I am using Suse 9.2 and heimdal 0.6.2 ---------- Original Message ---------------------------------- From: "Thomas M. Skeren III" <[EMAIL PROTECTED]> Date: Mon, 20 Dec 2004 17:43:07 -0800
Brian Kesting wrote: >My setup looks about identical to the setup you have listed in the link you >provided. > >Since this line: >libsmb/clikrb5.c:ads_krb5_mk_req(313) > krb5_cc_get_principal failed (No such file or directory) > >keeps appearing in my winbind log file, I am thinking it is a kerberos problem >too. Do you see anything wrong with my /etc/krb5.conf file? > >[libdefaults] > default_realm = WAYNE.LOCAL > clockskew = 300 > > Try adding : dns_lookup_realm = false dns_lookup_kdc = false Also which OS are you using? What Kerberos? The default etypes lines are necessary for Heimdal, but I don't think they are necessary for MIT. >[realms] >WAYNE.LOCAL = { > kdc = police.wayne.local > default_domain = WAYNE.LOCAL > kpasswd_server = police.wayne.local >} > > Try: kdc = KERBEROS.WAYNE.LOCAL admin_server = police.wayne.local default_domain = wayne.local >[domain_realm] > .WAYNE.LOCAL = WAYNE.LOCAL > > Probably not enough info here. Try: (Remember caps must be in caps). .wayne.local = WAYNE.LOCAL wayne.local = WAYNE.LOCAL .WAYNE.LOCAL = WAYNE.LOCAL kerberos.server = KERBEROS.WAYNE.LOCAL >[appdefaults] >pam = { > ticket_lifetime = 365d > renew_lifetime = 365d > forwardable = true > proxiable = false > retain_after_close = true > minimum_uid = 0 > > Pam stuff is more OS dependent, so I have no suggestions here. MAKE SURE THAT YOU SAMBA SERVER IS USING THE W2K ADS SERVER AS DNS----THIS IS ABSOLUTELY CRITICAL. > >---------- Original Message ---------------------------------- >From: "Thomas M. Skeren III" <[EMAIL PROTECTED]> >Date: Mon, 20 Dec 2004 17:16:38 -0800 > >Brian Kesting wrote: > > > >>Someone told me once to try to remove the Samba server from the domain, >>rename it, and rejoin the domain......would that solve any problems in your >>opinion? >> >> >> >> >That is an odd solution, unless AD is mangled with respect to the samba >server name. Methinks you have a kerberos problem. My servers are >FreeBSD, but I do have a bare bones guide for setting up samba as an AD >member server in FreeBSD. If you use Linux it can only be a reference, >but it's an easy read. > ><http://www.fsklaw.com/fbsdconfig.html> > > > >>---------- Original Message ---------------------------------- >>From: "Brian Kesting" <[EMAIL PROTECTED]> >>Reply-To: [EMAIL PROTECTED] >>Date: Mon, 20 Dec 2004 18:05:47 -0600 >> >>I read something about nscd causing problems before I even installed the >>system, so I never even installed that service. >> >>Here is an updated /var/log/samba/log.winbindd file.....btw, thanks for the >>quick help and tips so far, I appreciate it. >> >>[2004/12/20 17:33:27, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) >> krb5_cc_get_principal failed (No such file or directory) >>[2004/12/20 17:38:44, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >> Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>[2004/12/20 17:43:44, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >> Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>[2004/12/20 17:45:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059) >> user 'root' does not exist >>[2004/12/20 17:49:01, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >> Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>[2004/12/20 17:52:26, 1] libads/ldap_utils.c:ads_do_search_retry(77) >> ads_search_retry: failed to reconnect (Invalid credentials) >> >> >>---------- Original Message ---------------------------------- >>From: Brett Stevens <[EMAIL PROTECTED]> >>Date: Tue, 21 Dec 2004 10:33:30 +1100 >> >>One thing I moticed when having simmilar problems is that for some reason >>nscd seems to be a problem stop this service and restart all samba services >>including smbd nmbd and winbind >> >>Let us know how it goes. >> >>Brett Stevens >> >>-----Original Message----- >>From: Brian Kesting [mailto:[EMAIL PROTECTED] >>Sent: Tuesday, December 21, 2004 10:29 AM >>To: [EMAIL PROTECTED] >>Subject: [Samba] winbind problems >> >> >>Hello, >> >>I