Hello, *This msg was already sent yesterday on this ml, but some i found some faults in the mail.*
**If anyone can help me... the only thing i'm thinking now is to throw away the servers** I installed Samba 3.0.4 + kerberos 5 + winbind to make the debian woody server joining the Active directory service. Everything seems to be ok, except the authentification. If i try to go to the share of the linux server from a windows box, it asks me the password. And of course, no way to log in. Here is the config: *nsswitch.conf* passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis *samba* [global] workgroup = TEST realm = CAR.BE.TEST.COM.LOCAL server string = %h server (Samba %v) ; wins support = no ; wins server = w.x.y.z dns proxy = no ; name resolve order = lmhosts host wins bcast use spnego = yes log file = /var/log/samba/log.%m max log size = 1000 ; syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 10000 to 20000 for domain users idmap uid = 10000-20000 # use gids from 10000 to 20000 for domain groups idmap gid = 10000-20000 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes security = ADS encrypt passwords = yes passdb backend = tdbsam guest obey pam restrictions = yes password server = car-pdc netbios name = rantanplan ; guest account = nobody invalid users = root ; unix password sync = no ; passwd program = /usr/bin/passwd %u# passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ; pam password change = no ; load printers = yes ; preserve case = yes ; short preserve case = yes ; include = /home/samba/etc/smb.conf.%m # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & ; domain master = auto idmap uid = 10000-20000 idmap gid = 10000-20000 ; template shell = /bin/bash [admin] comment = Administration Directory path = /home/benoit admin users = TEST+bmo browseable = yes public = no writable = yes guest only = no valid users = TEST+bmo *kerberos* [libdefaults] default_realm = CAR.BE.TEST.COM [realms] CAR.BE.TEST.COM = { kdc = car-pdc.car.be.test.com default_domain = car.be.test.com } #[domain_realms] #.kerberos.server=CAR.BE.TEST.COM # The following krb5.conf variables are only for MIT Kerberos. default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } [login] krb4_convert = true krb4_get_tickets = true *winbind* (logs) 2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain CAR CAR.BE.TEST.COM.LOCAL S-0-0 [2004/06/07 13:38:57, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain BUILTIN S-1-5-32 [2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain RANTANPLAN S-1-5-21-837388855-3362161430-1770541169 I found also some trace in the log.smbd smbd version 3.0.4 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/06/09 10:29:16, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/09 10:34:28, 0] smbd/server.c:main(757) All commands like kinit, net ads join, wbinfo -u (-g), getent etc works. >From the linux server, no problem to go to the shares of the domain controller (wich is a windows 2003 server). Do i have to make the keytab for kerberos by myself for each ssamba server, or does it create itself whith the "net ads join" cmd? Any help would be welcome. Regards, Benoit -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba