Hi There,
we have a winbind installation here that is used for squid authentication and group
resolving. the winbind server is part of the domain ch.domain.intern. the ads forrest
is organized like
domain.intern
ch.domain.intern at.domain.intern fr.domain.intern
and other sites will follow. authentication and group resolving works actually fine,
BUT: if the link to at or fr is down winbind hangs!!! first of all: why does winbind
try to connect to at or fr domain controllers, because there is no information for
winbind on these servers? how can I keep winbind away from trying to connect to these
domain controllers?
my smb.conf:
[global]
workgroup = CHDOM01
server string = proxy
client use spnego = yes
load printers = no
idmap uid = 10000-20000
idmap gid = 10000-20000
# winbind separator = +
winbind cache time = 10
winbind enum users = yes
winbind enum groups = yes
log file = /var/log/samba/%m.log
max log size = 50
security = ads
realm = ch.domain.intern
password server = wsvch01 wsvch02
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
my krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = CH.DOMAIN.INTERN
# default_tgs_enctypes = des-cbc-crc des-cbc-md5
# default_tkt_enctypes = des-cbc-crc des-cbc-md5
forwardable = true
proxiable = true
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
CH.DOMAIN.INTERN = {
kdc = wsvch01.ch.domain.intern:88
default_domain = ch.domain.intern
}
[domain_realm]
.ch.domain.intern = CH.DOMAIN.INTERN
ch.domain.intern = CH.DOMAIN.INTERN
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
any suggestions?
thnx in advance
best regards,
roman
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
