Estimado Marcel:
De todo lo que he estado leyendo en el hilo por mí generado, creo que eres
la persona que me podría llegar a dar una punta del ovillo que estoy
tratando de desenmarañar.
Sigo sin poder unirme al Directorio Activo del maldito Windows NT2003, pero
sí me he podido unir al dominio.
Paso a detallar las salidas de consola que tengo.
Espero que si tienen tiempo de analizarla, me des una ayuda para hacerle
entender a los administradores de la red qué es lo que tienen que hacer en
qué utilitario de NT2003 para que yo pueda sumarme al dominio, y no tener
los problemas de acceso a algunos recursos que actualmente tengo.
No puedo acceder a los recursos de máquinas con NT2000, NT2003 y XP; con las
Win98 y WinMe no hay problemas. Esto asumo es porque las primeras utilizan
ADS en forma intensiva, mientras que las segundas sólo pertenecen al
dominio.
Desde ya, muchas gracias.
------------------------------------------------------
Mi máquina es BBCAWS91 (Bahía Blanca Work Station 91)
Mi usuario es BBCAU5 (Bahía Blanca User 5).
Mi dominio Windows es NET.
Mi reino Active Directory es EGSML.NET (EGSML es la sigla de la empresa).
El kdc local es EGSMLSV7 (Server 7).
El admin_server (a 700 km de distancia) es EGSMLSV1 (Server 1).
------------------------------------------------------
Obtengo mi ticket kerberos en forma perfecta y sin inconvenientes:
BBCAWS91:~# kinit -A bbcau5
Password for [EMAIL PROTECTED]:
BBCAWS91:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
10/26/06 15:24:54 10/27/06 01:24:59 krbtgt/[EMAIL PROTECTED]
renew until 10/27/06 15:24:54
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
------------------------------------------------------
Pruebo mi pertenencia al dominio NT:
BBCAWS91:~# net rpc testjoin
Join to 'NET' is OK
------------------------------------------------------
Intento infructuosamente unirme al reino NT2003:
BBCAWS91:~# net ads join --debuglevel=10 -U bbcau5
[2006/10/26 15:26:32, 5] lib/debug.c:debug_dump_status(368)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
[2006/10/26 15:26:32, 3] param/loadparm.c:lp_load(4207)
lp_load: refreshing parameters
[2006/10/26 15:26:32, 3] param/loadparm.c:init_globals(1393)
Initialising global parameters
[2006/10/26 15:26:32, 3] param/params.c:pm_process(574)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2006/10/26 15:26:32, 3] param/loadparm.c:do_section(3662)
Processing section "[global]"
doing parameter workgroup = NET
doing parameter realm = EGSML.NET
doing parameter server string = %h Debian Linux (etch) (Samba %v)
doing parameter security = ADS
doing parameter update encrypted = Yes
doing parameter obey pam restrictions = Yes
doing parameter password server = 10.115.1.201 10.1.0.231
doing parameter passdb backend = tdbsam
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter use kerberos keytab = Yes
doing parameter syslog = 0
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter announce as = NT Workstation
doing parameter server signing = auto
doing parameter domain logons = Yes
doing parameter os level = 0
doing parameter preferred master = No
doing parameter local master = No
doing parameter domain master = No
doing parameter dns proxy = No
doing parameter wins server = 10.1.0.203, 10.1.12.201
doing parameter ldap ssl = no
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter winbind separator = +
doing parameter invalid users = root
[2006/10/26 15:26:32, 4] param/loadparm.c:lp_load(4238)
pm_process() returned Yes
[2006/10/26 15:26:32, 7] param/loadparm.c:lp_servicenumber(4351)
lp_servicenumber: couldn't find homes
[2006/10/26 15:26:32, 10] param/loadparm.c:set_server_role(4171)
set_server_role: role = ROLE_DOMAIN_PDC
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UCS-2LE
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UCS-2LE
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF-16LE
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF-16LE
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UCS-2BE
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UCS-2BE
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF-16BE
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF-16BE
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF8
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF8
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UTF-8
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UTF-8
