip=10.3.2.1
> bcast=10.3.3.255 nmask=255.255.254.0
> > [2009/01/08 17:10:15, 2]
> lib/interface.c:add_interface(81)
> > added interface ip=10.8.0.1
> bcast=10.8.0.255 nmask=255.255.255.0
> > Administrator's password:
> >
> [2009/01/08 17:10:19, 6] libads/ldap.c:ads_find_dc(224)
> > ads_find_dc:
> looking for realm 'UNDERVISNING.LOCAL'
> > [2009/01/08 17:10:19, 8]
> libsmb/namequery.c:get_sorted_dc_list(1551)
> > get_sorted_dc_list:
> attempting lookup using [ads]
> > [2009/01/08 17:10:19, 5]
> lib/gencache.c:gencache_init(61)
> > Opening cache file at
> /var/run/samba/gencache.tdb
> > [2009/01/08 17:10:19, 10]
> lib/gencache.c:gencache_get(329)
> > Cache entry with key =
> SAF/DOMAIN/UNDERVISNING.LOCAL couldn't be found
> > [2009/01/08 17:10:19, 5]
> libsmb/namequery.c:saf_fetch(105)
> > saf_fetch: failed to find server for
> "UNDERVISNING.LOCAL" domain
> > [2009/01/08 17:10:19, 3]
> libsmb/namequery.c:get_dc_list(1426)
> > get_dc_list: preferred server list:
> ", bgdc.birke-gym.dk"
> > [2009/01/08 17:10:19, 10]
> libsmb/namequery.c:internal_resolve_name(1132)
> > internal_resolve_name:
> looking up bgdc.birke-gym.dk#20
> > [2009/01/08 17:10:19, 10]
> lib/gencache.c:gencache_get(304)
> > Returning valid cache entry: key =
> NBT/BGDC.BIRKE-GYM.DK#20, value =
> > 10.3.17.1:0, timeout = Thu Jan 8
> 17:20:53 2009
> > [2009/01/08 17:10:19, 5]
> libsmb/namecache.c:namecache_fetch(201)
> > name bgdc.birke-gym.dk#20
> found.
> > [2009/01/08 17:10:19, 10]
> >
> libsmb/namequery.c:remove_duplicate_addrs2(408)
> > remove_duplicate_addrs2:
> looking for duplicate address/port pairs
> > [2009/01/08 17:10:19, 4]
> libsmb/namequery.c:get_dc_list(1529)
> > get_dc_list: returning 1 ip
> addresses in an ordered list
> > [2009/01/08 17:10:19, 4]
> libsmb/namequery.c:get_dc_list(1530)
> > get_dc_list: 10.3.17.1:389
> >
> [2009/01/08 17:10:19, 5] libads/ldap.c:ads_try_connect(127)
> >
> ads_try_connect: sending CLDAP request to 10.3.17.1 (realm:
> >
> UNDERVISNING.LOCAL)
> > [2009/01/08 17:10:19, 10]
> libsmb/namequery.c:saf_store(71)
> > saf_store: domain = [UNDERVISNING],
> server = [10.3.17.1], expire =
> > [1231431919]
> > [2009/01/08
> 17:10:19, 10] lib/gencache.c:gencache_set(140)
> > Adding cache entry with
> key = SAF/DOMAIN/UNDERVISNING; value =
> > 10.3.17.1 and timeout = Thu Jan 8
> 17:25:19 2009
> > (900 seconds ahead)
> > [2009/01/08 17:10:19, 3]
> libads/ldap.c:ads_connect(287)
> > Connected to LDAP server
> 10.3.17.1
> >
> > ==== STOPS HERE FOR ABOUT 30 SEC ====
> >
>
> > [2009/01/08 17:10:24, 0] utils/net_ads.c:ads_startup(289)
> >
> ads_connect: Operations error
> > [2009/01/08 17:10:24, 2]
> utils/net.c:main(988)
> > return code = -1
> >
> >
>
------------------------------------------------------------------------
> >
> --------------
> >
> > Windows Server Event log:
> >
> =======
> > Windows Server Event - [22:56:34]
> >
> > Successful
> Network Logon:
> > User Name: BGDC$
> > Domain: UNDERVISNING
> >
> Logon ID: (0x0,0x1C82893)
> > Logon Type: 3
> > Logon Process:
> Kerberos
> > Authentication Package: Kerberos
> > Workstation Name:
>
> > Logon GUID: {791dbfae-1330-1cc3-24ee-538ed69bc9d8}
> > Caller User
> Name: -
> > Caller Domain: -
> > Caller Logon ID: -
> > Caller
> Process ID: -
> > Transited Services: -
> > Source Network Address:
> 10.3.17.1
> > Source Port: 4831
> >
> > For more information, see
> Help and Support Center at
> >
> http://go.microsoft.com/fwlink/events.asp.
> >
> >
> >
> ======================================
> > Windows Server Event -
> [22:56:34]
> > Special privileges assigned to new logon:
> > User Name:
> BGDC$
> > Domain: UNDERVISNING
> > Logon ID: (0x0,0x1C82893)
> >
> Privileges: SeSecurityPrivilege
> > SeBackupPrivilege
> >
> SeRestorePrivilege
> > SeTakeOwnershipPrivilege
> >
> SeDebugPrivilege
> > SeSystemEnvironmentPrivilege
> >
> SeLoadDriverPrivilege
> > SeImpersonatePrivilege
> >
> SeEnableDelegationPrivilege
> >
> > For more information, see Help and
> Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
>
> >
> > ======================================
> >
> >
>
> >
> > Windows Server Event - [23:01:34]
> >
> > User
> Logoff:
> > User Name: BGDC$
> > Domain: UNDERVISNING
> > Logon ID:
> (0x0,0x1C82893)
> > Logon Type: 3
> >
> > For more information,
> see Help and Support Center at
> >
> http://go.microsoft.com/fwlink/events.asp.
