On Mon, 2004-11-29 at 17:36 -0800, John Stile wrote:
On Mon, 2004-11-29 at 16:48 -0800, Jeremy Allison wrote:
On Mon, Nov 29, 2004 at 01:26:36PM -0800, John Stile wrote:
I installed samba-3.0.9-1 on RedHat-AS3, configured it as a member
server, and joined the domain. wbinfo -u and -g work. When I brows to
the samba share from Windows XP client, I see the shares, and my home
directory is listed, but I am prompted for a password when I try to use
the share. No password works. The samba log for the client session
shows: 'smbd/sesssetup.c:reply_spnego_kerberose(173) Failed to verify
incoming ticket!'
Is this a common problem?
The system has RedHat rpm's:
krb5-libs-1.2.7-28
krb5-workstation-1.2.7-28
krb5-devel-1.2.7-28
You're going to need krb5 1.3 or later for the correct enctype.
Is there an rpm available for RedHat AS?
I got it working but only after some bad practices.
My verbose notes follow:
Downloaded source rpm for fedora :
wget
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/SRPMS/krb5-1.3.1-6.src.rpm
# NOTE: tried krb5-1.3.4-5.src.rpm but it failed.
-
Rebuild kerberose (first try):
rpmbuild --rebuild krb5-1.3.1-6.src.rpm
error: Failed build dependencies:
bison is needed by krb5-1.3.1-6
e2fsprogs-devel = 1.33 is needed by krb5-1.3.1-6
libtermcap-devel is needed by krb5-1.3.1-6
-
Install needed packages:
up2date -i bison e2fsprogs-devel libtermcap-devel
#Note: version of e2fsprogs too old. need to upgrade
-
Download newer version of e2fsprogs:
wget
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/SRPMS/e2fsprogs-1.34-1.src.rpm
rpmbuild --rebuild e2fsprogs-1.34-1.src.rpm
rpm -U /usr/src/redhat/RPMS/i386/e2fsprogs-1.34-1.i386.rpm
rpm -U /usr/src/redhat/RPMS/i386/e2fsprogs-devel-1.34-1.i386.rpm
-
Rebuild kerberose (second try)
rpmbuild --rebuild krb5-1.3.1-6.src.rpm
-
Install new kerberose
rpm -U /usr/src/redhat/RPMS/i386/krb5-*
error: Failed dependencies:
libcom_err.so.3 is needed by (installed) everything under the sun
-
Since I know we are upgrading existing requiremetns, I think it's ok to use
--nodeps
rpm -Uhiv --nodeps /usr/src/redhat/RPMS/i386/krb5-*
-
Rebuilding latest samba rpm from samba.org to ensure linking against kerberose
rpmbuild --rebuild samba-3.0.9-1.src.rpm
-
Install samba
rpm -i /usr/src/redhat/RPMS/i386/samba-3.0.9-1.i386.rpm
Installing stack version of /etc/pam.d/samba...
-
Create my /etc/samba/smb.conf
[global]
server string = Samba Server
workgroup = MYREALM
realm = MYREALM.MY.DOMAIN.COM
security = ADS
map to guest = Bad User
password server = *
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = no
local master = no
domain master = no
os level = 33
wins server = 128.32.68.75 128.32.67.118
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = Yes
shares snipped
-
Create the /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MYREALM.MY.DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
MYREALM.MY.DOMAIN.COM = {
kdc = hcs-ad-a.myrealm.my.domain.com:88
admin_server = hcs-ad-a.myrealm.my.domain.com:749
default_domain = myrealm.my.domain.com
}
[domain_realm]
.myrealm.domain.com = MYREALM.MY.DOMAIN.COM
myrealm.domain.com = MYREALM.MY.DOMAIN.COM
.myrealm.my.domain.com = MYREALM.MY.DOMAIN.COM
myrealm.my.domain.com = MYREALM.MY.DOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
-
Starting winbind fails:
/etc/init.d/winbind start
Starting Winbind services: winbindd: error while loading shared libraries:
libcom_err.so.3: cannot open shared object file: No such file or directory
[FAILED]
-
It looks like the new verison of kerberose doesn't supply libcom_err.so.3
whereis libcom_err.so.3
libcom_err.so: /lib/libcom_err.so.2 /usr/lib/libcom_err.so
ls -alF /lib/libcom_err.so.2*
lrwxrwxrwx1 root root17 Nov 30 02:53 /lib/libcom_err.so.2 -
libcom_err.so.2.1*
-rwxr-xr-x1 root root 18472 Nov 30 02:52 /lib/libcom_err.so.2.1*
ldconfig -p |grep