Hallo
Ich habe Kerberos und Winbind installiert um die User einer W2k-ADS-Domäne zu identifizieren. Wenn ich mit wbinfo -u die Verbindung testen will kriege ich folgende Meldung: Error looking up domain users.
Kann mir jemand weiterhelfen? Unten meine Schritte bei der Installation.
Kerberos installiert (Heimdal 0.7.1)
winbind 3.0.22
(Samba hatte ich schon installiert)
Einträge in der krb5.conf gemacht
[libdefaults]
default_realm = CORP.LOCAL
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = false
v4_instance_resolve = true
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
CORP.LOCAL = {
kdc = corp.local
}
[domain_realm]
.corp.local = CORP.LOCAL
[login]
krb4_convert = true
krb4_get_tickets = true
[logging]
delault = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
Dann habe ich die Verbindung mit
kinit Administrator@CORP.LOCAL getestet. Es gab keine Antwort.
Mein smb.conf
[global]
workgroup = ARBEITSGRUPE
netbios name = svr-01
server string =
realm = CORP.LOCAL
winbind separator = /
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
security = ADS
encrypt passwords = true
password server = corp.local
client use spnego = yes
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 100
syslog = 0
panic action = /usr/share/samba/panic-action %d
invalid users = root
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
unix charset = UTF8
display charset = UTF8
dos charset = 850
socket options = TCP_NODELAY
create mask = 0664
directory mask = 0775
[Share]
comment = Test Share
writable = yes
path = /data/share
public = yes
guest ok = yes
case sensitive = no
sudo net join -S svr-03 -U Administrator%passwort (svr-03 ist der Samba-Rechner)
Die Anwtwort war:
[2006/09/20 10:40:02, 0] libads/ldap.c:ads_add_machine_acct(1414)
ads_add_machine_acct: Host account for aff-svr-01 already exists - modifying old account
Using short domain name -- ARBEITSGRUPPE joined 'SVR-01' to realm 'CORP.LOCAL'
Einträge in nsswitch. conf
passwd: files winbind
group: files winbind
Ich habe Kerberos und Winbind installiert um die User einer W2k-ADS-Domäne zu identifizieren. Wenn ich mit wbinfo -u die Verbindung testen will kriege ich folgende Meldung: Error looking up domain users.
Kann mir jemand weiterhelfen? Unten meine Schritte bei der Installation.
Kerberos installiert (Heimdal 0.7.1)
winbind 3.0.22
(Samba hatte ich schon installiert)
Einträge in der krb5.conf gemacht
[libdefaults]
default_realm = CORP.LOCAL
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = false
v4_instance_resolve = true
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
CORP.LOCAL = {
kdc = corp.local
}
[domain_realm]
.corp.local = CORP.LOCAL
[login]
krb4_convert = true
krb4_get_tickets = true
[logging]
delault = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
Dann habe ich die Verbindung mit
kinit Administrator@CORP.LOCAL getestet. Es gab keine Antwort.
Mein smb.conf
[global]
workgroup = ARBEITSGRUPE
netbios name = svr-01
server string =
realm = CORP.LOCAL
winbind separator = /
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
security = ADS
encrypt passwords = true
password server = corp.local
client use spnego = yes
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 100
syslog = 0
panic action = /usr/share/samba/panic-action %d
invalid users = root
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
unix charset = UTF8
display charset = UTF8
dos charset = 850
socket options = TCP_NODELAY
create mask = 0664
directory mask = 0775
[Share]
comment = Test Share
writable = yes
path = /data/share
public = yes
guest ok = yes
case sensitive = no
sudo net join -S svr-03 -U Administrator%passwort (svr-03 ist der Samba-Rechner)
Die Anwtwort war:
[2006/09/20 10:40:02, 0] libads/ldap.c:ads_add_machine_acct(1414)
ads_add_machine_acct: Host account for aff-svr-01 already exists - modifying old account
Using short domain name -- ARBEITSGRUPPE joined 'SVR-01' to realm 'CORP.LOCAL'
Einträge in nsswitch. conf
passwd: files winbind
group: files winbind