Hi Julian,
That's a lot of new and interesting information! Thanks very much, I'll
be archiving this post.
Tomorrow I'll investigate further guarded with the stuff you told me.
MJ
On 06/05/2015 03:42 PM, Julien Semaan wrote:
> Hi Mourik,
>
> You can't use 'net ads testjoin' directly as you used before.
>
> You need to call these in the isolated domain chroots
> /usr/bin/sudo /sbin/ip netns exec OUR-WKGR /usr/bin/net ads testjoin -s
> /etc/samba/OUR-WKGR.conf
>
> Then to test the authentication :
> /usr/bin/sudo /usr/sbin/chroot /chroots/OUR-WKGR /usr/bin/ntlm_auth
> --username=YOUR_USERNAME
>
> And you can check winbindd the log in :
> /chroots/OUR-WKGR/var/log/sambamydomain/log.winbindd
>
> On 06/05/2015 03:27 AM, mourik jan heupink wrote:
>>
>> Hi,
>>
>> No reaction on the files I showed below, so I'm guessing that means
>> those look rather ok..?
>>
>> In short, this is the situation:
>>
>> gui shows: "test join success"
>> cli shows: "net ads testjoin" Join to domain is NOT valid
>>
>> -
>>
>> root@pf:/# /usr/local/pf/bin/pfcmd service winbindd start
>> service|command
>> memcached|already started
>> httpd.admin|already started
>> Checking configuration sanity...
>> Unable to setup corepath for winbindd: No such file or directory
>>
>> -
>>
>> Jun 04 16:46:04 pfcmd.pl(10108) WARN: winbindd-OUR-WKGR.conf timed out
>> trying to start (pf::services::manager::postStartCleanu
>>
>> -
>>
>> * Where can I check what 'corepath' pfcmd is talking about?
>> * Where can I get more details on winbindd-OUR-WKGR.conf?
>>
>> Regards,
>> MJ
>>
>> On 06/04/2015 04:51 PM, heupink wrote:
>>> Hi Louis, list,
>>>
>>> In packetfence logs we see:
>>> Jun 04 16:46:04 pfcmd.pl(10108) WARN: winbindd-OUR-WKGR.conf timed out
>>> trying to start (pf::services::manager::postStartCleanu
>>>
>>> Unable to setup corepath for winbindd: No such file or directory
>>>
>>> As requested, the files:
>>>
>>> root@pf:~# cat /etc/resolv.conf
>>> domain company.com
>>> nameserver x.y.z.14
>>> nameserver x.y.z.15
>>> nameserver x.y.z.16
>>> nameserver x.y.z.1
>>> (nb: first three are DC's)
>>>
>>> root@pf:~# cat /etc/samba/smb.conf
>>> [global]
>>> workgroup = OUR-WKGR
>>> server string = Samba Server Version %v
>>> security = ads
>>> realm = SAMBA.COMPANY.COM
>>> domain master = no
>>> local master = no
>>> preferred master = no
>>> winbind separator = +
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>> winbind use default domain = yes
>>> winbind nested groups = yes
>>> winbind refresh tickets = yes
>>> template homedir = /home/%D/%U
>>> template shell = /bin/bash
>>> client use spnego = yes
>>> client ntlmv2 auth = yes
>>> encrypt passwords = yes
>>> restrict anonymous = 2
>>> log file = /var/log/samba/log.%m
>>> max log size = 50
>>>
>>> root@pf:~# cat /etc/krb5.conf
>>> [libdefaults]
>>> default_realm = SAMBA.COMPANY.COM
>>>
>>> # The following krb5.conf variables are only for MIT Kerberos.
>>> krb4_config = /etc/krb.conf
>>> krb4_realms = /etc/krb.realms
>>> kdc_timesync = 1
>>> ccache_type = 4
>>> forwardable = true
>>> proxiable = true
>>>
>>> # The following encryption type specification will be used by MIT Kerberos
>>> # if uncommented. In general, the defaults in the MIT Kerberos code are
>>> # correct and overriding these specifications only serves to disable new
>>> # encryption types as they are added, creating interoperability problems.
>>> #
>>> # Thie only time when you might need to uncomment these lines and change
>>> # the enctypes is if you have local software that will break on ticket
>>> # caches containing ticket encryption types it doesn't know about (such as
>>> # old versions of Sun Java).
>>>
>>> # default_tgs_enctypes = des3-hmac-sha1
>>> # default_tkt_enctypes = des3-hmac-sha1
>>> # permitted_enctypes = des3-hmac-sha1
>>>
>>> # The following libdefaults parameters are only for Heimdal Kerberos.
>>> v4_instance_resolve = false
>>> v4_name_convert = {
>>> host = {
>>> rcmd = host
>>> ftp = ftp
>>> }
>>> plain = {
>>> something = something-else
>>> }
>>> }
>>> fcc-mit-ticketflags = true
>>>
>>> [realms]
>>>
>>> SAMBA.COMPANY.COM = {
>>> kdc = dc2.samba.company.com
>>> admin_server = dc2.samba.company.com
>>> default_domain = SAMBA.COMPANY.COM
>>> }
>>>
>>>
>>>
>>>
>>> [domain_realm]
>>>
>>> SAMBA.COMPANY.COM = SAMBA.COMPANY.COM
>>> .SAMBA.COMPANY.COM = SAMBA.COMPANY.COM
>>>
>>>
>>>
>>>
>>> [login]
>>> krb4_convert = true
>>> krb4_get_tickets = false
>>>
>>>
>>>
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> PacketFence-users mailing list
>> PacketFence-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
> --
> Julien Semaan
> jsem...@inverse.ca :: +1.514.447.4918 *155 :: www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
