Hi,
First excuse me for my bad english...
FC4 & win2003 are in french, all have the last patch/updates
FC4 & win2003 are on the same VLAN
FC4 can ping my 'PDC' with IP or short name or FQDN
I would like to authenticate connexions on my FC4 (samba & ssh) with users from my AD 2003.
For that I use winbind... I think this is correct, no ?
Here my confs :
krb5.conf :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MY-DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
MY-DOMAIN.COM = {
kdc = mypdc
admin_server = mypdc
}
[domain_realm]
.my-domain.com = MY-DOMAIN.COM
my-domain.com = MY-DOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
smb.conf :
# Global parameters
[global]
workgroup = MYSHORTDOMAINEFR
realm = MY-DOMAINE.COM
server string = Samba Server THEHOST
security = ADS
auth methods = winbind
password server = mypdc.my-domain.com
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = 172.16.0.1, 172.16.0.2
ldap ssl = no
idmap uid = 16777216-33554431
idmap gid = 10000-40000
template shell = /bin/bash
winbind separator = \
winbind use default domain = Yes
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
nsswitch.conf :
passwd: files winbind
shadow: files
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc: files
services: files winbind
netgroup: files winbind
publickey: nisplus
automount: files winbind
aliases: files nisplus
the commands results :
Join my ads :
[root@myfc4]# net ads join -S MYSHORTDOMAINEFR -U administrator
administrator's password:
[2005/11/28 13:33:09, 0] libads/ldap.c:ads_add_machine_acct(1405)
ads_add_machine_acct: Host account for myfc4 already exists - modifying old account
Using short domain name -- MYSHORTDOMAINEFR
Joined 'ORION' to realm 'MY-DOMAIN.COM'
when I test with wbinfo -u :
user1
user2
computer3
...
instead of :
MYSHORTDOMAINEFR\user1
MYSHORTDOMAINEFR\user2
MYSHORTDOMAINEFR\coputer3
...
idem for wbinfo -g... I've no domain in the output result
getent passwd or group :
return me all my locals account and all others from my ADS but always without MYSHORTDOMAINEFR
I THINK THAT IS NOT VERY GOOD... isn't it ?
from my XP client :
I can loggin into myfc4 with putty / ssh with user1 and the passwd but not with MYSHORTDOMAINEFR\user1.
I can't loggin into myfc4 / samba --> I've try with user1 and MYSHORTDOMAINEFR\user1 but the access is refused at all...
In /var/log/samba/smbd.log, I found :
[2005/11/28 13:47:23, 0] lib/util_sock.c:get_peer_addr(1150)
getpeername failed. Error was Transport endpoint is not connected
This lines appear each time my XP or my server2003 try to connect on myfc4 before the authentication.
at the start of the winbind deamon I've this log in '/var/log/samba/winbindd.log' :
[2005/11/28 13:09:21, 1] nsswitch/winbindd.c:main(864)
winbindd version 3.0.14a-2 started.
Copyright The Samba Team 2000-2004
[2005/11/28 13:32:31, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'x' does not exist
[2005/11/28 13:32:31, 1] nsswitch/winbindd_user.c:winbindd_getpwuid(238)
could not convert uid 16777217 to SID
[2005/11/28 13:46:10, 1] nsswitch/winbindd.c:main(864)
winbindd version 3.0.14a-2 started.
Copyright The Samba Team 2000-2004
And :
# tail -f /var/log/samba/myXP.log
[2005/11/28 13:53:11, 0] lib/util_sock.c:write_socket_data(430)
write_socket_data: write failure. Error = Connection reset by peer
[2005/11/28 13:53:11, 0] lib/util_sock.c:write_socket(455)
write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer
[2005/11/28 13:53:11, 0] lib/util_sock.c:send_smb(647)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2005/11/28 13:53:11, 0] auth/auth_winbind.c:check_winbind_security(123)
check_winbind_security: ERROR! my_private_data == NULL!
[2005/11/28 13:53:11, 0] auth/auth_winbind.c:check_winbind_security(123)
check_winbind_security: ERROR! my_private_data == NULL!
# tail -f /var/log/samba/mypdc.log
[2005/11/28 13:47:23, 0] lib/util_sock.c:write_socket(455)
write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer
[2005/11/28 13:47:23, 0] lib/util_sock.c:send_smb(647)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2005/11/28 13:52:34, 0] lib/util_sock.c:write_socket_data(430)
write_socket_data: write failure. Error = Connection reset by peer
[2005/11/28 13:52:34, 0] lib/util_sock.c:write_socket(455)
write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer
[2005/11/28 13:52:34, 0] lib/util_sock.c:send_smb(647)
Error writing 4 bytes to client. -1. (Connection reset by peer)
all suggestions would be very appreciated
regards
tom
Linear Mode
