Hi Dumping this incase it didn't make it the first time.
Also should I be looking at samba4 ? currently using samba on centos 6.2 I think its 3 Alex > -----Original Message----- > From: Alex Samad - Yieldbroker > Sent: Friday, 30 November 2012 7:44 PM > To: [email protected] > Subject: samba and RODC > > > Hi > > I am trying to setup samba (rhel6/centos 6.2) and I am having some issues. > > So what I have is > > Server A (centos 6.2) > It exists in my DMZ so very limited access to thing. Juts mainly DNS and some > ports for RODC > > Sever B (W2k8r2) > RODC, exists in my insecure vlan, stepping stone into the DMZ (dmz-inside) > My Windows box work fine talking to the RODC > > When I try wbinfo -u it fails. I have opened up the kerbos and the ldap ports > for a -> b. I drop the old still netbios, but I do allow port 445 tcp > > The wbinfo -u waits a long time then fails > > Note xyz.com is not the real domain :) > > > My smb.conf > [global] > #--authconfig--start-line-- > > # Generated by authconfig on 2012/11/28 10:16:49 # DO NOT EDIT THIS > SECTION (delimited by --start-line--/--end-line--) # Any modification may be > deleted or altered by authconfig in future > > workgroup = XYZ > password server = int3.xyz.com > realm = XYZ.COM > security = ads > idmap uid = 5000-10000 > idmap gid = 5000-10000 > template homedir = /home/%D/%U > template shell = /bin/bash > winbind use default domain = true > winbind offline logon = false > > #--authconfig--end-line-- > > winbind enum users = 1 > winbind enum groups = 1 > winbind nested groups = Yes > > preferred master = no > encrypt passwords = yes > log level = 3 > > > server string = Samba Server Version %v > > # logs split per machine > log file = /var/log/samba/log.%m > # max 50KB per log file, then rotate > max log size = 50 > > passdb backend = tdbsam > > # the login script name depends on the machine name # the login script > name depends on the unix user used # disables profiles support by specifing > an empty path > > load printers = yes > cups options = raw > #obtain list of printers automatically on SystemV > > [homes] > comment = Home Directories > browseable = no > writable = yes > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > guest ok = no > writable = no > printable = yes > > > > > my /etc/krb.conf > > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = XYZ.COM > dns_lookup_realm = false > dns_lookup_kdc = false > ticket_lifetime = 24h > renew_lifetime = 7d > forwardable = yes > > [realms] > XYZ.COM = { > admin_server = int3.xyz.com > default_domain = xyz.com > kdc = int3.xyz.com > } > > [domain_realm] > .kerberos.server = XYZ.COM > .zyx.com = XYZ.COM > > [kdc] > profile = /var/kerberos/krb5kdc/kdc.conf > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > > > I have done tcpdumps and it seems like when it gets stuck on is on Kerberos > (UDP) .. I see quit a few UDP A to B and no replies from B > > Thanks > Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
