forum.lissyara.su • squid + samba + ad

Страница 1 из 1

squid + samba + ad

Добавлено: 2007-11-30 10:29:14

AlkoGekS

Вобщем решил по статье поставить сквид с авторизацией в домене.
Поставил самбу, но винбинд категорически отказывается запускаться:
Выдает следующее:

Код: Выделить всё

Nov 30 10:20:01 bsdsrv /usr/sbin/cron[4826]: (root) CMD (/usr/libexec/atrun)
Nov 30 10:20:01 bsdsrv cron[4826]: NSSWITCH(nss_method_lookup): winbind, group, setgrent, not found
Nov 30 10:20:01 bsdsrv cron[4826]: NSSWITCH(nss_method_lookup): winbind, group, getgrent_r, not found
Nov 30 10:20:01 bsdsrv cron[4826]: NSSWITCH(nss_method_lookup): winbind, group, endgrent, not found
Nov 30 10:20:01 bsdsrv cron[4826]: NSSWITCH(nss_method_lookup): winbind, passwd, endpwent, not found
Nov 30 10:22:01 bsdsrv /usr/sbin/cron[4833]: (operator) CMD (/usr/libexec/save-entropy)
Nov 30 10:22:01 bsdsrv cron[4833]: NSSWITCH(nss_method_lookup): winbind, group, setgrent, not found
Nov 30 10:22:01 bsdsrv cron[4833]: NSSWITCH(nss_method_lookup): winbind, group, getgrent_r, not found
Nov 30 10:22:01 bsdsrv cron[4833]: NSSWITCH(nss_method_lookup): winbind, group, endgrent, not found
Nov 30 10:22:01 bsdsrv cron[4833]: NSSWITCH(nss_method_lookup): winbind, passwd, endpwent, not found
Nov 30 10:25:01 bsdsrv /usr/sbin/cron[4862]: (root) CMD (/usr/libexec/atrun)
Nov 30 10:25:01 bsdsrv cron[4862]: NSSWITCH(nss_method_lookup): winbind, group, setgrent, not found
Nov 30 10:25:01 bsdsrv cron[4862]: NSSWITCH(nss_method_lookup): winbind, group, getgrent_r, not found
Nov 30 10:25:01 bsdsrv cron[4862]: NSSWITCH(nss_method_lookup): winbind, group, endgrent, not found
Nov 30 10:25:01 bsdsrv cron[4862]: NSSWITCH(nss_method_lookup): winbind, passwd, endpwent, not found

Затем не могу получить билет кербероса:

Код: Выделить всё

bsdsrv# kinit Lexx
Lexx@RUSKON002.LOCAL's Password:
kinit: krb5_get_init_creds: unable to reach any KDC in realm RUSKON002.LOCAL
bsdsrv#

Конфиг кербероса:

Код: Выделить всё

bsdsrv# cat /etc/krb5.conf
[libdefaults]
        default_realm = RUSKON002.LOCAL

[realms]
        RUSKON002.LOCAL = {
                kdc = RUSKON002.LOCAL
                admin_server = RUSKON002.LOCAL
        }

[domain_realm]
        .ruskon002.local = RUSKON002.LOCAL

[logging]
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log
bsdsrv#

Так же конфиг nsswitch.conf

Код: Выделить всё

bsdsrv# cat /etc/nsswitch.conf
group: files winbind
passwd: files winbind
group_compat: nis
passwd_compat: nis
hosts: files dns
networks: files
shells: files
bsdsrv#

Еще такой вопрос, владелец файлов krb5kdc.log kadmin.log krb5lib.log кто должен быть?

еще логи винбинда:

Код: Выделить всё

[2007/11/30 13:12:02, 0] param/loadparm.c:service_ok(3011)
  WARNING: No path in service data - making it unavailable!
[2007/11/30 13:12:02, 1] param/loadparm.c:service_ok(3018)
  NOTE: Service data is flagged unavailable.
[2007/11/30 13:12:03, 1] nsswitch/winbindd.c:main(990)
  winbindd version 3.0.26a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/11/30 13:12:03, 0] param/loadparm.c:service_ok(3011)
  WARNING: No path in service data - making it unavailable!
[2007/11/30 13:12:03, 1] param/loadparm.c:service_ok(3018)
  NOTE: Service data is flagged unavailable.

