Hi all,
Thus far, I have managed to get wbinfo -[u|g] to display users/group
correctly, and getent passwd/group works. However, wbinfo -t fails to
work, giving me this error:
[EMAIL PROTECTED] samba]# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret
Further, this seems to be related to a problem with wbinfo -a:
[EMAIL PROTECTED] samba]# wbinfo -a user%pass
plaintext password authentication failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
error messsage was: Access denied
Could not authenticate user user%pass with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
error messsage was: Access denied
Could not authenticate user user with challenge/response
I was able to join the domain successfully:
[EMAIL PROTECTED] samba]# net ads join
[2005/05/23 10:09:35, 0] libads/ldap.c:ads_add_machine_acct(1368)
ads_add_machine_acct: Host account for billing already exists -
modifying old account
Using short domain name -- DOMAIN
Joined 'BILLING' to realm 'DOMAIN.PRI'
At this point, I am at a loss as to what to do further. I don't
understand ADS well enough to know why I can get a list of usernames but
I can't auth with them. That seems to be a big clue to me what's going
on, but I don't understand it well enough to take it. :)
Here is my krb5.conf file:
[logging]
default = FILE:/var/log/krb5libs.log
kdr = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.PRI
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
DOMAIN.PRI = {
kdc = dc-1.domain.pri:88
admin_server = dc-1.domain.pri:749
default_domain = domain.PRI
}
[domain_realm]
.domain.pri = DOMAIN.PRI
domain.pri = DOMAIN.PRI
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
And here are the relevant bits of my smb.conf file:
[global]
workgroup = DOMAIN
realm = DOMAIN.PRI
netbios name = BILLING
password server = 192.168.1.3
#domain logons = yes
security = ads
server string = Billing Office File Server
interfaces = 192.168.1.0/24 127.0.0.0/8
bind interfaces only = yes
encrypt passwords = yes
log level = 3
log file =/var/log/samba/%U.log
guest account = nobody
guest ok = no
use spnego = yes
use kerberos keytab = yes
wins server = 192.168.1.3
# Browsing Election options
local master = yes
preferred master = yes
domain master = no
os level = 55
wins support = no
name resolve order = wins hosts bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#domain admin group = @Domain Admins
winbind uid = 1000-5000
winbind gid = 1000-5000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = yes
winbind separator = +
Any help is greatly apprecaited!
Sean
ps: Sorry for the html folks, I'll send this as text too. The html
really helps with the formatting, which is why I use it.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
