[Samba] winbind and getent

Gabriel Petrescu gabrielescu at gmail.com
Fri Jul 31 07:58:26 MDT 2009 

My status is:

it's working:

smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs.

> Time must be (i think) within 15 min between kdc and client
> net ads info          # Show AD info including time
> date                  # Check time on local host
>
> Test if the client has been joined to the domain.
> net ads testjoin      # Shows join is ok

> If you run the following command without specifying a valid domain
> '--user=', or the password is incorrect, you will see this:  "...Client
> not found in Kerberos database"
> net  ads search '(objectCategory=group)'
>
> If you try to run the following command with a valid user, you will see
> a huge dump.
> net --user=myuser ads search '(objectCategory=group)'


it's not working:

getent group

getent password

or to authenticate a group..


another thing:

we have:

samba, winbind, kerberos, time

than to be able to let an AD group to have access read, write to a
folder we need acl or something else?


my main issue are:

how to check the kerberos works fine? all the info over the internet
shows the same..

i installed x on centos to manage samba in a visual maner.. if i want
to create a share and specify which users / groups can access that
share i can not see the users /groups..

so, there is something fishy....

testparm from samba is ok

Any help / ideea it will be appreciated:)

Gabi



On Thu, Jul 30, 2009 at 6:05 PM, John Stile<john at stilen.com> wrote:
> I wonder if that means that you didn't join the domain, or you aren't
> joining with a domain admin account, or you aren't performing operations
> using an the credentials of a domain user.
>
> Check you have the libs.
> smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs.
>
> Does /etc/krb5.conf look correct for your domain?
>
> Check you have the libs.
> smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs.
>
> Time must be (i think) within 15 min between kdc and client
> net ads info          # Show AD info including time
> date                  # Check time on local host
>
> Test if the client has been joined to the domain.
> net ads testjoin      # Shows join is ok
>
> If you run the following command without specifying a valid domain
> '--user=', or the password is incorrect, you will see this:  "...Client
> not found in Kerberos database"
> net  ads search '(objectCategory=group)'
>
> If you try to run the following command with a valid user, you will see
> a huge dump.
> net --user=myuser ads search '(objectCategory=group)'
>
> On Thu, 2009-07-30 at 09:26 -0500, Hoover, Tony wrote:
>> Have you configured your /etc/krb5.conf file?
>>

More information about the samba mailing list