Hi I am trying to setup samba (rhel6/centos 6.2) and I am having some issues.
So what I have is Server A (centos 6.2) It exists in my DMZ so very limited access to thing. Juts mainly DNS and some ports for RODC Sever B (W2k8r2) RODC, exists in my insecure vlan, stepping stone into the DMZ (dmz-inside) My Windows box work fine talking to the RODC When I try wbinfo -u it fails. I have opened up the kerbos and the ldap ports for a -> b. I drop the old still netbios, but I do allow port 445 tcp The wbinfo -u waits a long time then fails Note xyz.com is not the real domain :) My smb.conf [global] #--authconfig--start-line-- # Generated by authconfig on 2012/11/28 10:16:49 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) # Any modification may be deleted or altered by authconfig in future workgroup = XYZ password server = int3.xyz.com realm = XYZ.COM security = ads idmap uid = 5000-10000 idmap gid = 5000-10000 template homedir = /home/%D/%U template shell = /bin/bash winbind use default domain = true winbind offline logon = false #--authconfig--end-line-- winbind enum users = 1 winbind enum groups = 1 winbind nested groups = Yes preferred master = no encrypt passwords = yes log level = 3 server string = Samba Server Version %v # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 passdb backend = tdbsam # the login script name depends on the machine name # the login script name depends on the unix user used # disables profiles support by specifing an empty path load printers = yes cups options = raw #obtain list of printers automatically on SystemV [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes my /etc/krb.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = XYZ.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = yes [realms] XYZ.COM = { admin_server = int3.xyz.com default_domain = xyz.com kdc = int3.xyz.com } [domain_realm] .kerberos.server = XYZ.COM .zyx.com = XYZ.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } I have done tcpdumps and it seems like when it gets stuck on is on Kerberos (UDP) .. I see quit a few UDP A to B and no replies from B Thanks Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba