Hello,
perhaps you have something bad with kerberos? To have a samba server in
an Active Directory I use kerberos so kerberos must be well configured
and TIME synced between samba server and the Domain controller (I use
ntpdate).
Second: Must have the samba server joined to the domain, so the commands:
net ads testjoin
wbinfo -u
wbinfo -g
must give succesfull result (with the winbind daemon running of course)
And finally, to use the Active Directory's users on samba server the
file /etc/nsswitch should have "winbind" directive on passwd and group
in order to recognize those users.
Detailed explanation of samba, kerberos and winbind can be found at:
http://wiki.samba.org/index.php/Samba_&_Active_Directory
And some minor changes at /etc/resolv.conf and /etc/hosts can be made in
order to avoid problems with dns.
Zorry i'm zleeppy :o
I hope this mail has given you some clue
night!
--
David
El 29/05/12 22:21, Carlos Eduardo escribi?:> Hi People ,
>
> I have this configuration in my samba?s server and when I use this command
: wbinfo -u
> This message is showed : Error looking up domain users. I need find AD
users to use samba.
>
> Thanks in advance,
>
> Eugenio,
>
> wbinfo --sequence
>
> SV0-SP : 1
> BUILTIN : 1
> LIVROS : DISCONNECTED
> REDE_SP : 4516361
>
> smbclient -L localhost -U%
>
> Domain=[REDE_SP] OS=[Unix] Server=[Samba 3.0.10-1.4E.9]
>
> Sharename Type Comment
> --------- ---- -------
> rip_j Disk Pasta rip para setor Juridico
> rip_a Disk Pasta Compartilhada do rip2
> troca Disk Pasta Compartilhada de Troca
> troca Disk Pasta Compartilhada de Troca2
> atual Disk Pasta Compartilhada do setor
> IPC$ IPC IPC Service (Samba 3.0.10-1.4E.9)
> ADMIN$ IPC IPC Service (Samba 3.0.10-1.4E.9)
> Domain=[REDE_SP] OS=[Unix] Server=[Samba 3.0.10-1.4E.9]
>
> Server Comment
> --------- -------
>
> SV70-SP Samba 3.0.10-1.4E.9
>
> Workgroup Master
> --------- -------
> REDE_SP SV4-SP
>
>
> wbinfo -t
> checking the trust secret via RPC calls failed
> error code was (0x0)
> Could not check secret
>
>
> wbinfo -u
> Error looking up domain users
>
> wbinfo -g
> BUILTIN+System Operators
> BUILTIN+Replicators
> BUILTIN+Guests
> BUILTIN+Power Users
> BUILTIN+Print Operators
> BUILTIN+Administrators
> BUILTIN+Account Operators
> BUILTIN+Backup Operators
> BUILTIN+Users
>
> vi /etc/samba/smb.conf
>
> netbios name = SV0-SP
> comment = Servidor de Arquivos
> workgroup = MATRIZNT1_SP
> security = domain
> ;printing = cups
> ;printcap name = cups
> ;printcap cache time = 750
> ;cups options = raw
> map to guest = Bad User
> passdb backend = tdbsam
> ; ldap admin dn = cn=Administrator,dc=serverinterno,dc=com,dc=br
> ; ldap suffix = dc=serverinterno,dc=com,dc=br
> domain logons = no
> ;log level = 2
> log level = 3
> log file = /var/log/samba/log.%m
> ; vfs object = full_audit
> syslog only = no
> local master = no
> wins server = 127.27.0.17
> wins support = no
> name resolve order = lmhosts host wins bcast
> dns proxy = yes
> #socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192
SO_RCVBUF=8192
> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
SO_RCVBUF=65535 SO_SNDBUF=65535
> os level = 120
> oplocks = yes
> level2 oplocks = yes
> add machine script > preferred master = auto
> load printers = no
> encrypt passwords = yes
> client use spnego = yes
> realm = SERVERINTERNO.COM.BR
> idmap uid = 10000-30000
> idmap gid = 10000-30000
> template shell = /sbin/nologin
> winbind cache time = 600
> winbind enum users = yes
> winbind enum groups = yes
> winbind separator = +
> winbind use default domain = no
> template homedir = /home/%D/%U
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> hosts allow = 127.22.
> max disk size = 0
> password server = 127.27.0.190
> create mask = 2777
> directory mask = 2777
> hide dot files = no
> guest ok = yes