и

Код: Выделить всё

[2007/11/30 13:12:03, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(222
3)
  initialize_winbindd_cache: clearing cache and re-creating with version number
1
[2007/11/30 13:12:03, 0] nsswitch/winbindd_util.c:init_domain_list(511)
  Could not fetch our SID - did we join?
[2007/11/30 13:12:03, 0] nsswitch/winbindd.c:main(1091)
  unable to initalize domain list

Re: squid + samba + ad

Добавлено: 2007-11-30 13:45:38

Alex Keda

Код: Выделить всё

ping RUSKON002.LOCAL

Re: squid + samba + ad

Добавлено: 2007-11-30 13:49:40

AlkoGekS

Не пингуется.
Хотя пару недель назад, делал все точно так же, и работало, но тормозило, поэтому снес

Из винды пингуется на ип адрес моего компа

Re: squid + samba + ad

Добавлено: 2007-11-30 15:19:08

Alex Keda

пока не наччнёт пинговаться - ничё тебе не светит

Re: squid + samba + ad

Добавлено: 2007-11-30 15:20:02

AlkoGekS

Сделал. Пингуется. Получил билет кербероса. Но в домен нихочет все равно.

Код: Выделить всё

bsdsrv# net join -U Lexx
Lexx's password:
Failed to join domain: Operations error
ADS join did not work, falling back to RPC...
Unable to find a suitable server
Unable to find a suitable server
bsdsrv#

И все же винбинд так и отказываетс заводиться. и логи меня эти смущают:

Код: Выделить всё

Nov 30 10:22:01 bsdsrv /usr/sbin/cron[4833]: (operator) CMD (/usr/libexec/save-entropy)
Nov 30 10:22:01 bsdsrv cron[4833]: NSSWITCH(nss_method_lookup): winbind, group, setgrent, not found
Nov 30 10:22:01 bsdsrv cron[4833]: NSSWITCH(nss_method_lookup): winbind, group, getgrent_r, not found
Nov 30 10:22:01 bsdsrv cron[4833]: NSSWITCH(nss_method_lookup): winbind, group, endgrent, not found
Nov 30 10:22:01 bsdsrv cron[4833]: NSSWITCH(nss_method_lookup): winbind, passwd, endpwent, not found
Nov 30 10:25:01 bsdsrv /usr/sbin/cron[4862]: (root) CMD (/usr/libexec/atrun)
Nov 30 10:25:01 bsdsrv cron[4862]: NSSWITCH(nss_method_lookup): winbind, group, setgrent, not found
Nov 30 10:25:01 bsdsrv cron[4862]: NSSWITCH(nss_method_lookup): winbind, group, getgrent_r, not found
Nov 30 10:25:01 bsdsrv cron[4862]: NSSWITCH(nss_method_lookup): winbind, group, endgrent, not found
Nov 30 10:25:01 bsdsrv cron[4862]: NSSWITCH(nss_method_lookup): winbind, passwd, endpwent, not found

Флудит ими каждые 5 минут

Re: squid + samba + ad

Добавлено: 2007-12-03 12:02:02

AlkoGekS

Все равно не получается ввести самбу в домен. Вот привожу все логи что есть.. на библиотеки ругается

Код: Выделить всё

bsdsrv# cat log.nmbd
[2007/12/03 11:44:38, 0] nmbd/nmbd.c:main(697)
  Netbios nameserver version 3.0.26a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/03 11:50:02, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
  *****
  Samba name server BSDSRV is now a local master browser for workgroup RUSKON002.LOCAL on subnet 213.247.226.33
  *****
[2007/12/03 11:50:02, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
  *****
  Samba name server BSDSRV is now a local master browser for workgroup RUSKON002.LOCAL on subnet 192.168.0.202
  *****
[2007/12/03 11:52:35, 0] nmbd/nmbd.c:terminate(58)
  Got SIGTERM: going down...
[2007/12/03 11:52:35, 0] nmbd/nmbd.c:main(697)
  Netbios nameserver version 3.0.26a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/03 11:56:53, 0] nmbd/nmbd.c:terminate(58)
  Got SIGTERM: going down...
[2007/12/03 11:56:53, 0] nmbd/nmbd.c:main(697)
  Netbios nameserver version 3.0.26a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
bsdsrv#

