делал всё по статье http://www.samag.ru/cgi-bin/go.pl?q=art ... .2007;a=05
ключик получил от кербероса. самбу установил. в домен внёс.
на команды :
wbinfo -u
wbinfo -g
wbinfo -a _имя_юзера_%_пароль_юзера_
домен отдаёт инфу, но я ни как не могу авторизоваться на своём Samba сервере через винду...
маленькая предыстория - у нас главное доменное имя имеет halykbank.nb а NetBiosкое имя оно имеет UNIVERSAL
bf01v03.halykbank.nb - это главный домен контролер.
pavelkr - это моя доменная учётка с правами на внесение компов в домен.
выкладываю конфиги:
Код: Выделить всё
freebsd# ping halykbank.nb
PING halykbank.nb (172.26.60.11): 56 data bytes
64 bytes from 172.26.60.11: icmp_seq=0 ttl=126 time=1.516 ms
64 bytes from 172.26.60.11: icmp_seq=1 ttl=126 time=0.988 ms
^C
--- halykbank.nb ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.988/1.252/1.516/0.264 ms
freebsd# nslookup halykbank.nb
Server: 172.24.60.26
Address: 172.24.60.26#53
Name: halykbank.nb
Address: 172.24.60.26
Name: halykbank.nb
Address: 172.26.60.39
Name: halykbank.nb
Address: 172.26.60.11
Код: Выделить всё
freebsd# kinit -p pavelkr
pavelkr@HALYKBANK.NB's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
freebsd# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: pavelkr@HALYKBANK.NB
Issued Expires Principal
Mar 27 09:26:40 Mar 27 19:24:18 krbtgt/HALYKBANK.NB@HALYKBANK.NB
freebsd# net ads join -U pavelkr%Rhtcnmzyjd321
Using short domain name -- UNIVERSAL
DNS update failed!
Joined 'FREEBSD' to realm 'HALYKBANK.NB'
проверяю
Код: Выделить всё
freebsd# wbinfo -t
checking the trust secret via RPC calls succeeded
Код: Выделить всё
libdefaults]
default_realm = HALYKBANK.NB
[realms]
HALYKBANK.NB = {
kdc = bf01v03.halykbank.nb
admin_server = BF01V03.HALYKBANK.NB
}
[domain_realm]
.halykbank.nb = HALYKBANK.NB
halykbank.nb = HALYKBANK.NB
[logging]
kdc = FILE:/var/log/kerb/krb5kdc.log
admin_server = FILE:/var/log/kerb/kadmin.log
default = FILE:/var/log/kerb/krb5lib.log
Код: Выделить всё
# Samba config file created using SWAT
# from 172.24.66.101 (172.24.66.101)
# Date: 2009/03/26 10:11:08
[global]
dos charset = cp866
unix charset = koi8-r
display charset = koi8-r
workgroup = UNIVERSAL
realm = HALYKBANK.NB
server string = SAMBA Server
security = ADS
password server = halykbank.nb
encrypt passwords = yes
log file = /var/log/samba/%m.%U.log
max log size = 50000
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /shares/mail/%U
winbind use default domain = Yes
winbind enum users = yes
winbind enum groups = yes
socket options = TCP_NODELAY
auth methods = winbind
winbind separator = \\
use spnego = yes
[data]
comment = Shares for Documents
path = /filebox/share/
username = root
read only = No
available = Yes
read list = "@UNIVERSAL\Domain Users"
write list = "@UNIVERSAL\Domain Admins"
create mode = 666
directory mode = 666
create mask = 0666
[Test]
comment = Test Share
path = /test_share/
read only = No
guest ok = Yes
available = Yes
Код: Выделить всё
group: files winbind
#group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
#passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
Код: Выделить всё
search halykbank.nb
nameserver 172.24.60.26
nameserver 172.26.60.11
Код: Выделить всё
Mar 27 14:50:06 freebsd winbindd[661]: [2009/03/27 14:50:06, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2230)
Mar 27 14:50:06 freebsd winbindd[661]: initialize_winbindd_cache: clearing cache and re-creating with version number 1
Mar 27 14:54:55 freebsd smbd[820]: [2009/03/27 14:54:55, 0] lib/util_sock.c:write_data(562)
Mar 27 14:54:55 freebsd smbd[820]: write_data: write failure in writing to client 172.24.132.71. Error Broken pipe
Mar 27 14:54:55 freebsd smbd[820]: [2009/03/27 14:54:55, 0] lib/util_sock.c:send_smb(761)
Mar 27 14:54:55 freebsd smbd[820]: Error writing 4 bytes to client. -1. (Broken pipe)
Mar 27 14:55:28 freebsd winbindd[661]: [2009/03/27 14:55:28, 0] libads/sasl.c:ads_sasl_spnego_bind(330)
Mar 27 14:55:28 freebsd winbindd[661]: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
Mar 27 14:56:04 freebsd winbindd[661]: [2009/03/27 14:56:04, 0] libads/sasl.c:ads_sasl_spnego_bind(330)
Mar 27 14:56:04 freebsd winbindd[661]: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
Mar 27 14:56:31 freebsd winbindd[661]: [2009/03/27 14:56:31, 0] libads/sasl.c:ads_sasl_spnego_bind(330)
Mar 27 14:56:31 freebsd winbindd[661]: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Cannot contact any KDC for requested realm