distance
Advanced Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
у меня проблема с samba3 и AD...
установлен RedHat EL4
Linux rh4.domain.local 2.6.9-5.ELsmp
конфиги krb
=== /etc/krb5.conf ===
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
forwardable = true
proxiable = true
[realms]
DOMAIN.LOCAL = {
kdc = solo.domain.local:88
default_domain = domain.local
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
=== /etc/krb5.conf ===
=== /var/kerberos/krb5kdc/kdc.conf ===
[kdcdefaults]
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
v4_mode = nopreauth
[realms]
DOMAIN.LOCAL= {
master_key_type = des-cbc-crc
supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
=== /var/kerberos/krb5kdc/kdc.conf ===
конфиг самбы
=== /etc/samba/smb.conf ===
[global]
workgroup = DOMAIN
realm = DOMAIN.LOCAL
server string = Samba Server v%v
security = ADS
password server = SOLO
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[pub]
comment = Public share
path = /pub
read only = No
=== /etc/samba/smb.conf ===
SOLO = DC (win2003 sp1)
далее было проделано:
kinit Administrator@DOMAIN.LOCAL
net ads join -U Administrator -S solo.domain.local -w DOMAIN.LOCAL
без ошибок
winbindd запущен, и тоже работает нормально, например wbinfo -g выдает группы в домене etc
с linux-машинки я через smbclient могу смотрить и подключаться к win-шарам
но вот наоборот...
пишу:
net view \\rh4
System error 5 has occurred.
Access is denied.
пробую подсоединить диск
net use x: \\rh4\pub /user:DOMAIN\Administrator
The password is invalid for \\rh4\pub.
Type the password for \\rh4\pub: <- предлагается ввести пароль
System error 1326 has occurred.
Logon failure: unknown user name or bad password.
net use без пароля - симптомы те же
в это время в логах:
==> /var/log/samba/192.168.133.159.log <==
[2005/07/29 18:55:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/07/29 18:55:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/07/29 18:55:29, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/07/29 18:55:29, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/07/29 18:55:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/07/29 18:55:35, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/07/29 18:55:35, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/07/29 18:55:38, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
чего самбе не нравится? |
