Re: [Samba] Problems with samba 3.4.2 and w2k8r2 AD

2009-11-26 Thread Diego Zuccato

Christoph Kaminski wrote:


realm = chaos.local

Shouldn't this be UPPER case?


--
Diego Zuccato
Servizi Informatici
Dip. di Astronomia - Università di Bologna
Via Ranzani, 1 - 40126 Bologna - Italy
tel.: +39 051 20 95786
mail: diego.zucc...@unibo.it
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Samba] Problems with samba 3.4.2 and w2k8r2 AD

2009-11-26 Thread Christoph Kaminski

Hi!

I can Join, wbinfo -u etc works but getent passwd doesnt...
I think the problem is: get this error:
'get_dc_list: preferred server list: ", *"'
but why does it not know my domain? (already joined)

Can someone help?

Greetz

Conf:

#GLOBAL PARAMETERS
[global]
   workgroup = CHAOS
   realm = chaos.local
   password server = beelzebub.chaos.local
   preferred master = no
   server string = %h (Samba %v)
   security = ADS
   encrypt passwords = yes
   log level = 3
   log file = /var/log/samba/log.%m
   max log size = 50
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind nested groups = Yes
   winbind separator = +
   passdb backend = tdbsam
   idmap backend = ad
   idmap uid = 1-2
   idmap gid = 1-2
   template shell = /bin/bash
   winbind nss info = rfc2307

krb:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = CHAOS.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
CHAOS.LOCAL = {
   kdc = beelzebub.chaos.local
   admin_server = beelzebub.chaos.local
   default_domain = chaos.local
}

[domain_realm]
.belzebub.chaos.local = CHAOS.LOCAL
.chaos.local = CHAOS.LOCAL

#[kdc]
#profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
}

Log: (after getent passwd)

[ 6293]: request interface version
[ 6293]: request location of privileged pipe
final write to client failed: Broken pipe
[ 6293]: setpwent
[ 6293]: getpwent
ads: query_user_list
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
Connected to LDAP server beelzebub.chaos.local
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name = 
not_defined_in_rfc4...@please_ignore
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] 
expiration Fri, 27 Nov 2009 06:24:16 CET
ads_krb5_mk_req: server marked as OK to delegate to, building 
forwardable TGT

get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
get_dc_list: preferred server list: "beelzebub, beelzebub.chaos.local"
Successfully contacted LDAP server 192.168.50.80
Connected to LDAP server beelzebub.chaos.local
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name = 
not_defined_in_rfc4...@please_ignore

ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] 
expiration Fri, 27 Nov 2009 06:28:22 CET
ads_krb5_mk_req: server marked as OK to delegate to, building 
forwardable TGT

ads query_user_list gave 4 entries
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
get_dc_list: preferred server list: ", *"
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
ad_idmap_init: failed to connect to AD
ADS uninitialized: No logon servers
default domain not writable
error getting user id for sid S-1-5-21-839142612-1421143767-3823028795-500
could not lookup domain user Administrator
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
get_dc_list: preferred server list: ", *"
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
ad_idmap_init: failed to connect to AD
ADS uninitialized: No logon servers
default domain not writable
error getting user id for sid S-1-5-21-839142612-1421143767-3823028795-501
could not lookup domain user Gast
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain *
get_dc_list: preferred server list: ", *"
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.* (Success)
ads_