Hi, I had the exact same problem yesterday - which I managed to somehow correct.
What I think happened was that after I had re-compiled kerberos support into samba, I forgot to copy the new libnns_winbind.so to the /lib directory. Once I had copied the new library, I did a "killall -9 winbindd" and a "service smb stop" and then restarted it all again. It just seemed to work after that. But I am just taking a huge guess about that being the cause - I could have been something else that I changed by mistake. I also found it necessary to build and install krb5-1.3.5 from MIT in order to get everything to work correctly together. The older version of kerberos that came with my distribution just wasn't happy talking to my windows server. (Although I am using windows server 2003) Thanks, Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of thomas constans Sent: 15 October 2004 04:46 PM To: [EMAIL PROTECTED] Subject: [Samba] member server and kerberos hello i have been struggling for to long trying to setup the following configuration: debian samba 3 member server of a win 2000 AD here is my configuration: ## smb.conf ## [global] log level = 4 interfaces = 192.168.10.11/255.255.255.0 workgroup = datom realm = datom.dyndns.org server string = samba membre security = ads netbios name = cafeine log file = /var/log/samba/samba.log max log size = 50 idmap uid = 10000-20000 idmap gid = 10000-20000 password server = nicotine.datom.dyndns.org socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no domain logons = no dns proxy = no obey pam restrictions = Yes winbind separator = / inherit acls = yes inherit permissions = yes admin users = DATOM.DYNDNS.ORG/administrateur winbind enum users = yes winbind enum groups = yes [share] comment = partage path = /home/samba browseable = yes ## krb5.conf ## [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] #ticket_lifetime = 24000 default_realm = DATOM.DYNDNS.ORG dns_lookup_realm = false dns_lookup_kdc = false [realms] DATOM.DYNDNS.ORG = { kdc = NICOTINE.DATOM.DYNDNS.ORG:88 admin_server = DATOM.DYNDNS.ORG:749 default_domain = DATOM.DYNDNS.ORG } [domain_realm] .datom.dyndns.org = DATOM.DYNDNS.ORG datom.dyndns.org = DATOM.DYNDNS.ORG [kdc] profile = /var/kerberos/krb5kdc/kdc.conf ## nsswitch.conf ## passwd: files winbind #ldap group: files winbind #ldap shadow: files #ldap tests effectués: # kinit administrateur + mdp -> ok # net ads join [2004/10/15 16:30:32, 0] libads/ldap.c:ads_add_machine_acct(1283) ads_add_machine_acct: Host account for cafeine already exists - modifying old account Using short domain name -- DATOM Joined 'CAFEINE' to realm 'DATOM.DYNDNS.ORG' # klist -5 Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 10/15/04 13:50:20 10/15/04 23:50:20 krbtgt/[EMAIL PROTECTED] 10/15/04 13:50:54 10/15/04 23:50:20 [EMAIL PROTECTED] 10/15/04 13:50:55 10/15/04 23:50:20 kadmin/[EMAIL PROTECTED] # wbinfo -D datom Name : DATOM Alt_Name : datom.dyndns.org SID : S-1-5-21-1214440339-616249376-839522115 Active Directory : Yes Native : No Primary : Yes Sequence : -1 # wbinfo -g BUILTIN/System Operators BUILTIN/Replicators BUILTIN/Guests BUILTIN/Power Users BUILTIN/Print Operators BUILTIN/Administrators BUILTIN/Account Operators BUILTIN/Backup Operators BUILTIN/Users BUT # wbinfo -u Error looking up domain users i suspect a kerberos configuration issue because reverting to a security = domain model, and everything works perfectly can anybody shed a light on this ??? thanx in advance -- thomas constans <[EMAIL PROTECTED]> openDoor.fr -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba