Hello,
perhaps you have something bad with kerberos? To have a samba server in
an Active Directory I use kerberos so kerberos must be well configured
and TIME synced between samba server and the Domain controller (I use
ntpdate).
Second: Must have the samba server joined to the domain, so the commands:
net ads testjoin
wbinfo -u
wbinfo -g
must give succesfull result (with the winbind daemon running of course)
And finally, to use the Active Directory's users on samba server the
file /etc/nsswitch should have "winbind" directive on passwd and group
in order to recognize those users.
Detailed explanation of samba, kerberos and winbind can be found at:
http://wiki.samba.org/index.php/Samba_&_Active_Directory
And some minor changes at /etc/resolv.conf and /etc/hosts can be made in
order to avoid problems with dns.
Zorry i'm zleeppy :o
I hope this mail has given you some clue
night!
--
David
El 29/05/12 22:21, Carlos Eduardo escribió:
Hi People ,
I have this configuration in my samba´s server and when I use this command :
wbinfo -u
This message is showed : Error looking up domain users. I need find AD users to
use samba.
Thanks in advance,
Eugenio,
wbinfo --sequence
SV0-SP : 1
BUILTIN : 1
LIVROS : DISCONNECTED
REDE_SP : 4516361
smbclient -L localhost -U%
Domain=[REDE_SP] OS=[Unix] Server=[Samba 3.0.10-1.4E.9]
Sharename Type Comment
--------- ---- -------
rip_j Disk Pasta rip para setor Juridico
rip_a Disk Pasta Compartilhada do rip2
troca Disk Pasta Compartilhada de Troca
troca Disk Pasta Compartilhada de Troca2
atual Disk Pasta Compartilhada do setor
IPC$ IPC IPC Service (Samba 3.0.10-1.4E.9)
ADMIN$ IPC IPC Service (Samba 3.0.10-1.4E.9)
Domain=[REDE_SP] OS=[Unix] Server=[Samba 3.0.10-1.4E.9]
Server Comment
--------- -------
SV70-SP Samba 3.0.10-1.4E.9
Workgroup Master
--------- -------
REDE_SP SV4-SP
wbinfo -t
checking the trust secret via RPC calls failed
error code was (0x0)
Could not check secret
wbinfo -u
Error looking up domain users
wbinfo -g
BUILTIN+System Operators
BUILTIN+Replicators
BUILTIN+Guests
BUILTIN+Power Users
BUILTIN+Print Operators
BUILTIN+Administrators
BUILTIN+Account Operators
BUILTIN+Backup Operators
BUILTIN+Users
vi /etc/samba/smb.conf
netbios name = SV0-SP
comment = Servidor de Arquivos
workgroup = MATRIZNT1_SP
security = domain
;printing = cups
;printcap name = cups
;printcap cache time = 750
;cups options = raw
map to guest = Bad User
passdb backend = tdbsam
; ldap admin dn = cn=Administrator,dc=serverinterno,dc=com,dc=br
; ldap suffix = dc=serverinterno,dc=com,dc=br
domain logons = no
;log level = 2
log level = 3
log file = /var/log/samba/log.%m
; vfs object = full_audit
syslog only = no
local master = no
wins server = 127.27.0.17
wins support = no
name resolve order = lmhosts host wins bcast
dns proxy = yes
#socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=65535
SO_SNDBUF=65535
os level = 120
oplocks = yes
level2 oplocks = yes
add machine script =
preferred master = auto
load printers = no
encrypt passwords = yes
client use spnego = yes
realm = SERVERINTERNO.COM.BR
idmap uid = 10000-30000
idmap gid = 10000-30000
template shell = /sbin/nologin
winbind cache time = 600
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = no
template homedir = /home/%D/%U
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
hosts allow = 127.22.
max disk size = 0
password server = 127.27.0.190
create mask = 2777
directory mask = 2777
hide dot files = no
guest ok = yes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
