-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/17/2011 06:09 AM, djamel boussebha wrote: > Hi; > > I would like to set the file /etc/krb5.keytab for apache : > > # net ads keytab add HTTP -U compte_admin_dom1 > Processing principals to add... > Enter administrateur's password: > # ktutil > ktutil: l > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > ktutil: > > The file is empty ? > May be that this problem is linked to the command "net ads" ? because when I > try to join the AD : > # net ads join -U administrat...@p9bis.neoplus.laposte.poc > Enter administrat...@p9bis.neoplus.laposte.poc's password: > Failed to join domain: failed to find DC for domain P9BIS.NEOPLUS.LAPOSTE.POC > > But with "rpc" it works : > > # net rpc join -U administrat...@p9bis.neoplus.laposte.poc > Enter administrat...@p9bis.neoplus.laposte.poc's password: > Joined domain P9BIS. > > When I execute : # net ads info - U administrateur > Failed to get server's current time! > LDAP server: 187.0.17.104 > LDAP server name: CINVW067.p9bis.neoplus.laposte.poc > Realm: P9BIS.NEOPLUS.LAPOSTE.POC > Bind Path: dc=P9BIS,dc=NEOPLUS,dc=LAPOSTE,dc=POC > LDAP port: 389 > Server time: Thu, 01 Jan 1970 01:00:00 CET > KDC server: 187.0.17.104 > > And # net rpc info -U administrateur > Enter administrateur's password: > Domain Name: P9BIS > Domain SID: S-1-5-21-254703050-2859693384-3493432365 > Sequence number: 1 > Num users: 50 > Num domain groups: 0 > Num local groups: 12 > > The 2 commands # wbinfo -u and wbinfo -g no returns any values for > users/groups ? > The kinit works fine : > # kinit administrat...@p9bis.neoplus.laposte.poc > Password for administrat...@p9bis.neoplus.laposte.poc: > # klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: administrat...@p9bis.neoplus.laposte.poc > Valid starting Expires Service principal > 11/17/11 12:05:00 11/17/11 22:05:03 > krbtgt/p9bis.neoplus.laposte....@p9bis.neoplus.laposte.poc > renew until 11/18/11 12:05:00 > > Kerberos 4 ticket cache: /tmp/tkt0 > klist: You have no tickets cached > > Impossible to join the AD serveur with "ads" : > # net ads testjoin > Join to domain is not valid: Operations error > # net rpc testjoin > Join to 'P9BIS' is OK > > How make work correctly the "ads" and how get the list of users of the AD > domain ? > > Any help would be very appreciated. > > Regards > > > > > > > > > > > --- En date de : Mer 16.11.11, djamel boussebha <dbousse...@yahoo.fr> a écrit > : > > > De: djamel boussebha <dbousse...@yahoo.fr> > Objet: Problem with Winbind > À: "samba@lists.samba.org" <samba@lists.samba.org>, "foedi...@eva.mpg.de" > <foedi...@eva.mpg.de>, "AndrewPhilipoff" <aphilip...@medicine.ucsf.edu> > Date: Mercredi 16 novembre 2011, 17h24 > > > > > > > > Hi; > > wbinfo can not get the user names and group names of my AD domain (Windows > 2008 SP2) > The result for "wbinfo -t" is ok : > "checking the trust secret for domain P9BIS via RPC calls succeeded" > But when i try to get wbinfo -n "USER1" or wbinfo -r "USER1" it shows this > error message: "Could not lookup name USER1" > I use Samba version : 3.5.12. > > Any help would be very appreciated... thanks to anyone! > I noticed the server time has the year 1970. The ads methods use kerberos and that is time sensitive. Get the accurate date/time and things should start working for you. Perhaps have it sync with a time server.
Robert - -- ________ Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7FOnEACgkQup357T5MfTZ5IgCg0kqoEoWaDT2ayt2XjKW5RJs0 +LEAnAgyCHQw5JtlXHxrX6EuZ2VHaBbC =tSUp -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba