So the kticket needs to be valid for any samba/winbind services to work properly? It appears that when I issued the kinit command, my ticket will expire in about 10 hours with a ticket renewable lifetime of 1 week......how do I change that?
I am still getting the odd messages in my winbind log file though....I am really perplexed. ---------- Original Message ---------------------------------- From: "Thomas M. Skeren III" <[EMAIL PROTECTED]> Date: Mon, 20 Dec 2004 17:19:22 -0800 Brian Kesting wrote: >I have changed the separator to '+' > >Also, my kerberos ticket was expired.....i re-issued a kinit [EMAIL PROTECTED] >command to renew it. > >Could that be the source of my problems? > > Yes. >---------- Original Message ---------------------------------- >From: "Thomas M. Skeren III" <[EMAIL PROTECTED]> >Date: Mon, 20 Dec 2004 17:09:33 -0800 > >Brian Kesting wrote: > > > >>I have tried using a + separator with no success. >> >> >> >> >I use _ which works well. I'm just guessing here, but *nix's use / as a >very significant charactrer. > > > >>---------- Original Message ---------------------------------- >>From: Tom Skeren <[EMAIL PROTECTED]> >>Date: Mon, 20 Dec 2004 15:25:54 -0800 >> >>Brian Kesting wrote: >> >> >> >> >> >>>Hello, >>> >>>I am running a Samba server (3.0.7) on >>> >>> > >a Suse 9.2 box. I have connected this server successfully to a Windows 2000 >Active Directory (mixed mode). I have nsswitch.conf, krb5.conf configured and >winbind seems to be running properly for the most part. With wbinfo I can get >all of my user and group information. Problem is, it seems that at random >times, the samba server just stops authenticating the windows user names and >accounts. If I restart the winbind or smb service, then all seems to be well >again for a while. Right now the only way I can keep this running is to run a >cron job that restartes the samba and winbind services every hour. This is >really bugging me as I cannot figure out what is going on. Can anyone help >me? I have included some of my configuration and log files below. Thanks in >advance. > > >>>---------/etc/samba/smb.conf---------- >>># Samba Configuration File >>> >>>[global] >>> workgroup = WAYNE >>> realm = WAYNE.LOCAL >>> server string = Samba Server >>> security = ADS >>> password server = adserver.wayne.local >>> encrypt passwords = yes >>> idmap uid = 10000-20000 >>> idmap gid = 10000-20000 >>> template shell = /bin/bash >>> winbind use default domain = no >>> winbind separator = / >>> >>> >>> >>> >>> >>> >>The separator might be a problem. >> >> >> >> >> >>>[users] >>> comment = Users on Linux >>> path = /home/WAYNE >>> read only = No >>> browseable = Yes >>> >>>---------/etc/nsswitch.conf------- >>>passwd: files winbind >>>group: files winbind >>>hosts: files dns wins winbind >>>networks: files dns >>> >>>---------/etc/krb5.conf----------- >>>[libdefaults] >>> default_realm = WAYNE.LOCAL >>> clockskew = 300 >>> >>>[realms] >>>WAYNE.LOCAL = { >>> kdc = police.wayne.local >>> default_domain = WAYNE.LOCAL> >>> kpasswd_server = adserver.wayne.local >>>} >>>[domain_realm] >>> .WAYNE.LOCAL = WAYNE.LOCAL >>>[appdefaults] >>>pam = { >>> ticket_lifetime = 365d >>> renew_lifetime = 365d >>> forwardable = true >>> proxiable = false >>> retain_after_close = true >>> minimum_uid = 0 >>>} >>> >>>----------/var/log/samba/log.smbd-------- >>>[2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >>>Username WAYNE/LIEUTENANT1$ is invalid on this system >>>[2004/12/20 15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >>>Username WAYNE/LIEUTENANT1$ is invalid on this system >>>[2004/12/20 15:25:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >>>Username WAYNE/LIEUTENANT1$ is invalid on this system >>>[2004/12/20 15:25:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >>>Username WAYNE/LIEUTENANT1$ is invalid on this system >>>. >>>. >>>. >>>[2004/12/20 16:04:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >>>Username WAYNE/DISPATCH_GW1$ is invalid on this system >>>[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >>>Username WAYNE/DISPATCH_GW1$ is invalid on this system >>>[2004/12/20 16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >>>Username WAYNE/DISPATCH_GW1$ is invalid on this system >>> >>>----------/var/log/samba/log.winbindd------------------- >>>[2004/12/20 16:51:07, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>>[2004/12/20 16:54:52, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) >>>krb5_cc_get_principal failed (No such file or directory) >>>[2004/12/20 16:56:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>>[2004/12/20 16:59:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059) >>>user 'root' does not exist >>>[2004/12/20 17:00:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059) >>>user 'root' does not exist >>>[2004/12/20 17:01:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>>[2004/12/20 17:06:24, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>>[2004/12/20 17:11:40, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >>>Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>>[2004/12/20 17:15:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059) >>> >>>???? >>> >>> >>> >>> >>> >>> >> >> >> >> >> > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba