[Samba] Winbind + sernet Samba4 + CentOS 6.5 + AD

Rowland Penny rowlandpenny at googlemail.com
Thu Aug 28 08:55:01 MDT 2014 

On 28/08/14 15:49, Stephen Garcia wrote:
> Well we got something, but still same issue
>
> after leaving and rejoining the domain, klist -k does give me some 
> information:
> ==========
> klist -k
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ---- 
> --------------------------------------------------------------------------
>    2 host/whost.ringling.edu at DOMAIN.RINGLING.EDU 
> <mailto:whost.ringling.edu at DOMAIN.RINGLING.EDU>
>    2 host/whost.ringling.edu at DOMAIN.RINGLING.EDU 
> <mailto:whost.ringling.edu at DOMAIN.RINGLING.EDU>
>    2 host/whost.ringling.edu at DOMAIN.RINGLING.EDU 
> <mailto:whost.ringling.edu at DOMAIN.RINGLING.EDU>
>    2 host/whost.ringling.edu at DOMAIN.RINGLING.EDU 
> <mailto:whost.ringling.edu at DOMAIN.RINGLING.EDU>
>    2 host/whost.ringling.edu at DOMAIN.RINGLING.EDU 
> <mailto:whost.ringling.edu at DOMAIN.RINGLING.EDU>
>    2 host/whost at DOMAIN.RINGLING.EDU <mailto:whost at DOMAIN.RINGLING.EDU>
>    2 host/whost at DOMAIN.RINGLING.EDU <mailto:whost at DOMAIN.RINGLING.EDU>
>    2 host/whost at DOMAIN.RINGLING.EDU <mailto:whost at DOMAIN.RINGLING.EDU>
>    2 host/whost at DOMAIN.RINGLING.EDU <mailto:whost at DOMAIN.RINGLING.EDU>
>    2 host/whost at DOMAIN.RINGLING.EDU <mailto:whost at DOMAIN.RINGLING.EDU>
>    2 WHOST$@DOMAIN.RINGLING.EDU <http://DOMAIN.RINGLING.EDU>
>    2 WHOST$@DOMAIN.RINGLING.EDU <http://DOMAIN.RINGLING.EDU>
>    2 WHOST$@DOMAIN.RINGLING.EDU <http://DOMAIN.RINGLING.EDU>
>    2 WHOST$@DOMAIN.RINGLING.EDU <http://DOMAIN.RINGLING.EDU>
>    2 WHOST$@DOMAIN.RINGLING.EDU <http://DOMAIN.RINGLING.EDU>
> ==========
>
> Still
> id user gives me a "no such user"
> wbinfo -i gives me the user's Sid
> wbinfo -n gives me:
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user
>
> What i mean with 'the one I used to join the domain' is that it 
> returns just the info on the admin user that I used to join the 
> machine to the domain
>
> ==========
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: admin at DOMAIN.RINGLING.EDU 
> <mailto:admin at DOMAIN.RINGLING.EDU>
>
> Valid starting     Expires            Service principal
> 08/28/14 09:41:23  08/28/14 19:41:28 
>  krbtgt/DOMAIN.RINGLING.EDU at DOMAIN.RINGLING.EDU 
> <mailto:DOMAIN.RINGLING.EDU at DOMAIN.RINGLING.EDU>
>         renew until 09/04/14 09:41:23, Etype (skey, tkt): 
> aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
> ==========
>
> Thanks
>
> Stephen E. Garcia-Morales
> sgmorale at ringling.edu <mailto:sgmorale at ringling.edu>
> Ringling College of Art and Design
> .'. Nosce Te Ipsvm .'.
>
>
> On Thu, Aug 28, 2014 at 10:12 AM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
>     On 28/08/14 15:03, Stephen Garcia wrote:
>
>         Even after adding those four lines i still dont get anywhere
>         with klist -k, thou klist -e gives me my domain admin user's
>         ticket details, the one I used to join the domain.
>
>     what do you mean 'the one I used to join the domain' ?
>
>
>         The strace output for klist -k shows some interesting missing
>         files that I'm not sure are relevant to the issue:
>
>         ===================
>         ...
>         ...
>         write(1, "Keytab name: FILE:/etc/krb5.keyt"..., 35) = 35
>         open("/etc/krb5.keytab", O_RDONLY)      = -1 ENOENT (No such
>         file or directory)
>
>
>     Ah-ha, you don't seem to have a keytab, have you joined the domain
>     ? if you have, leave the domain and then try joining again.
>
>     Rowland
>
>
OK, we move on, do your users have a uidNumber ? does 'Domain Users' 
have a gidNumber ?

Rowland

More information about the samba mailing list