Код: Выделить всё
[global]
WORKGROUP = KHAB
server string = RADIUS
security = domain
realm = ДОМЕН
winbind use default domain = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
# winbind separator = \
log file = /var/log/samba/log.%m
password server = 172.21.1.2
client NTLMv2 auth = Yes
encrypt passwords = yes
socket options = TCP_NODELAY
auth methods = winbind
local master = no
os level = 0
domain master = no
preferred master = no
domain logons = no
display charset = koi8-r
hosts allow = 127. 172.21.0.0 172.21.1.0
load printers = yes
; printcap name = /etc/printcap
; printcap name = lpstat
; printing = cups
; guest account = pcguest
log file = /var/log/samba/log.%m
max log size = 50
; password server = <NT-Server-Name>
#; passdb backend = tdbsam
; include = /usr/local/etc/smb.conf.%m
; socket options = SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 172.21.1.210/24
; local master = no
; os level = 33
; domain master = yes
; preferred master = yes
; domain logons = yes
; logon script = %m.bat
; logon script = %U.bat
; logon path = \\%L\Profiles\%U
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
dns proxy = no
; display charset = koi8-r
; unix charset = koi8-r
; dos charset = cp866
; store dos attributes = yes
; map hidden = no
; map system = no
; map archive = no
; nt acl support = yes
; inherit acls = yes
; map acl inherit = yes
; add user script = /usr/sbin/useradd %u
; add group script = /usr/sbin/groupadd %g
; add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null
; delete user script = /usr/sbin/userdel %u
; delete user from group script = /usr/sbin/deluser %u %g
; delete group script = /usr/sbin/groupdel %g
Код: Выделить всё
[libdefaults]
default_realm = ДОМЕН
clockskew = 300
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
ДОМЕН = {
kdc = 172.21.1.2
admin_server = 172.21.1.2
kpasswd_server = 172.21.1.2
}
[domain_realm]
.домен = ДОМЕН
трабла такая
Kinit - проходит и тикет получает. в klist светит ровно.
net ads join -U ldap@домен
пишит так
libnet_join_ok: failed to get schannel session key from server Комп.Домен for domain KHAB. Error was NT_STATUS_NO_TRUST_SAM_ACCOUNT
Failed to join domain: failed to verify domain membership after joining: No trusted SAM account
Мысли кончились остались только маты.