Страница 1 из 1

Проблемы с Winbind

Добавлено: 2008-08-15 19:46:53
Aredelle
Приветствую всех!
Гуру помогите плиз разобратся - проблема с входом в домен AD
172.22.250.3 - мой комп он же filesrv
192.168.0.6 - PDC он же DC-main
DOMAIN - домен
делал по этой статье - http://www.lissyara.su/?id=1180

Код: Выделить всё

filesrv# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc000018b)
Could not check secret
при рестарте самбы

log.smbd

Код: Выделить всё

[2008/08/15 20:31:07, 0] libads/kerberos.c:ads_kinit_password(228)
  kerberos_kinit_password FILESRV$@DOMAIN failed: Client not found in Kerberos database
[2008/08/15 20:31:07, 0] printing/nt_printing.c:nt_printing_init(659)
  nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
log.wb-DOMAIN

Код: Выделить всё

[2008/08/15 20:37:38, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2230)
  initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2008/08/15 20:37:39, 1] nsswitch/winbindd_util.c:trustdom_recv(230)
  Could not receive trustdoms

Код: Выделить всё

filesrv# kinit Admin
Admin@DOMAIN's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week

Код: Выделить всё

filesrv# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: Admin@Domain

Код: Выделить всё

  Issued           Expires          Principal
Aug 15 20:39:11  Aug 16 03:19:11  krbtgt/Domain@Domain

Код: Выделить всё

[2008/08/15 20:31:07, 0] libads/kerberos.c:ads_kinit_password(228)
  kerberos_kinit_password FILESRV$@DOMAIN failed: Client not found in Kerberos database
[2008/08/15 20:31:07, 1] nsswitch/winbindd_ads.c:ads_cached_connection(128)
  ads_connect for domain DOMAIN failed: Client not found in Kerberos database
ee krb5.conf

Код: Выделить всё

[libdefaults]
        default_realm = DOMAIN
        dns_lookup_realm = false
        dns_lookup_kdc = false
        ticket_lifetime = 24000
        kdc_req_checksum_type = 2
        checksum_type = 2
        ccache_type = 1
        proxiable = true
        forwardable = true
        clockskew = 300
        v4_instance_resolve = false

[realms]
        DOMAIN = {
            kdc = tcp/192.168.0.6:88
            admin_server = 192.168.0.6:749
            default_domain = domain
        }

[domain_realm]
        .domain  = DOMAIN

[pam]
        debug = false
        ticket_lifetime = 36000
        renew_lifetime = 36000
        forwardable = true
        krb4_convert = false

[login]
        krb4_convert = false
        krb4_get_tickets = false

[logging]
        default = FILE:/var/log/kerberos/krb5libs.log
        kdc = FILE:/var/log/kerberos/krb5kdc.log
        admin_server = FILE:/var/log/kerberos/kadmind.log

Load smb config files from /usr/local/etc/smb.conf
Processing section "[homes]"
Processing section "[tmp]"
Processing section "[music]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

[global]
        dos charset = cp866
        unix charset = koi8-r
        display charset = koi8-r
        workgroup = DOM
        realm = DOMAIN
        server string = File server
        security = ADS
        auth methods = winbind
        map to guest = Bad User
        password server = 192.168.0.6
        log file = /var/log/samba/log.%m
        max log size = 50
        client signing = Yes
        load printers = No
        disable spoolss = Yes
        show add printer wizard = No
        os level = 1
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        guest ok = Yes
        hosts allow = 192.168., 172.22., 127.
        case sensitive = No

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[tmp]
        comment = Temporary file space
        path = /tmp
        read only = No
        create mask = 0666
        directory mask = 0777

[music]
        comment = Music
        path = /var/shares/music
        read list = "@DOM\Domain Users"
        write list = "@DOM\Domain Admins"
        read only = No
        create mask = 0666
        directory mask = 0777

Re: Проблемы с Winbind

Добавлено: 2008-08-15 20:25:49
zg
ну а что конкретно не работает и какие ошибки после чего выдаёт?

UPD: раза с третьего нашёл, что ошибки уже есть в сообщении... глаза сломать можно :(

Re: Проблемы с Winbind

Добавлено: 2008-08-20 10:45:04
TeXNiC
В этой теме
http://forum.lissyara.su/viewtopic.php?f=8&t=6827
посмотри конфиги, они абсолютно рабочие.