Hi Mourik,
You can't use 'net ads testjoin' directly as you used before.
You need to call these in the isolated domain chroots
/usr/bin/sudo /sbin/ip netns exec OUR-WKGR /usr/bin/net ads testjoin -s
/etc/samba/OUR-WKGR.conf
Then to test the authentication :
/usr/bin/sudo /usr/sbin/chroot /chroots/OUR-WKGR /usr/bin/ntlm_auth
--username=YOUR_USERNAME
And you can check winbindd the log in :
/chroots/OUR-WKGR/var/log/sambamydomain/log.winbindd
On 06/05/2015 03:27 AM, mourik jan heupink wrote:
Hi,
No reaction on the files I showed below, so I'm guessing that means
those look rather ok..?
In short, this is the situation:
gui shows: "test join success"
cli shows: "net ads testjoin" Join to domain is NOT valid
-
root@pf:/# /usr/local/pf/bin/pfcmd service winbindd start
service|command
memcached|already started
httpd.admin|already started
Checking configuration sanity...
Unable to setup corepath for winbindd: No such file or directory
-
Jun 04 16:46:04 pfcmd.pl(10108) WARN: winbindd-OUR-WKGR.conf timed out
trying to start (pf::services::manager::postStartCleanu
-
* Where can I check what 'corepath' pfcmd is talking about?
* Where can I get more details on winbindd-OUR-WKGR.conf?
Regards,
MJ
On 06/04/2015 04:51 PM, heupink wrote:
Hi Louis, list,
In packetfence logs we see:
Jun 04 16:46:04 pfcmd.pl(10108) WARN: winbindd-OUR-WKGR.conf timed out
trying to start (pf::services::manager::postStartCleanu
Unable to setup corepath for winbindd: No such file or directory
As requested, the files:
root@pf:~# cat /etc/resolv.conf
domain company.com
nameserver x.y.z.14
nameserver x.y.z.15
nameserver x.y.z.16
nameserver x.y.z.1
(nb: first three are DC's)
root@pf:~# cat /etc/samba/smb.conf
[global]
workgroup = OUR-WKGR
server string = Samba Server Version %v
security = ads
realm = SAMBA.COMPANY.COM
domain master = no
local master = no
preferred master = no
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind refresh tickets = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
log file = /var/log/samba/log.%m
max log size = 50
root@pf:~# cat /etc/krb5.conf
[libdefaults]
default_realm = SAMBA.COMPANY.COM
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
SAMBA.COMPANY.COM = {
kdc = dc2.samba.company.com
admin_server = dc2.samba.company.com
default_domain = SAMBA.COMPANY.COM
}
[domain_realm]
SAMBA.COMPANY.COM = SAMBA.COMPANY.COM
.SAMBA.COMPANY.COM = SAMBA.COMPANY.COM
[login]
krb4_convert = true
krb4_get_tickets = false
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Julien Semaan
[email protected] :: +1.514.447.4918 *155 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
