Hello,
I installed Samba 3 + kerberos + winbind to make the debian server joining
the Active directory service.
Everything seems to be ok, except the authentification. If i try to go to
the share of the linux server, it asks me the password. And of course, no
way to log in. B
Here is the config:
*samba*
[global]
workgroup = TEST
realm = CARDS.BE.TEST.COM.LOCAL
server string = %h server (Samba %v)
; wins support = no
; wins server = w.x.y.z
dns proxy = no
; name resolve order = lmhosts host wins bcast
use spnego = yes
log file = /var/log/samba/log.%m
max log size = 1000
; syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
idmap uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
idmap gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
security = ADS
encrypt passwords = yes
passdb backend = tdbsam guest
obey pam restrictions = yes
password server = zscards-pdc
netbios name = rantanplan
; guest account = nobody
invalid users = root
; unix password sync = no
; passwd program = /usr/bin/passwd %u# passwd chat
*Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
; pam password change = no
; load printers = yes
; preserve case = yes
; short preserve case = yes
; include = /home/samba/etc/smb.conf.%m
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
; message command = /bin/sh -c '/usr/bin/linpopup "%f"
"%m" %s; rm %s' &
; domain master = auto
idmap uid = 10000-20000
idmap gid = 10000-20000
; template shell = /bin/bash
[admin]
comment = Administration Directory
path = /home/benoit
admin users = bmo
browseable = yes
public = no
writable = yes
guest only = no
valid users = bmo
*kerberos*
[libdefaults]
default_realm = CAR.BE.TESTCOM
[realms]
CAR.BE.TEST.COM = {
kdc = car-pdc.cards.be.test.com
default_domain = car.be.test.com
}
#[domain_realms]
#.kerberos.server=CAR.BE.TEST.COM
# The following krb5.conf variables are only for MIT Kerberos.
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[login]
krb4_convert = true
krb4_get_tickets = true
*winbind* (logs)
2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain CAR CAR.BE.TEST.COM.LOCAL S-0-0
[2004/06/07 13:38:57, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306)
krb5_cc_get_principal failed (No credentials cache found)
[2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain BUILTIN S-1-5-32
[2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain RANTANPLAN S-1-5-21-837388855-3362161430-1770541169
All commands like kinit, net ads join, wbinfo -u (-g), getent etc
works.>From the linux server, no problem to go to the shares of the domain
controller (wich is a windows 2003 server).
Any help would be helpful
Regards,
Benoit