Looks like you and I followed the same docs for install. What I have that is different to yours (and my previous failures) is there is absolutely nothing except the default_realm under libdefaults. I commented out everything else, I was having exactly the same symptoms as yourself and had previously tried those settings. Disable all in lib defaults and give that a try.
> From: "David Nalley" <[EMAIL PROTECTED]> > Date: Wed, 24 Mar 2004 22:03:47 -0500 > To: "Brett Stevens" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Subject: RE: [Samba] Kerberos authentication problems > > >> -----Original Message----- >> From: Brett Stevens [mailto:[EMAIL PROTECTED] >> Can you publish (sanitized) the following >> >> /etc/nsswitch >> Samba.conf >> krb5.conf >> >> Thanks > > As you can see, I tried to be liberal with permissions while testing, > and planned to tighten down. Thanks for taking a look > > nsswitch.conf: > > passwd: files winbind > shadow: files > group: files winbind > hosts: files dns > bootparams: nisplus [NOTFOUND=return] files > ethers: files > netmasks: files > networks: files > protocols: files > rpc: files > services: files > netgroup: files > publickey: nisplus > automount: files > aliases: files nisplus > > > krb5.conf: > > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > ticket_lifetime = 24000 > default_realm = DOMAIN.COM > dns_lookup_realm = false > dns_lookup_kdc = false > default_tkt_enctypes = des-cbc-crc > default_tgs_enctypes = des-cbc-crc > > > [realms] > DOMAIN.COM = { > kdc = KDC.DOMAIN.COM > admin_server = KDC.DOMAIN.COM > default_domain = DOMAIN.COM > } > > [domain_realm] > .domain.com = DOMAIN.COM > domain.com = DOMAIN.COM > > [kdc] > profile = /var/kerberos/krb5kdc/kdc.conf > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > > smb.conf: > > [global] > netbios name = SAMBASRVR > Server String = "File Server" > workgroup = DOMAIN > security = ADS > log file = /var/log/%m.log > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > wins support = yes > realm = DOMAIN.COM > encrypt passwords = yes > password server = 192.168.XXX.XXX > local master = no > winbind use default domain = yes > winbind separator = + > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > client use spnego = yes > > > [public] > path = /tmp > guest ok = yes > writeable = yes > browseable = yes > public = yes > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