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset ASCII
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(111)
Registered charset ASCII
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset 646
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(111)
Registered charset 646
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset ISO-8859-1
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(111)
Registered charset ISO-8859-1
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(103)
Attempting to register new charset UCS2-HEX
[2006/10/26 15:26:32, 5] lib/iconv.c:smb_register_charset(111)
Registered charset UCS2-HEX
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/charcnv.c:charset_name(81)
Substituting charset 'ISO-8859-1' for LOCALE
[2006/10/26 15:26:32, 5] lib/util.c:init_names(260)
Netbios name list:-
my_netbios_names[0]="BBCAWS91"
[2006/10/26 15:26:32, 2] lib/interface.c:add_interface(81)
added interface ip=10.111.1.111 bcast=10.111.1.255 nmask=255.255.255.0
bbcau5's password:
[2006/10/26 15:27:30, 6] libads/ldap.c:ads_find_dc(217)
ads_find_dc: looking for realm 'EGSML.NET'
[2006/10/26 15:27:30, 8] libsmb/namequery.c:get_sorted_dc_list(1433)
get_sorted_dc_list: attempting lookup using [ads]
[2006/10/26 15:27:30, 10] libsmb/namequery.c:remove_duplicate_addrs2(320)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2006/10/26 15:27:30, 4] libsmb/namequery.c:get_dc_list(1406)
get_dc_list: returning 2 ip addresses in an ordered list
[2006/10/26 15:27:30, 4] libsmb/namequery.c:get_dc_list(1407)
get_dc_list: 10.115.1.201:389 10.1.0.231:389
[2006/10/26 15:27:30, 5] libads/ldap.c:ads_try_connect(126)
ads_try_connect: trying ldap server '10.115.1.201' port 389
[2006/10/26 15:27:30, 3] libads/ldap.c:ads_connect(288)
Connected to LDAP server 10.115.1.201
[2006/10/26 15:27:30, 3] libads/ldap.c:ads_server_info(2542)
got ldap server name [EMAIL PROTECTED], using bind path: dc=EGSML,dc=NET
[2006/10/26 15:27:30, 4] libads/ldap.c:ads_server_info(2548)
time offset is 0 seconds
[2006/10/26 15:27:30, 4] libads/sasl.c:ads_sasl_bind(455)
Found SASL mechanism GSS-SPNEGO
[2006/10/26 15:27:30, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2006/10/26 15:27:30, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2006/10/26 15:27:30, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2006/10/26 15:27:30, 3] libads/sasl.c:ads_sasl_spnego_bind(210)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2006/10/26 15:27:30, 3] libads/sasl.c:ads_sasl_spnego_bind(219)
ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED]
[2006/10/26 15:27:30, 3] libsmb/clikrb5.c:ads_krb5_mk_req(479)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2006/10/26 15:27:30, 0] libads/kerberos.c:ads_kinit_password(164)
kerberos_kinit_password [EMAIL PROTECTED] failed: Client not found in Kerberos
database
[2006/10/26 15:27:30, 0] utils/net_ads.c:ads_startup(191)
ads_connect: Client not found in Kerberos database
[2006/10/26 15:27:30, 2] utils/net.c:main(878)
return code = -1
------------------------------------------------------
Detallo mi configuración Kerberos 5:
BBCAWS91:~# less /etc/krb5.conf
[libdefaults]
default_realm = EGSML.NET
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1
des-cbc-crc des-cbc-md5
[realms]
EGSML.NET = {
kdc = 10.115.1.201
admin_server = 10.1.0.231
default_domain = EGSML.NET
}
[domain_realm]
.egsml.net = EGSML.NET
egsml.net = EGSML.NET
[login]
krb4_convert = true
krb4_get_tickets = false
------------------------------------------------------
Detallo mi configuración samba:
BBCAWS91:~# less /etc/samba/smb.conf
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2006/10/20 10:51:42
[global]
workgroup = NET
realm = EGSML.NET
server string = %h Debian Linux (etch) (Samba %v)
security = ADS
update encrypted = Yes
obey pam restrictions = Yes
password server = 10.115.1.201 10.1.0.231
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
use kerberos keytab = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
announce as = NT Workstation
server signing = auto
domain logons = Yes
os level = 0
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = 10.1.0.203, 10.1.12.201
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
winbind separator = +
invalid users = root
[homes]
comment = Home Directories
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /tmp
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]