[Samba] Problem with Winbind and Windows Clients
Oliver Werner
oliver.werner at kontrast.de
Thu Mar 17 11:59:46 UTC 2016
Hi Louis,
I will try it today.
So i saw in Logs some error like this.
[2016/03/17 11:44:16.406677, 3] ../source3/winbindd/winbindd_rpc.c:303(rpc_name_to_sid)
name_to_sid: UNIX GROUP\KONTRAST_INTERN for domain UNIX GROUP
[2016/03/17 11:44:16.406857, 2] ../source3/winbindd/winbindd_rpc.c:320(rpc_name_to_sid)
name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED
Any Idea?
Greetz,
Oliver
OLIVER WERNER
System-Administrator
Kontrast Communication Services GmbH
Grafenberger Allee 100, 40237 Düsseldorf, Germany
Fon +49-211-91505-500
Fax +49-211-91505-530
www.kontrast.de <http://www.kontrast.de/>
Amtsgericht Düsseldorf: HRB 26934
Geschäftsführer: Joachim Fischer, Anja Grote-Lutter, Leontine van der Vlist
<https://www.facebook.com/kontrast.communication> <https://twitter.com/KONTRAST_de> <http://www.xing.com/companies/kontrastcommunicationservicesgmbh> <http://www.linkedin.com/company/kontrast-communication-services-gmbh> <https://vimeo.com/kontrastcs> <http://instagram.com/kontrast_de>
> Am 15.03.2016 um 11:10 schrieb L.P.H. van Belle <belle at bazuin.nl>:
>
> Ok, next test.
>
> Change :
> kerberos method = secrets and keytab
> to
> kerberos method = secrets
>
> and wait again.
>
> I'll explain by giving this link.
> http://changelogs.ubuntu.com/changelogs/pool/main/s/samba/samba_4.3.6+dfsg-1ubuntu1/changelog
>
> Look at the last line bugfix in this change log of 4.3.6.
> Im testing here also, because this looks like its also involves the kerberos changes, now, i forgot what you was running, but this is an easy test.
>
> Is ntp installed on this machine, if not, install it and point it to the DC.
> Just to be sure.
> On the DC's, make sure your DC dont use any pool ntp servers.
> Point it to a stable ntp. ( preffered in germany, like, ntps1-0.eecsit.tu-berlin.de (130.149.17.21) )
>
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Oliver Werner
>> Verzonden: dinsdag 15 maart 2016 10:43
>> Aan: Rowland penny
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Problem with Winbind and Windows Clients
>>
>> Hi,
>>
>> So now i have same Problem with Logins.
>>
>> On Linux AD member i need to restart win bind again and again for working
>> samba shares.
>> On Windows clients i need to restart machine completely
>>
>> so now i don?t have any idea
>>
>> kind regards
>>
>> OLIVER WERNER
>> System-Administrator
>>
>>
>>
>>
>> Kontrast Communication Services GmbH
>> Grafenberger Allee 100, 40237 Düsseldorf, Germany
>>
>> Fon +49-211-91505-500
>> Fax +49-211-91505-530
>> www.kontrast.de <http://www.kontrast.de/>
>>
>> Amtsgericht Düsseldorf: HRB 26934
>> Geschäftsführer: Joachim Fischer, Anja Grote-Lutter, Leontine van der
>> Vlist
>>
>> <https://www.facebook.com/kontrast.communication>
>> <https://twitter.com/KONTRAST_de>
>> <http://www.xing.com/companies/kontrastcommunicationservicesgmbh>
>> <http://www.linkedin.com/company/kontrast-communication-services-gmbh>
>> <https://vimeo.com/kontrastcs> <http://instagram.com/kontrast_de>
>>
>>> Am 11.03.2016 um 10:52 schrieb Oliver Werner
>> <oliver.werner at kontrast.de>:
>>>
>>> Ok, now my smb.con on DCs looks
>>>
>>> [global]
>>> workgroup = HQKONTRAST
>>> realm = HQ.KONTRAST
>>> netbios name = VL0227
