Hi Julian, That's a lot of new and interesting information! Thanks very much, I'll be archiving this post.
Tomorrow I'll investigate further guarded with the stuff you told me. MJ On 06/05/2015 03:42 PM, Julien Semaan wrote: > Hi Mourik, > > You can't use 'net ads testjoin' directly as you used before. > > You need to call these in the isolated domain chroots > /usr/bin/sudo /sbin/ip netns exec OUR-WKGR /usr/bin/net ads testjoin -s > /etc/samba/OUR-WKGR.conf > > Then to test the authentication : > /usr/bin/sudo /usr/sbin/chroot /chroots/OUR-WKGR /usr/bin/ntlm_auth > --username=YOUR_USERNAME > > And you can check winbindd the log in : > /chroots/OUR-WKGR/var/log/sambamydomain/log.winbindd > > On 06/05/2015 03:27 AM, mourik jan heupink wrote: >> >> Hi, >> >> No reaction on the files I showed below, so I'm guessing that means >> those look rather ok..? >> >> In short, this is the situation: >> >> gui shows: "test join success" >> cli shows: "net ads testjoin" Join to domain is NOT valid >> >> - >> >> root@pf:/# /usr/local/pf/bin/pfcmd service winbindd start >> service|command >> memcached|already started >> httpd.admin|already started >> Checking configuration sanity... >> Unable to setup corepath for winbindd: No such file or directory >> >> - >> >> Jun 04 16:46:04 pfcmd.pl(10108) WARN: winbindd-OUR-WKGR.conf timed out >> trying to start (pf::services::manager::postStartCleanu >> >> - >> >> * Where can I check what 'corepath' pfcmd is talking about? >> * Where can I get more details on winbindd-OUR-WKGR.conf? >> >> Regards, >> MJ >> >> On 06/04/2015 04:51 PM, heupink wrote: >>> Hi Louis, list, >>> >>> In packetfence logs we see: >>> Jun 04 16:46:04 pfcmd.pl(10108) WARN: winbindd-OUR-WKGR.conf timed out >>> trying to start (pf::services::manager::postStartCleanu >>> >>> Unable to setup corepath for winbindd: No such file or directory >>> >>> As requested, the files: >>> >>> root@pf:~# cat /etc/resolv.conf >>> domain company.com >>> nameserver x.y.z.14 >>> nameserver x.y.z.15 >>> nameserver x.y.z.16 >>> nameserver x.y.z.1 >>> (nb: first three are DC's) >>> >>> root@pf:~# cat /etc/samba/smb.conf >>> [global] >>> workgroup = OUR-WKGR >>> server string = Samba Server Version %v >>> security = ads >>> realm = SAMBA.COMPANY.COM >>> domain master = no >>> local master = no >>> preferred master = no >>> winbind separator = + >>> winbind enum users = yes >>> winbind enum groups = yes >>> winbind use default domain = yes >>> winbind nested groups = yes >>> winbind refresh tickets = yes >>> template homedir = /home/%D/%U >>> template shell = /bin/bash >>> client use spnego = yes >>> client ntlmv2 auth = yes >>> encrypt passwords = yes >>> restrict anonymous = 2 >>> log file = /var/log/samba/log.%m >>> max log size = 50 >>> >>> root@pf:~# cat /etc/krb5.conf >>> [libdefaults] >>> default_realm = SAMBA.COMPANY.COM >>> >>> # The following krb5.conf variables are only for MIT Kerberos. >>> krb4_config = /etc/krb.conf >>> krb4_realms = /etc/krb.realms >>> kdc_timesync = 1 >>> ccache_type = 4 >>> forwardable = true >>> proxiable = true >>> >>> # The following encryption type specification will be used by MIT Kerberos >>> # if uncommented. In general, the defaults in the MIT Kerberos code are >>> # correct and overriding these specifications only serves to disable new >>> # encryption types as they are added, creating interoperability problems. >>> # >>> # Thie only time when you might need to uncomment these lines and change >>> # the enctypes is if you have local software that will break on ticket >>> # caches containing ticket encryption types it doesn't know about (such as >>> # old versions of Sun Java). >>> >>> # default_tgs_enctypes = des3-hmac-sha1 >>> # default_tkt_enctypes = des3-hmac-sha1 >>> # permitted_enctypes = des3-hmac-sha1 >>> >>> # The following libdefaults parameters are only for Heimdal Kerberos. >>> v4_instance_resolve = false >>> v4_name_convert = { >>> host = { >>> rcmd = host >>> ftp = ftp >>> } >>> plain = { >>> something = something-else >>> } >>> } >>> fcc-mit-ticketflags = true >>> >>> [realms] >>> >>> SAMBA.COMPANY.COM = { >>> kdc = dc2.samba.company.com >>> admin_server = dc2.samba.company.com >>> default_domain = SAMBA.COMPANY.COM >>> } >>> >>> >>> >>> >>> [domain_realm] >>> >>> SAMBA.COMPANY.COM = SAMBA.COMPANY.COM >>> .SAMBA.COMPANY.COM = SAMBA.COMPANY.COM >>> >>> >>> >>> >>> [login] >>> krb4_convert = true >>> krb4_get_tickets = false >>> >>> >>> >>> >>> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Julien Semaan > jsem...@inverse.ca :: +1.514.447.4918 *155 :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users