Код: Выделить всё

bsdsrv# cat log.smbd
[2007/12/03 11:44:38, 0] smbd/server.c:main(944)
  smbd version 3.0.26a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/03 11:44:38, 0] param/loadparm.c:service_ok(3011)
  WARNING: No path in service data - making it unavailable!
[2007/12/03 11:44:38, 1] param/loadparm.c:service_ok(3018)
  NOTE: Service data is flagged unavailable.
[2007/12/03 11:52:35, 0] smbd/server.c:main(944)
  smbd version 3.0.26a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/03 11:56:53, 0] smbd/server.c:main(944)
  smbd version 3.0.26a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
bsdsrv#

Код: Выделить всё

bsdsrv# cat log.winbindd
[2007/12/03 11:44:38, 1] nsswitch/winbindd.c:main(990)
  winbindd version 3.0.26a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/03 11:44:38, 0] param/loadparm.c:service_ok(3011)
  WARNING: No path in service data - making it unavailable!
[2007/12/03 11:44:38, 1] param/loadparm.c:service_ok(3018)
  NOTE: Service data is flagged unavailable.
[2007/12/03 11:44:40, 1] nsswitch/winbindd.c:main(990)
  winbindd version 3.0.26a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/03 11:44:40, 0] param/loadparm.c:service_ok(3011)
  WARNING: No path in service data - making it unavailable!
[2007/12/03 11:44:40, 1] param/loadparm.c:service_ok(3018)
  NOTE: Service data is flagged unavailable.
[2007/12/03 11:52:35, 1] nsswitch/winbindd.c:main(990)
  winbindd version 3.0.26a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
[2007/12/03 11:56:53, 1] nsswitch/winbindd.c:main(990)
  winbindd version 3.0.26a started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
bsdsrv#

