From: Thiago Ferreira on 29 Jun 2010 14:50 I'm trying to put my Samba Server in AD Win2008, as I did in the past with Win2003. I'm using smbd Version 3.2.5, winbindd Version 3.2.5, MIT Kerberos 1.6.1-1 and ntpdate synchronized with AD, I follow this howto http://wiki.samba.org/index.php/Samba_%26_Active_Directory and this https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto All my tests demonstrate the successful when I run the following commands: # net ads testjoin Join is OK # net ads info LDAP server: 10.215.1.201 LDAP server name: GSCPSVMAD01.gransapore.corp.dc Realm: GRANSAPORE.CORP.DC Bind Path: dc=GRANSAPORE,dc=CORP,dc=DC LDAP port: 389 Server time: Tue, 29 Jun 2010 14:02:24 BRT KDC server: 10.215.1.201 Server time offset: 4 # net ads status -UAdministrator%Password # wbinfo -K thiago.ferreira%password plaintext kerberos password authentication for [thiago.ferreira] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 # wbinfo -u # wbinfo -g # wbinfo -m # wbinfo -t # net ads user # net ads group # getent passwd # getent group But I would like to open a share this Samba using a desktop WinXP and I can't to do, stay asking login and password to open, however I put the login and password correct and don't work. I before to joining the Samba in AD put an entry in DNS with the name fqnd from my Server samba, stayded cpsmonitor.gransapore.corp.dc with a PTR also, my file hosts e my resolv.conf is all right. Bellow follows my smb.conf, my krb5.conf and my logs for analyze. if someone can help me with any hint... #less krb5.conf [libdefaults] default_realm = GRANSAPORE.CORP.DC ticket_lifetime = 24000 [realms] GRANSAPORE.CORP.DC = { kdc = gscpsvmad01.gransapore.corp.dc admin_server = gscpsvmad01.gransapore.corp.dc default_domain = gransapore.corp.dc } [domain_realm] .gransapore.corp.dc = GRANSAPORE.CORP.DC gransapore.corp.dc = GRANSAPORE.CORP.DC [login] krb4_convert = true krb4_get_tickets = false #less smb.conf [global] workgroup = GRANSAPORE realm = GRANSAPORE.CORP.DC security = ADS auth methods = winbind password server = gscpsvmad01.gransapore.corp.dc passdb backend = tdbsam restrict anonymous = 2 client NTLMv2 auth = Yes syslog = 2 log file = /var/log/samba/log.%m max log size = 1000 panic action = /usr/share/samba/panic-action %d idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind trusted domains only = Yes [share01] comment = Network Share path = /var/spool/samba/share01 valid users = "@Domain Users" force group = Domain Users read only = No create mask = 0664 directory mask = 0775 guest ok = Yes Samba Logs: #less log.wb-GRANSAPORE [2010/06/29 13:38:18, 1] libads/authdata.c:kerberos_return_pac(398) kinit failed for 'thiago.ferreira(a)GRANSAPORE.CORP.DC' with: Preauthentication failed (-1765328360) [2010/06/29 13:38:34, 1] libads/kerberos.c:smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt(159) no krb5_error [2010/06/29 13:38:34, 1] libads/authdata.c:kerberos_return_pac(398) kinit failed for 'GRANSAPORE\thiago.ferreira(a)GRANSAPORE.CORP.DC' with: Client not found in Kerberos database (-1765328378) [2010/06/29 13:38:47, 1] libads/kerberos.c:smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt(159) no krb5_error [2010/06/29 13:38:47, 1] libads/authdata.c:kerberos_return_pac(398) kinit failed for 'GRANSAPORE\thiago.ferreira(a)GRANSAPORE.CORP.DC' with: Client not found in Kerberos database (-1765328378) [2010/06/29 13:38:55, 1] libads/kerberos.c:smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt(159) no krb5_error [2010/06/29 13:38:55, 1] libads/authdata.c:kerberos_return_pac(398) kinit failed for 'GRANSAPORE.CORP.DC\thiago.ferreira(a)GRANSAPORE.CORP.DC' with: Client not found in Kerberos database (-1765328378) [2010/06/29 13:39:05, 1] libads/kerberos.c:smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt(159) no krb5_error [2010/06/29 13:39:05, 1] libads/authdata.c:kerberos_return_pac(398) kinit failed for 'thiago.ferreira(a)GRANSAPORE.CORP.DC' with: Preauthentication failed (-1765328360) [2010/06/29 13:57:37, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680) ads_krb5_mk_req: krb5_get_credentials failed for GSCPSVMAD01$@GRANSAPORE (Cannot resolve network address for KDC in requested realm) [2010/06/29 13:57:37, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(626) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve network address for KDC in requested realm #less log.winbindd [2010/06/29 15:24:40, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2374) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2010/06/29 15:24:40, 1] libsmb/clikrb5.c:ads_krb5_mk_req(680) ads_krb5_mk_req: krb5_get_credentials failed for GSCPSVMAD01$@GRANSAPORE (Cannot resolve network address for KDC in requested realm) [2010/06/29 15:24:40, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(626) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Cannot resolve network address for KDC in requested realm #less log.nmbd [2010/06/29 14:03:18, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(395) ***** Samba name server CPSMONITOR is now a local master browser for workgroup GRANSAPORE on subnet 192.168.0.12 Thanks all -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] Samba3 to samba4 migration Next: [Samba] Samba Forum vs. Mailing List?`! |