hello i have been struggling for to long trying to setup the following configuration:
debian samba 3 member server of a win 2000 AD here is my configuration: ## smb.conf ## [global] log level = 4 interfaces = 192.168.10.11/255.255.255.0 workgroup = datom realm = datom.dyndns.org server string = samba membre security = ads netbios name = cafeine log file = /var/log/samba/samba.log max log size = 50 idmap uid = 10000-20000 idmap gid = 10000-20000 password server = nicotine.datom.dyndns.org socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no domain logons = no dns proxy = no obey pam restrictions = Yes winbind separator = / inherit acls = yes inherit permissions = yes admin users = DATOM.DYNDNS.ORG/administrateur winbind enum users = yes winbind enum groups = yes [share] comment = partage path = /home/samba browseable = yes ## krb5.conf ## [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] #ticket_lifetime = 24000 default_realm = DATOM.DYNDNS.ORG dns_lookup_realm = false dns_lookup_kdc = false [realms] DATOM.DYNDNS.ORG = { kdc = NICOTINE.DATOM.DYNDNS.ORG:88 admin_server = DATOM.DYNDNS.ORG:749 default_domain = DATOM.DYNDNS.ORG } [domain_realm] .datom.dyndns.org = DATOM.DYNDNS.ORG datom.dyndns.org = DATOM.DYNDNS.ORG [kdc] profile = /var/kerberos/krb5kdc/kdc.conf ## nsswitch.conf ## passwd: files winbind #ldap group: files winbind #ldap shadow: files #ldap tests effectués: # kinit administrateur + mdp -> ok # net ads join [2004/10/15 16:30:32, 0] libads/ldap.c:ads_add_machine_acct(1283) ads_add_machine_acct: Host account for cafeine already exists - modifying old account Using short domain name -- DATOM Joined 'CAFEINE' to realm 'DATOM.DYNDNS.ORG' # klist -5 Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 10/15/04 13:50:20 10/15/04 23:50:20 krbtgt/[EMAIL PROTECTED] 10/15/04 13:50:54 10/15/04 23:50:20 [EMAIL PROTECTED] 10/15/04 13:50:55 10/15/04 23:50:20 kadmin/[EMAIL PROTECTED] # wbinfo -D datom Name : DATOM Alt_Name : datom.dyndns.org SID : S-1-5-21-1214440339-616249376-839522115 Active Directory : Yes Native : No Primary : Yes Sequence : -1 # wbinfo -g BUILTIN/System Operators BUILTIN/Replicators BUILTIN/Guests BUILTIN/Power Users BUILTIN/Print Operators BUILTIN/Administrators BUILTIN/Account Operators BUILTIN/Backup Operators BUILTIN/Users BUT # wbinfo -u Error looking up domain users i suspect a kerberos configuration issue because reverting to a security = domain model, and everything works perfectly can anybody shed a light on this ??? thanx in advance -- thomas constans <[EMAIL PROTECTED]> openDoor.fr -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba