Nsswitch.conf now reads: [EMAIL PROTECTED] root]# more /etc/nsswitch.conf
# # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files ldap winbind shadow: files ldap group: files ldap winbind #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files ldap rpc: files services: files ldap netgroup: files ldap publickey: files automount: files ldap aliases: files However [2004/04/14 21:30:10, 0] libads/kerberos.c:ads_kinit_password(133) kerberos_kinit_password [EMAIL PROTECTED] failed: ASN.1 failed call to system time library [EMAIL PROTECTED] root]# kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: kinit(v5): ASN.1 failed call to system time library while getting initial credentials [EMAIL PROTECTED] root]# -----Original Message----- From: Brett Stevens [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 13, 2004 7:57 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] Help for the Kerberos challenged in the audience,config files Nsswitch set properly? Check it and make sure there is a "passwd files winbind "and a "group files winbind" Also check that your time is synced correctly. ________________________________ From: "Edward W. Ray" <[EMAIL PROTECTED]> Organization: MMICMAN, LLC Reply-To: <[EMAIL PROTECTED]> Date: Tue, 13 Apr 2004 19:27:14 -0700 To: "'Brett Stevens'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: RE: [Samba] Help for the Kerberos challenged in the audience, config files The error has changed since the previous e-mail: [EMAIL PROTECTED] root]# net ads join -U root root password: [2004/04/13 19:23:05, 0] libads/kerberos.c:ads_kinit_password(133) kerberos_kinit_password [EMAIL PROTECTED] failed: ASN.1 failed call to system time library [EMAIL PROTECTED] root]# Below is my smb.conf: [EMAIL PROTECTED] root]# more /etc/samba/smb.conf # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #======================= Global Settings ===================================== [global] dns proxy = no log file = /var/log/samba/log.%m server string = mail socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 password server = 192.168.1.100 192.168.1.102 winbind gid = 10000-20000 workgroup = mmicmanhomenet username map = /etc/samba/user.map use spnego = yes ldap ssl = yes hosts allow = 192.168.1. encrypt passwords = yes realm = mmicmanhomenet.local security = ADS winbind uid = 10000-20000 max log size = 50 [netlogon] comment = Network Logon Service path = /home/netlogon read only = yes ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /home/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer ; [printers] ; comment = All Printers ; path = /var/spool/samba ; browseable = no # Set public = yes to allow user 'guest account' to print ; guest ok = no ; writable = no ; printable = yes # This one is useful for people to share files ;[tmp] ; comment = Temporary file space ; path = /tmp ; read only = no ; public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; read only = yes ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 [EMAIL PROTECTED] root]# Below is my krb5.conf: [EMAIL PROTECTED] root]# more /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MMICMANHOMENET.LOCAL [realms] MMICMANHOMENET.LOCAL = { kdc = 192.168.1.100:88 } [domain_realm] .mmicmanhomenet.local = MMICMANHOMENET.LOCAL mmicmanhomenet.local = MMICMANHOMENET.LOCAL [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } [EMAIL PROTECTED] root]# -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