am running a Samba server (3.0.7) on a Suse 9.2 box. I have connected >>this server successfully to a Windows 2000 Active Directory (mixed mode). I >>have nsswitch.conf, krb5.conf configured and winbind seems to be running >>properly for the most part. With wbinfo I can get all of my user and group >>information. Problem is, it seems that at random times, the samba server >>just stops authenticating the windows user names and accounts. If I restart >>the winbind or smb service, then all seems to be well again for a while. >>Right now the only way I can keep this running is to run a cron job that >>restartes the samba and winbind services every hour. This is really bugging >>me as I cannot figure out what is going on. Can anyone help me? I have >>included some of my configuration and log files below. Thanks in advance. >> >>---------/etc/samba/smb.conf---------- >># Samba Configuration File >> >>[global] >> workgroup = WAYNE >> realm = WAYNE.LOCAL >> server string = Samba Server >> security = ADS >> password server = adserver.wayne.local >> encrypt passwords = yes >> idmap uid = 10000-20000 >> idmap gid = 10000-20000 >> template shell = /bin/bash >> winbind use default domain = no >> winbind separator = / >> >>[users] >> comment = Users on Linux >> path = /home/WAYNE >> read only = No >> browseable = Yes >> >>---------/etc/nsswitch.conf------- >>passwd: files winbind >>group: files winbind >>hosts: files dns wins winbind >>networks: files dns >> >>---------/etc/krb5.conf----------- >>[libdefaults] >> default_realm = WAYNE.LOCAL >> clockskew = 300 >> >>[realms] >>WAYNE.LOCAL = { >> kdc = police.wayne.local >> default_domain = WAYNE.LOCAL >> kpasswd_server = adserver.wayne.local >>} >>[domain_realm] >> .WAYNE.LOCAL = WAYNE.LOCAL >>[appdefaults] >>pam = { >> ticket_lifetime = 365d >> renew_lifetime = 365d >> forwardable = true >> proxiable = false >> retain_after_close = true >> minimum_uid = 0 >>} >> >>----------/var/log/samba/log.smbd-------- >>[2004/12/20 15:25:33, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >> Username WAYNE/LIEUTENANT1$ is invalid on this system [2004/12/20 >>15:25:44, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >> Username WAYNE/LIEUTENANT1$ is invalid on this system [2004/12/20 >>15:25:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >> Username WAYNE/LIEUTENANT1$ is invalid on this system [2004/12/20 >>15:25:56, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >> Username WAYNE/LIEUTENANT1$ is invalid on this system >>. >>. >>. >>[2004/12/20 16:04:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >> Username WAYNE/DISPATCH_GW1$ is invalid on this system [2004/12/20 >>16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >> Username WAYNE/DISPATCH_GW1$ is invalid on this system [2004/12/20 >>16:05:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) >> Username WAYNE/DISPATCH_GW1$ is invalid on this system >> >>----------/var/log/samba/log.winbindd------------------- >>[2004/12/20 16:51:07, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >> Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>[2004/12/20 16:54:52, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) >> krb5_cc_get_principal failed (No such file or directory) [2004/12/20 >>16:56:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >> Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>[2004/12/20 16:59:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059) >> user 'root' does not exist >>[2004/12/20 17:00:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059) >> user 'root' does not exist >>[2004/12/20 17:01:18, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >> Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>[2004/12/20 17:06:24, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >> Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>[2004/12/20 17:11:40, 1] libsmb/ntlmssp.c:ntlmssp_update(245) >> Failed to parse NTLMSSP packet, could not extract NTLMSSP command >>[2004/12/20 17:15:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1059) >> >>???? >> >> >> >> > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba