Hi Louis, list,
In packetfence logs we see:
Jun 04 16:46:04 pfcmd.pl(10108) WARN: winbindd-OUR-WKGR.conf timed out
trying to start (pf::services::manager::postStartCleanu
Unable to setup corepath for winbindd: No such file or directory
As requested, the files:
root@pf:~# cat /etc/resolv.conf
domain company.com
nameserver x.y.z.14
nameserver x.y.z.15
nameserver x.y.z.16
nameserver x.y.z.1
(nb: first three are DC's)
root@pf:~# cat /etc/samba/smb.conf
[global]
workgroup = OUR-WKGR
server string = Samba Server Version %v
security = ads
realm = SAMBA.COMPANY.COM
domain master = no
local master = no
preferred master = no
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind refresh tickets = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
log file = /var/log/samba/log.%m
max log size = 50
root@pf:~# cat /etc/krb5.conf
[libdefaults]
default_realm = SAMBA.COMPANY.COM
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
SAMBA.COMPANY.COM = {
kdc = dc2.samba.company.com
admin_server = dc2.samba.company.com
default_domain = SAMBA.COMPANY.COM
}
[domain_realm]
SAMBA.COMPANY.COM = SAMBA.COMPANY.COM
.SAMBA.COMPANY.COM = SAMBA.COMPANY.COM
[login]
krb4_convert = true
krb4_get_tickets = false
On 6/4/2015 15:46, Louis Munro wrote:
>
> On Jun 4, 2015, at 5:57 , heupink <[email protected]> wrote:
>
>> Hi all,
>>
>> Apologies for yet another post, but ever since the upgrade to 5.10 I
>> cannot get our AD integration with radius/winbindd to work.
>>
>> The gui shows "test join success", however cli does not confirm that:
>>
>> root@pf:/chroots# net ads testjoin
>> kerberos_kinit_password [email protected] failed: Preauthentication
>> failed
>> kerberos_kinit_password [email protected] failed: Preauthentication
>> failed
>> Join to domain is not valid: Logon failure
>>
>> root@pf:/# /usr/local/pf/bin/pfcmd service winbindd start
>> service|command
>> memcached|already started
>> httpd.admin|already started
>> Checking configuration sanity...
>> Unable to setup corepath for winbindd: No such file or directory
>> winbindd-DOMAIN.conf|not started
>>
>> Searching my fs for winbindd-DOMAIN.conf reveals nothing, so i guess
>> that is no filename.
>>
>> I am using samba 4.1.17 from wheezy backports, could that be our issue?
>> (samba3 vs samba4 libs..?)
>
> Please show us your /etc/samba/smb.conf, /etc/resolv.conf and /etc/krb5.conf.
>
> I have a setup that has been running sernet-samba-winbind-4.0.22-7.el6.x86_64
> without any problems, so I somehow doubt that 4.1.17 broke everything.
>
> Regards,
> --
> Louis Munro
> [email protected] :: www.inverse.ca
> +1.514.447.4918 x125 :: +1 (866) 353-6153 x125
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