>>> server role = active directory domain controller
>>> idmap_ldb:use rfc2307 = yes
>>> interfaces = eth0:35
>>> bind interfaces only=yes
>>> log level = 3
>>>
>>> tls enabled = yes
>>> tls keyfile = /var/lib/samba/private/tls/key.pem
>>> tls certfile = /var/lib/samba/private/tls/cert.pem
>>> tls cafile = /var/lib/samba/private/tls/ca.pem
>>>
>>>
>>> on Member smb.conf
>>> [global]
>>> netbios name = VL0173
>>> security = ADS
>>> workgroup = HQKONTRAST
>>> realm = hq.kontrast
>>>
>>> log file = /var/log/samba/%m.log
>>> log level = 3
>>>
>>> dedicated keytab file = /etc/krb5.keytab
>>> kerberos method = secrets and keytab
>>> winbind refresh tickets = yes
>>>
>>> winbind trusted domains only = no
>>> winbind use default domain = yes
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>> winbind cache time = 300
>>>
>>>
>>> # Default idmap config used for BUILTIN and local accounts/groups
>>> idmap config *:backend = tdb
>>> idmap config *:range = 500-1023
>>>
>>> # idmap config for domain HQKONTRAST
>>> idmap config HQKONTRAST:backend = ad
>>> idmap config HQKONTRAST:schema_mode = rfc2307
>>> idmap config HQKONTRAST:range = 1024-99999
>>>
>>> # Use settings from AD for login shell and home directory
>>> winbind nss info = rfc2307
>>>
>>> and on all machines krb5.conf
>>> [libdefaults]
>>> default_realm = HQ.KONTRAST
>>> dns_lookup_realm = false
>>> dns_lookup_kdc = true
>>>
>>> I will test it next days.
>>>
>>> Thanks for help right now :D
>>>
>>> kind regards
>>> OLIVER WERNER
>>> System-Administrator
>>>
>>>
>>>
>>>
>>>
>>> Kontrast Communication Services GmbH
>>> Grafenberger Allee 100, 40237 Düsseldorf, Germany
>>>
>>> Fon +49-211-91505-500
>>> Fax +49-211-91505-530
>>> www.kontrast.de <http://www.kontrast.de/>
>>>
>>> Amtsgericht Düsseldorf: HRB 26934
>>> Geschäftsführer: Joachim Fischer, Anja Grote-Lutter, Leontine van der
>> Vlist
>>>
>>> <https://www.facebook.com/kontrast.communication>
>> <https://twitter.com/KONTRAST_de>
>> <http://www.xing.com/companies/kontrastcommunicationservicesgmbh>
>> <http://www.linkedin.com/company/kontrast-communication-services-gmbh>
>> <https://vimeo.com/kontrastcs> <http://instagram.com/kontrast_de>
>>>
>>> Note: The information contained in this message may be privileged and
>> confidential and protected from disclosure. If the reader of this message
>> is not the intended recipient, or an employee or agent responsible for
>> delivering this message to the intended recipient, you are hereby notified
>> that any dissemination, distribution or copying of this communication is
>> strictly prohibited. If you have received this communication in error,
>> please notify us immediately by replying to the message and deleting it
>> from your computer.
>>>
>>> Please consider the environment and only print this if required.
>>>
>>>
>>>> Am 11.03.2016 um 10:47 schrieb Rowland penny <rpenny at samba.org>:
>>>>
>>>> On 11/03/16 09:40, Oliver Werner wrote:
>>>>> Haha, really? :D
>>>>>
>>>>> It should be possible without reboot not?
>>>>>
>>>>> OLIVER WERNER
>>>>> System-Administrator
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> Yes, remove the kdc lines :-D
>>>>
>>>> Rowland
>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.samba.org/pipermail/samba/attachments/20160317/a1bd3cd7/signature.sig>
More information about the samba
mailing list