[Samba] winbind and getent
Gabriel Petrescu
gabrielescu at gmail.com
Fri Jul 31 07:58:26 MDT 2009
My status is:
it's working:
smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs.
> Time must be (i think) within 15 min between kdc and client
> net ads info # Show AD info including time
> date # Check time on local host
>
> Test if the client has been joined to the domain.
> net ads testjoin # Shows join is ok
> If you run the following command without specifying a valid domain
> '--user=', or the password is incorrect, you will see this: "...Client
> not found in Kerberos database"
> net ads search '(objectCategory=group)'
>
> If you try to run the following command with a valid user, you will see
> a huge dump.
> net --user=myuser ads search '(objectCategory=group)'
it's not working:
getent group
getent password
or to authenticate a group..
another thing:
we have:
samba, winbind, kerberos, time
than to be able to let an AD group to have access read, write to a
folder we need acl or something else?
my main issue are:
how to check the kerberos works fine? all the info over the internet
shows the same..
i installed x on centos to manage samba in a visual maner.. if i want
to create a share and specify which users / groups can access that
share i can not see the users /groups..
so, there is something fishy....
testparm from samba is ok
Any help / ideea it will be appreciated:)
Gabi
On Thu, Jul 30, 2009 at 6:05 PM, John Stile<john at stilen.com> wrote:
> I wonder if that means that you didn't join the domain, or you aren't
> joining with a domain admin account, or you aren't performing operations
> using an the credentials of a domain user.
>
> Check you have the libs.
> smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs.
>
> Does /etc/krb5.conf look correct for your domain?
>
> Check you have the libs.
> smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs.
>
> Time must be (i think) within 15 min between kdc and client
> net ads info # Show AD info including time
> date # Check time on local host
>
> Test if the client has been joined to the domain.
> net ads testjoin # Shows join is ok
>
> If you run the following command without specifying a valid domain
> '--user=', or the password is incorrect, you will see this: "...Client
> not found in Kerberos database"
> net ads search '(objectCategory=group)'
>
> If you try to run the following command with a valid user, you will see
> a huge dump.
> net --user=myuser ads search '(objectCategory=group)'
>
> On Thu, 2009-07-30 at 09:26 -0500, Hoover, Tony wrote:
>> Have you configured your /etc/krb5.conf file?
>>
More information about the samba
mailing list