[Samba] winbind and getent
John Stile
john at stilen.com
Thu Jul 30 09:05:44 MDT 2009
I wonder if that means that you didn't join the domain, or you aren't
joining with a domain admin account, or you aren't performing operations
using an the credentials of a domain user.
Check you have the libs.
smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs.
Does /etc/krb5.conf look correct for your domain?
Check you have the libs.
smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs.
Time must be (i think) within 15 min between kdc and client
net ads info # Show AD info including time
date # Check time on local host
Test if the client has been joined to the domain.
net ads testjoin # Shows join is ok
If you run the following command without specifying a valid domain
'--user=', or the password is incorrect, you will see this: "...Client
not found in Kerberos database"
net ads search '(objectCategory=group)'
If you try to run the following command with a valid user, you will see
a huge dump.
net --user=myuser ads search '(objectCategory=group)'
On Thu, 2009-07-30 at 09:26 -0500, Hoover, Tony wrote:
> Have you configured your /etc/krb5.conf file?
>
>
>
>
>
> ------------------------------------------------------------------------
> Tony Hoover, Network Administrator
> KSU - Salina, College of Technology and Aviation
> (785) 826-2660
>
> "Don't Blend in..."
> ------------------------------------------------------------------------
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> On Behalf Of Gabriel Petrescu
> Sent: Thursday, July 30, 2009 8:39 AM
> To: John Stile
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] winbind and getent
>
> hi:)
>
> in my case it's working:
>
> > wbinfo Shows winbind is doing lookups from ADS
> > wbinfo -u
> > wbinfo -g
> > wbinfo -a mydomain+myuser%mypassword
>
> and i get an error here:
>
> kinit tests
> kinit(v5): Client not found in Kerberos database while getting initial
> credentials
>
>
> any advice here?
>
> gabi
>
> On Wed, Jul 29, 2009 at 6:58 PM, John Stile<john at stilen.com> wrote:
> > On Wed, 2009-07-29 at 22:33 +1000, tsg-samba wrote:
> >> Hi Volker,
> >>
> >> Yes in smb.conf i have:
> >> winbind enum users = Yes
> >> winbind enum groups = Yes
> >
> > getent Shows nsswitch is correct, to resolve ADS users and groups.
> > getent passwd
> > getent group
> >
> > wbinfo Shows winbind is doing lookups from ADS
> > wbinfo -u
> > wbinfo -g
> > wbinfo -a mydomain+myuser%mypassword
> >
> > kinit tests if kerberose can authenticate
> > kinit myuser
> >
> > If 'wbinfo -g' shows MYDOMAIN+Domain Users,
> > maybe your share should have a line like:
> > valid users = @"MYDOMAIN+Domain Users"
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
More information about the samba
mailing list