Добрый день!
Пожскажите пожалуйста в чем может быть трабл.
Делал все по статье, кроме режика, в Самс поставил редиректор встроенный в SQUID.
Самба встала нормально, в домен вошла, wbinfo -u и wbinfo -g оторбражают все корректно.
Проблема в том, что пользователи из домена не попадают в самс (тестирование ответа PDC чистый лист), но при добавлении доменного пользователя вручную все работает более менне (сайты блокируются, трафик подсчитывается ...), также при этом в логах отражаются следущие ошибки:
log.wb-DOMAIN
Код: Выделить всё
[2009/10/28 17:34:04, 0] libsmb/credentials.c:creds_client_check(324)
creds_client_check: credentials check failed.
[2009/10/28 17:34:04, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(1030)
rpccli_netlogon_sam_network_logon: credentials chain check failed
[2009/10/28 17:35:11, 0] libsmb/credentials.c:creds_client_check(324)
creds_client_check: credentials check failed.
[2009/10/28 17:35:11, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(1030)
rpccli_netlogon_sam_network_logon: credentials chain check failed
log.winbindd-dc-connect
Код: Выделить всё
[2009/10/28 17:29:35, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x6 to machine server.domain.local. Error was SUCCESS - 0
[2009/10/28 17:34:42, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x8003 to machine server.domain.local. Error was SUCCESS - 0
[2009/10/28 17:34:42, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x6 to machine server.domain.local. Error was SUCCESS - 0
[2009/10/28 17:39:45, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x8003 to
messages
Код: Выделить всё
Oct 28 17:34:04 proxs winbindd[894]: [2009/10/28 17:34:04, 0] libsmb/credentials.c:creds_client_check(324)
Oct 28 17:34:04 proxs winbindd[894]: creds_client_check: credentials check failed.
Oct 28 17:34:04 proxs winbindd[894]: [2009/10/28 17:34:04, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(1030)
Oct 28 17:34:04 proxs winbindd[894]: rpccli_netlogon_sam_network_logon: credentials chain check failed
Oct 28 17:35:04 proxs kernel: pid 1148 (sams), uid 0: exited on signal 11 (core dumped)
Oct 28 17:35:11 proxs winbindd[894]: [2009/10/28 17:35:11, 0] libsmb/credentials.c:creds_client_check(324)
Oct 28 17:35:11 proxs winbindd[894]: creds_client_check: credentials check failed.
Oct 28 17:35:11 proxs winbindd[894]: [2009/10/28 17:35:11, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(1030)
Oct 28 17:35:11 proxs winbindd[894]: rpccli_netlogon_sam_network_logon: credentials chain check failed
Oct 28 17:36:05 proxs kernel: pid 1204 (sams), uid 0: exited on signal 11 (core dumped)
Oct 28 17:37:05 proxs kernel: pid 1207 (sams), uid 0: exited on signal 11 (core dumped)
log.winbindd
Код: Выделить всё
[2009/11/02 09:47:14, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(519)
group ilia in domain DOMAIN does not exist
[2009/11/02 09:47:15, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(519)
group 0 in domain DOMAIN does not exist
[2009/11/02 09:48:14, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(519)
group 0 in domain DOMAIN does not exist
[2009/11/02 09:50:52, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(519)
group mod_ssl in domain DOMAIN does not exist
[2009/11/02 09:50:52, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(519)
group kaie in domain DOMAIN does not exist
[2009/11/02 09:50:58, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(519)
group ilia in domain DOMAIN does not exist
Система:
Код: Выделить всё
FreeBSD proxs.dbschenker.ru 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Fri May 1 08:49:13 UTC 2009 root@walker.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
Конфиги:
hosts
Код: Выделить всё
::1 localhost localhost.domain.ru
127.0.0.1 localhost localhost.domain.ru
192.168.0.247 proxs.domain.ru proxs
192.168.0.247 proxs.domain.ru.
192.168.0.252 dc1.domain.ru
192.168.0.248 dc2.domain.ru
resolv.conf
Код: Выделить всё
domain domain.ru
nameserver 192.168.0.252
nameserver 192.168.0.248
smb.conf
Код: Выделить всё
[global]
workgroup = DOMAIN
server string = Самс Сервер
security = ADS
hosts allow = 192.168.0. 127.
log file = /var/log/samba/log.%m
max log size = 50
password server = DOMAIN.LOCAL
realm = DOMAIN.LOCAL
dns proxy = no
display charset = koi8-r
unix charset = koi8-r
dos charset = cp866
winbind separator = +
winbind use default domain = yes
winbind uid = 10000-15000
winbind gid = 10000-15000
winbind enum users = yes
winbind enum groups = yes
krb5.conf
Код: Выделить всё
[libdefaults]
default_realm = DOMAIN.LOCAL
clockskew = 300
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
DOMAIN.LOCAL = {
kdc = 192.168.0.248
admin_server = 192.168.0.248
kpasswd_server = 192.168.0.248
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
nsswitch.conf
Код: Выделить всё
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: files
sams.conf
Код: Выделить всё
[client]
SQUID_DB=squidlog
SAMS_DB=squidctrl
MYSQLHOSTNAME=localhost
MYSQLUSER=root
MYSQLPASSWORD=1234567
MYSQLVERSION=5.1
SQUIDCACHEFILE=access.log
SQUIDROOTDIR=/usr/local/etc/squid
SQUIDLOGDIR=/usr/local/squid/logs
SQUIDCACHEDIR=/usr/local/squid/cache
SAMSPATH=/usr/local
SQUIDPATH=/usr/local/sbin
#SQUIDGUARDLOGPATH=/var/log
#SQUIDGUARDDBPATH=/var/db/squidGuard
RECODECOMMAND=iconv -f KOI8-R -t 866 %finp > %fout
#LDAPSERVER=servername_or_ipadress
#LDAPBASEDN=your.domain
#LDAPUSER=DomainAdministrator
#LDAPUSERPASSWD=passwd
#LDAPUSERSGROUP=Users
REJIKPATH=/usr/local/rejik
SHUTDOWNCOMMAND=/sbin/shutdown -h now
CACHENUM=0
squid.conf
Код: Выделить всё
#Recommended minimum configuration per scheme:
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid Proxy-Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# TAG: http_access
http_access deny all
Может кто подскажет в какую сторону копать? Уже перелопатил половину и-нета, ничего понять не могу ....