Код: Выделить всё

bsdsrv# cat smbd..log
[2007/12/03 11:44:38, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(241)
  startsmbfilepwent_internal: file /usr/local/etc/samba/smbpasswd did not exist. File successfully created.
[2007/12/03 11:44:38, 1] lib/account_pol.c:account_policy_get(286)
  account_policy_get: tdb_fetch_uint32 failed for field 1 (min password length), returning 0
[2007/12/03 11:44:38, 1] lib/account_pol.c:account_policy_get(286)
  account_policy_get: tdb_fetch_uint32 failed for field 2 (password history), returning 0
[2007/12/03 11:44:38, 1] lib/account_pol.c:account_policy_get(286)
  account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to change password), returning 0
[2007/12/03 11:44:38, 1] lib/account_pol.c:account_policy_get(286)
  account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age), returning 0
[2007/12/03 11:44:38, 1] lib/account_pol.c:account_policy_get(286)
  account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age), returning 0
[2007/12/03 11:44:38, 1] lib/account_pol.c:account_policy_get(286)
  account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration), returning 0
[2007/12/03 11:44:38, 1] lib/account_pol.c:account_policy_get(286)
  account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count minutes), returning 0
[2007/12/03 11:44:38, 1] lib/account_pol.c:account_policy_get(286)
  account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout attempt), returning 0
[2007/12/03 11:44:38, 1] lib/account_pol.c:account_policy_get(286)
  account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time), returning 0
[2007/12/03 11:44:38, 1] lib/account_pol.c:account_policy_get(286)
  account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine password change), returning 0
[2007/12/03 11:44:38, 0] printing/nt_printing.c:nt_printing_init(650)
  nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
[2007/12/03 11:47:37, 0] lib/util_tdb.c:tdb_log(662)
  tdb(/var/db/samba/gencache.tdb): tdb_reopen: file dev/inode has changed!
[2007/12/03 11:47:37, 0] smbd/server.c:open_sockets_smbd(572)
  tdb_reopen_all failed.
[2007/12/03 11:47:37, 0] lib/util.c:smb_panic(1632)
  PANIC (pid 66582): tdb_reopen_all failed.
[2007/12/03 11:47:37, 0] lib/util.c:log_stack_trace(1736)
  BACKTRACE: 3 stack frames:
   #0 0x8227459 <smb_panic+73> at /usr/local/sbin/smbd
   #1 0x82cbdb5 <main+4773> at /usr/local/sbin/smbd
   #2 0x8089452 <_start+118> at /usr/local/sbin/smbd
[2007/12/03 11:47:37, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/samba/cores/smbd
[2007/12/03 11:47:37, 0] lib/util_tdb.c:tdb_log(662)
  tdb(/var/db/samba/gencache.tdb): tdb_reopen: file dev/inode has changed!
[2007/12/03 11:47:37, 0] smbd/server.c:open_sockets_smbd(572)
  tdb_reopen_all failed.
[2007/12/03 11:47:37, 0] lib/util.c:smb_panic(1632)
  PANIC (pid 66583): tdb_reopen_all failed.
[2007/12/03 11:47:37, 0] lib/util.c:log_stack_trace(1736)
  BACKTRACE: 3 stack frames:
   #0 0x8227459 <smb_panic+73> at /usr/local/sbin/smbd
   #1 0x82cbdb5 <main+4773> at /usr/local/sbin/smbd
   #2 0x8089452 <_start+118> at /usr/local/sbin/smbd
[2007/12/03 11:47:37, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/samba/cores/smbd
[2007/12/03 11:47:37, 0] lib/util_tdb.c:tdb_log(662)
  tdb(/var/db/samba/gencache.tdb): tdb_reopen: file dev/inode has changed!
[2007/12/03 11:47:37, 0] smbd/server.c:open_sockets_smbd(572)
  tdb_reopen_all failed.
[2007/12/03 11:47:37, 0] lib/util.c:smb_panic(1632)
  PANIC (pid 66584): tdb_reopen_all failed.
[2007/12/03 11:47:37, 0] lib/util.c:log_stack_trace(1736)
  BACKTRACE: 3 stack frames:
   #0 0x8227459 <smb_panic+73> at /usr/local/sbin/smbd
   #1 0x82cbdb5 <main+4773> at /usr/local/sbin/smbd
   #2 0x8089452 <_start+118> at /usr/local/sbin/smbd
[2007/12/03 11:47:37, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/samba/cores/smbd
[2007/12/03 11:47:58, 0] lib/util_tdb.c:tdb_log(662)
  tdb(/var/db/samba/gencache.tdb): tdb_reopen: file dev/inode has changed!
[2007/12/03 11:47:58, 0] smbd/server.c:open_sockets_smbd(572)
  tdb_reopen_all failed.
[2007/12/03 11:47:58, 0] lib/util.c:smb_panic(1632)
  PANIC (pid 66586): tdb_reopen_all failed.
[2007/12/03 11:47:58, 0] lib/util.c:log_stack_trace(1736)
  BACKTRACE: 3 stack frames:
   #0 0x8227459 <smb_panic+73> at /usr/local/sbin/smbd
   #1 0x82cbdb5 <main+4773> at /usr/local/sbin/smbd
   #2 0x8089452 <_start+118> at /usr/local/sbin/smbd
[2007/12/03 11:47:58, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/samba/cores/smbd
[2007/12/03 11:47:58, 0] lib/util_tdb.c:tdb_log(662)
  tdb(/var/db/samba/gencache.tdb): tdb_reopen: file dev/inode has changed!
[2007/12/03 11:47:58, 0] smbd/server.c:open_sockets_smbd(572)
  tdb_reopen_all failed.
[2007/12/03 11:47:58, 0] lib/util.c:smb_panic(1632)
  PANIC (pid 66587): tdb_reopen_all failed.
[2007/12/03 11:47:58, 0] lib/util.c:log_stack_trace(1736)
  BACKTRACE: 3 stack frames:
   #0 0x8227459 <smb_panic+73> at /usr/local/sbin/smbd
   #1 0x82cbdb5 <main+4773> at /usr/local/sbin/smbd
   #2 0x8089452 <_start+118> at /usr/local/sbin/smbd
[2007/12/03 11:47:58, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/samba/cores/smbd
[2007/12/03 11:47:58, 0] lib/util_tdb.c:tdb_log(662)
  tdb(/var/db/samba/gencache.tdb): tdb_reopen: file dev/inode has changed!
[2007/12/03 11:47:58, 0] smbd/server.c:open_sockets_smbd(572)
  tdb_reopen_all failed.
[2007/12/03 11:47:58, 0] lib/util.c:smb_panic(1632)
  PANIC (pid 66588): tdb_reopen_all failed.
[2007/12/03 11:47:58, 0] lib/util.c:log_stack_trace(1736)
  BACKTRACE: 3 stack frames:
   #0 0x8227459 <smb_panic+73> at /usr/local/sbin/smbd
   #1 0x82cbdb5 <main+4773> at /usr/local/sbin/smbd
   #2 0x8089452 <_start+118> at /usr/local/sbin/smbd
[2007/12/03 11:47:58, 0] lib/fault.c:dump_core(181)
  dumping core in /var/log/samba/cores/smbd
[2007/12/03 11:52:35, 0] printing/nt_printing.c:nt_printing_init(650)
  nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
[2007/12/03 11:56:53, 0] printing/nt_printing.c:nt_printing_init(650)
  nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
bsdsrv#

