Гуру помогите плиз разобратся - проблема с входом в домен AD
172.22.250.3 - мой комп он же filesrv
192.168.0.6 - PDC он же DC-main
DOMAIN - домен
делал по этой статье - http://www.lissyara.su/?id=1180
Код: Выделить всё
filesrv# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc000018b)
Could not check secret
log.smbd
Код: Выделить всё
[2008/08/15 20:31:07, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password FILESRV$@DOMAIN failed: Client not found in Kerberos database
[2008/08/15 20:31:07, 0] printing/nt_printing.c:nt_printing_init(659)
nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
Код: Выделить всё
[2008/08/15 20:37:38, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2230)
initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2008/08/15 20:37:39, 1] nsswitch/winbindd_util.c:trustdom_recv(230)
Could not receive trustdoms
Код: Выделить всё
filesrv# kinit Admin
Admin@DOMAIN's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
Код: Выделить всё
filesrv# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: Admin@Domain
Код: Выделить всё
Issued Expires Principal
Aug 15 20:39:11 Aug 16 03:19:11 krbtgt/Domain@Domain
Код: Выделить всё
[2008/08/15 20:31:07, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password FILESRV$@DOMAIN failed: Client not found in Kerberos database
[2008/08/15 20:31:07, 1] nsswitch/winbindd_ads.c:ads_cached_connection(128)
ads_connect for domain DOMAIN failed: Client not found in Kerberos database
Код: Выделить всё
[libdefaults]
default_realm = DOMAIN
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24000
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
proxiable = true
forwardable = true
clockskew = 300
v4_instance_resolve = false
[realms]
DOMAIN = {
kdc = tcp/192.168.0.6:88
admin_server = 192.168.0.6:749
default_domain = domain
}
[domain_realm]
.domain = DOMAIN
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[login]
krb4_convert = false
krb4_get_tickets = false
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
Load smb config files from /usr/local/etc/smb.conf
Processing section "[homes]"
Processing section "[tmp]"
Processing section "[music]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
[global]
dos charset = cp866
unix charset = koi8-r
display charset = koi8-r
workgroup = DOM
realm = DOMAIN
server string = File server
security = ADS
auth methods = winbind
map to guest = Bad User
password server = 192.168.0.6
log file = /var/log/samba/log.%m
max log size = 50
client signing = Yes
load printers = No
disable spoolss = Yes
show add printer wizard = No
os level = 1
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
guest ok = Yes
hosts allow = 192.168., 172.22., 127.
case sensitive = No
[homes]
comment = Home Directories
read only = No
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
read only = No
create mask = 0666
directory mask = 0777
[music]
comment = Music
path = /var/shares/music
read list = "@DOM\Domain Users"
write list = "@DOM\Domain Admins"
read only = No
create mask = 0666
directory mask = 0777