> >
> >
> >
>
------------------------------------------------------------------------
> >
> --------------
> >
> > My klist:
> > =======
> > #
> klist
> > Ticket cache: FILE:/tmp/krb5cc_0
> > Default principal:
> Administrator at UNDERVISNING.LOCAL
> >
> > Valid starting Expires Service
> principal
> > 01/04/09 16:36:47 01/04/09 23:16:47
> >
> krbtgt/UNDERVISNING.LOCAL at UNDERVISNING.LOCAL
> >
> >
> > Kerberos
> 4 ticket cache: /tmp/tkt0
> > klist: You have no tickets cached
> >
>
> >
>
------------------------------------------------------------------------
> >
> --------------
> >
> > smb.conf
> > =======
> > cat
> /etc/samba/smb.conf | grep -v "#"
> > [global]
> > dos charset =
> ASCII
> > display charset = ASCII
> > workgroup = UNDERVISNING
> >
> realm = UNDERVISNING.LOCAL
> > server string = Debian 4.0 - Samba %v -
> BDC
> > security = ADS
> > password server = bgdc.birke-gym.dk
> >
> log level = 10
> > log file = /var/log/samba/UNDERVISNING
> > disable
> netbios = Yes
> > name resolve order = wins lmhosts hosts bcast
> > os
> level = 1000
> > preferred master = No
> > local master = No
> >
> domain master = No
> > wins server = bgdc.birke-gym.dk
> > idmap uid =
> 500-10000000
> > idmap gid = 500-10000000
> > template shell =
> /bin/bash
> > winbind separator = %
> > winbind enum users = Yes
> >
> winbind enum groups = Yes
> > winbind use default domain = Yes
> >
> inherit permissions = Yes
> > inherit owner = Yes
> > hide special files
> = Yes
> > hide unreadable = Yes
> >
> > [homes]
> > comment =
> Home Directories
> > valid users = %U
> > read only = No
> >
> browseable = No
> >
> >
>
------------------------------------------------------------------------
> >
> --------------
> >
> > # testparm
> > Load smb config files from
> /etc/samba/smb.conf
> > Processing section "[homes]"
> > Loaded services
> file OK.
> > Server role: ROLE_DOMAIN_MEMBER
> > Press enter to see a
> dump of your service definitions
> > ^C
> >
> >
>
------------------------------------------------------------------------
> >
> --------------
> >
> > krb5.conf
> > ======
> >
> >
> [logging]
> > default = FILE:/var/log/krb5libs.log
> > #kdc =
> FILE:/var/log/krb5kdc.log
> > #admin_server =
> FILE:/var/log/kadmind.log
> >
> > [libdefaults]
> > ticket_lifetime
> = 24000
> > default_realm = UNDERVISNING.LOCAL
> >
> >
> default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
> > default_tgs_enctypes =
> des3-hmac-sha1 des-cbc-crc
> >
> > [realms]
> > #================
> Birke-gym.dk =========================
> > UNDERVISNING.LOCAL = {
> >
> kdc = bgdc.birke-gym.dk
> > admin_server = bgdc.birke-gym.dk
> >
> default_domain = UNDERVISNING.LOCAL
> > }
> >
> >
> [domain_realm]
> > .undervisning.local = UNDERVISNING.LOCAL
> >
> undervisning.local = UNDERVISNING.LOCAL
> >
> > [login]
> >
> krb4_convert = true
> > krb4_get_tickets = false
> >
> >
>
------------------------------------------------------------------------
> >
> --------------
> >
> > # cat /etc/hosts
> > 127.0.0.1 localhost
> mail
> > 127.0.1.1 mail.birke-gym.dk mail
> >
> > 10.3.17.1
> bgdc.birke-gym.dk bgdc
> >
> >
>
------------------------------------------------------------------------
> >
> --------------
> >
> > Any suggestion ?
> >
> > And how mutch
> do I have to setup on the Windows Server ? I have createt
> > a krb. trust
> on it and I use the pass I gave there, but is there more I
> > have to set
> ?
> >
> > Sorry for my bad english, and if there is anything plz feel
> free to
> > write, all help is resived with love
> >
> >
> ----
> > Med Venlig Hilsen / Best regards
> > Henrik Dige Semark
> >
> _________________________________________________________________
> > Del
> dine billeder med alle vennerne med Windows Live Photo Gallery.
> >
> http://download.live.com/photogallery--
> > To unsubscribe from this list
> go to the following URL and read the
> > instructions:
> https://lists.samba.org/mailman/listinfo/samba
>
>
>
> Vind en Samsung fladskrm og f Hotmail p mobilen Ls mere her.
> _________________________________________________________________
> F Windows Live Hotmail to go med Samsung i200!
> www.microsoft.dk/hotmail--
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
________________________________
Hold styr p hvor mange i bliver til festen med Windows Live
Begivenheder. Start med at invitere her! <http://events.live.com>
________________________________
Vind en Samsung fladskrm og f Hotmail p mobilen Ls mere her.
More information about the samba
mailing list