On Mon, 16 Aug 2004 19:34:20 +0800, Joey Legaspi <[EMAIL PROTECTED]> wrote: > Hello pluggers! > > I have a win2k PDC and a Mandrake10 box. My end goal is to have > Subversion > running on the linux box and authenticating agains win2k. Right now I > can't > even get winbind to work.
Okay, I have a similar setup, although I'm running RH 9. Our SVN repository authenticates against the win2k AD via mod_auth_pam/pam_winbindd on Apache 2, with SVN exposed via mod_dav_svn. In my experience, authentication via winbind tends to fail/die when the drift between the server and the PDC is greater than five minutes (due to the use of Kerberos). If % net ads info gives you a server drift greater than 300secs (absolute value of, of course), then that's the problem. To properly synch my SVN server against the SVN, I have ntpd running on it, with ntp.conf having the PDC as the primary time source. Of course, it would be better if your PDC is synched to an external time source instead, but if you don't have control of your PDC (as my setup), that's the best you can do-- synch against only the PDC instead of a more reliable time source. Following is a checklist I go through when I get problems in authenticating users: * did you do a 'kinit -U [EMAIL PROTECTED]' beforehand to set up a valid Kerberos ticket? * is the server drift too large? * is winbindd running? HTH -- JM Ibanez - A million monkeys can't go wrong... http://www.livejournal.com/~jmibanez/ http://www.mycgiserver.com/~butiki/ -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
