[Samba] Winbind + sernet Samba4 + CentOS 6.5 + AD

Stephen Garcia sgmorale at ringling.edu
Thu Aug 28 08:49:42 MDT 2014


Well we got something, but still same issue

after leaving and rejoining the domain, klist -k does give me some
information:
==========
klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   2 host/whost.ringling.edu at DOMAIN.RINGLING.EDU
   2 host/whost.ringling.edu at DOMAIN.RINGLING.EDU
   2 host/whost.ringling.edu at DOMAIN.RINGLING.EDU
   2 host/whost.ringling.edu at DOMAIN.RINGLING.EDU
   2 host/whost.ringling.edu at DOMAIN.RINGLING.EDU
   2 host/whost at DOMAIN.RINGLING.EDU
   2 host/whost at DOMAIN.RINGLING.EDU
   2 host/whost at DOMAIN.RINGLING.EDU
   2 host/whost at DOMAIN.RINGLING.EDU
   2 host/whost at DOMAIN.RINGLING.EDU
   2 WHOST$@DOMAIN.RINGLING.EDU
   2 WHOST$@DOMAIN.RINGLING.EDU
   2 WHOST$@DOMAIN.RINGLING.EDU
   2 WHOST$@DOMAIN.RINGLING.EDU
   2 WHOST$@DOMAIN.RINGLING.EDU
==========

Still
id user gives me a "no such user"
wbinfo -i gives me the user's Sid
wbinfo -n gives me:
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user

What i mean with 'the one I used to join the domain' is that it returns
just the info on the admin user that I used to join the machine to the
domain

==========
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at DOMAIN.RINGLING.EDU

Valid starting     Expires            Service principal
08/28/14 09:41:23  08/28/14 19:41:28  krbtgt/
DOMAIN.RINGLING.EDU at DOMAIN.RINGLING.EDU
        renew until 09/04/14 09:41:23, Etype (skey, tkt):
aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
==========

Thanks

Stephen E. Garcia-Morales
sgmorale at ringling.edu
Ringling College of Art and Design
.'. Nosce Te Ipsvm .'.


On Thu, Aug 28, 2014 at 10:12 AM, Rowland Penny <rowlandpenny at googlemail.com
> wrote:

> On 28/08/14 15:03, Stephen Garcia wrote:
>
>> Even after adding those four lines i still dont get anywhere with klist
>> -k, thou klist -e gives me my domain admin user's ticket details, the one I
>> used to join the domain.
>>
> what do you mean 'the one I used to join the domain' ?
>
>
>> The strace output for klist -k shows some interesting missing files that
>> I'm not sure are relevant to the issue:
>>
>> ===================
>> ...
>> ...
>> write(1, "Keytab name: FILE:/etc/krb5.keyt"..., 35) = 35
>> open("/etc/krb5.keytab", O_RDONLY)      = -1 ENOENT (No such file or
>> directory)
>>
>
> Ah-ha, you don't seem to have a keytab, have you joined the domain ? if
> you have, leave the domain and then try joining again.
>
> Rowland
>
>


More information about the samba mailing list