Код: Выделить всё

bsdsrv# cat winbindd..log
[2007/12/03 11:44:38, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2223)
  initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2007/12/03 11:44:38, 0] nsswitch/winbindd_util.c:init_domain_list(511)
  Could not fetch our SID - did we join?
[2007/12/03 11:44:38, 0] nsswitch/winbindd.c:main(1091)
  unable to initalize domain list
[2007/12/03 11:44:40, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2223)
  initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2007/12/03 11:44:40, 0] nsswitch/winbindd_util.c:init_domain_list(511)
  Could not fetch our SID - did we join?
[2007/12/03 11:44:40, 0] nsswitch/winbindd.c:main(1091)
  unable to initalize domain list
[2007/12/03 11:52:35, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2223)
  initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2007/12/03 11:52:35, 0] nsswitch/winbindd_util.c:init_domain_list(511)
  Could not fetch our SID - did we join?
[2007/12/03 11:52:35, 0] nsswitch/winbindd.c:main(1091)
  unable to initalize domain list
[2007/12/03 11:56:53, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2223)
  initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2007/12/03 11:56:53, 0] nsswitch/winbindd_util.c:init_domain_list(511)
  Could not fetch our SID - did we join?
[2007/12/03 11:56:53, 0] nsswitch/winbindd.c:main(1091)
  unable to initalize domain list
bsdsrv#

Re: squid + samba + ad

Добавлено: 2007-12-03 16:58:40

AlkoGekS

Разобрался наконец то... лишних .local понатыкал.
Машина в домене. Но команды wbinfo -u и wbinfo -g не пашут

И на саму шару зайти не реально... ниодин пароль не принимает

Re: squid + samba + ad

Добавлено: 2007-12-28 13:41:46

n025

тут проблема в winbindd

Код: Выделить всё

Dec 28 13:20:18 delta winbindd[98781]: [2007/12/28 13:20:18, 0] nsswitch/winbindd_util.c:init_domain_list(518)
Dec 28 13:20:18 delta winbindd[98781]:   Could not fetch our SID - did we join?
Dec 28 13:20:18 delta winbindd[98781]: [2007/12/28 13:20:18, 0] nsswitch/winbindd.c:main(1051)
Dec 28 13:20:18 delta winbindd[98781]:   unable to initalize domain list

вам удалось её побороть? тк столкнулся с этой же проблемой.....

Re: squid + samba + ad

Добавлено: 2007-12-28 14:35:34

n025

после завода в домен винбинд поднялся сам

Re: squid + samba + ad

Добавлено: 2007-12-29 7:57:43

HRonik

В коментах к статье http://www.lissyara.su/?id=1329 (вы же по ней поднимали все??)
написано что для корректной работы winbind нужно занести контролер домена в сам домен...

Re: squid + samba + ad

Добавлено: 2007-12-30 13:52:52

n025

да коменты я почитал уже намного пойзже......