[Samba] Few questions about members

Steve Campbell campbell at cnpapers.com
Thu Jun 5 13:58:10 MDT 2014


On 6/5/2014 3:27 PM, steve wrote:
> On Thu, 2014-06-05 at 15:18 -0400, Steve Campbell wrote:
>> On 6/5/2014 3:05 PM, steve wrote:
>>> On Thu, 2014-06-05 at 14:45 -0400, Steve Campbell wrote:
>>> .
>>>> Unfortunately, we still have no access to the shares on the member
>>>> server, either from a network neighborhood or the administrative tools
>>>> on a windows machine. We get "permission denied" from any method we try
>>>> to use or update the share.
>>>>
>>>> For now, I've got 777 permissions on the folder.
>>>>
>>>> I'm just so hopelessly lost on this.
>>>>
>>>> steve
>>> network neighbourhood doesn't works against a dc.
>> Trying to use/mount/do anything with a share on a member server.
>>> What stage are we at:
>>> klist -k
>> ]# klist -k
>> Keytab name: FILE:/etc/krb5.keytab
>> klist: No such file or directory while starting keytab scan
>>
>> This occurs on both AD and member. Not sure which I should run it on.
>>
>>
>>> net ads testjoin -UAdministrator
>> On the member:
>> # net ads testjoin -UAdministrator
>> Join is OK
>>
>>> please post the latest smb.conf
>> [global]
>>
>>      netbios name = STORAGE
>>      workgroup = TS
>>      security = ADS
>>      realm = TS.MYSTUFF.COM
>>      encrypt passwords = yes
>>
>>      idmap config *:backend = tdb
>>      idmap config *:range = 70001-80000
>>      idmap config TS:backend = ad
>>      idmap config TS:schema_mode = rfc2307
>>      idmap config TS:range = 500-40000
>>
>>      winbind nss info = rfc2307
>>      winbind trusted domains only = no
>>      winbind use default domain = yes
>>      winbind enum users  = yes
>>      winbind enum groups = yes
>>
>>      log file = /var/log/samba/samba.log
>>
>>      vfs objects = acl_xattr
>>      map acl inherit = Yes
>>      store dos attributes = Yes
>>
>> [demoshare]
>>      path = /opt/testshare
>>      read only = no
>>      browseable = yes
>>      available = yes
>>
>>> Cheers
>> Thanks
>> steve
> We are talking about the member.
> Add the line:
> kerberos method = system keytab
> to [global]
> and run:
> net ads keytab create -UAdministrator

Did this with no return messages
>
> now:
> commands
> hostname -f
# hostname -f
storage.ts.mystuff.com

> hostname -s
> hostname
# hostname -s
storage

> klist -k
# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- 
--------------------------------------------------------------------------
    1 host/storage.ts.mystuff.com at TS.MYSTUFF.COM
    1 host/storage.ts.mystuff.com at TS.MYSTUFF.COM
    1 host/storage.ts.mystuff.com at TS.MYSTUFF.COM
    1 host/storage.ts.mystuff.com at TS.MYSTUFF.COM
    1 host/storage.ts.mystuff.com at TS.MYSTUFF.COM
    1 host/storage at TS.MYSTUFF.COM
    1 host/storage at TS.MYSTUFF.COM
    1 host/storage at TS.MYSTUFF.COM
    1 host/storage at TS.MYSTUFF.COM
    1 host/storage at TS.MYSTUFF.COM
    1 STORAGE$@TS.MYSTUFF.COM
    1 STORAGE$@TS.MYSTUFF.COM
    1 STORAGE$@TS.MYSTUFF.COM
    1 STORAGE$@TS.MYSTUFF.COM
    1 STORAGE$@TS.MYSTUFF.COM

>
> list the contents of:
> /etc/hosts
# cat /etc/hosts
127.0.0.1       storage.ts.mystuff.com storage localhost
::1         localhost localhost.localdomain localhost6 
localhost6.localdomain6

> /etc/hostname
No such file
> /etc/resolv.conf
# cat /etc/resolv.conf
nameserver 192.9.200.83
search ts.mystuff.com

> /etc/krb5.conf
# cat /etc/krb5.conf
[logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log

[libdefaults]
  default_realm = TS.MYSTUFF.COM
  dns_lookup_realm = false
  dns_lookup_kdc = true
  ticket_lifetime = 24h
  renew_lifetime = 7d
  forwardable = true

> Steve
>
>
Big difference in that klist -k

steve


More information about the samba mailing list