[Samba] samba in large domain
Dmitry Tikhomirov
chani at me.com
Fri Sep 3 06:45:15 MDT 2010
Hi all.
In my company we have domains like country.global.network.local
My country is russia so domain is russia.global.network.local.
I have problem with winbind, its take too much time to get groups list(wbinfo -g) or login to share.
in log.winbind i see:
[2010/09/03 16:35:38, 2] winbindd/winbindd.c:remove_client(744)
final write to client failed: Broken pipe
and:
[2010/09/03 16:31:59, 3] libads/ldap.c:ads_try_connect(218)
ads_try_connect: CLDAP request 13.121.34.25 failed.
[2010/09/03 16:32:06, 1] libads/cldap.c:recv_cldap_netlogon(157)
no reply received to cldap netlogon
[2010/09/03 16:32:06, 3] libads/ldap.c:ads_try_connect(218)
ads_try_connect: CLDAP request 11.151.28.15 failed.
[
11.151.28.15 and 13.121.34.25 is a kdc of Norway and finland and we have trusts between our domain
But we(from russia ) have no connection atm to this kdc.
Question: How do i can to set winbind to use only mine kdc and dont trying to connect to other kdc ?
cat /etc/krb5.conf :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_realm = RUSSIA.GLOBAL.NETWORK.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
RUSSIA.GLOBAL.NETWORK.LOCAL = {
kdc = 101.17.120.23:88
admin_server = 101.17.120.23:749
kpasswd_server = 101.17.120.23:749
default_domain = RUSSIA.GLOBAL.NETWORK.LOCAL
}
[domain_realm]
.russia.global.network.localtwork = RUSSIA.GLOBAL.NETWORK.LOCAL
russia.global.network.local = RUSSIA.GLOBAL.NETWORK.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
testparm:
[global]
workgroup = RUSSIA
realm = RUSSIA.GLOBAL.NETWORK.LOCAL
server string = File Server
interfaces = lo, eth0, 101.17.120.23/24
security = ADS
password server = 101.17.120.23
passdb backend = tdbsam
log level = 3
os level = 0
local master = No
domain master = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
hosts allow = 127., 101.17.
cups options = cups
uname -a
Linux mskshare 2.6.18-194.8.1.el5 #1 SMP Thu Jul 1 19:04:48 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
Name : samba3x
Arch : x86_64
Version : 3.3.8
Release : 0.52.el5_5
Thanks for any help!
More information about the samba
mailing list