Dimitri Yioulos wrote:
On Wednesday 14 September 2005 1:07 pm, you wrote:
<snippit>
add_domain_logon_names:
Attempting to become logon server for workgroup SCL.UTAH.EDU on subnet
192.168.0.3
[2005/09/14 10:38:12, 0]
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
become_logon_server_success: Samba is now a logon server for workgroup
SCL.UTAH.EDU on subnet 192.168.0.3
[2005/09/14 10:43:48, 0]
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
*****
Samba name server ODIN-NEWB is now a local master browser for
workgroup DOMAIN.Com on subnet 192.168.0.3
*****
I am still not able to authenticate against the domain, any other
suggestions?
I think a tip-off is:
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
become_logon_server_success: Samba is now a logon server for workgroup
SCL.UTAH.EDU on subnet 192.168.0.3
Is that what you want? If the samba box has become the logon server,
then what's the purpose of your Win2k3 server?
Dimitri
Ok, so how do I fix it? Here is my configuration:
smb.conf
[global]
workgroup = DOMAIN.COM
realm = REALM.COM
security = ADS
domain logons = yes
encrypt passwords = yes
password server = DC1.DOMAIN.COM DC2.DOMAIN.COM
server string = odin.scl.utah.edu
ldap idmap suffix = ou=users,dc=domain,dc=com
prefered master = No
local master = no
domain master = No
prefered master = no
hide unreadable = no
wins support = no
dns proxy = no
idmap uid = 15000-20000
idmap gid = 15000-20000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add machine script = /usr/sbin/useradd -c Machine -d
/var/lib/nobody -s /bin/false %m$
use spnego = yes
update encrypted = yes
winbind use default domain = yes
winbind separator = \
winbind enum users = yes
winbind enum groups = yes
os level = 20
template shell = /bin/bash
template homedir = /home/%D/%U
[odin]
comment = samba box
inherit acls = Yes
path = /usr/local/odin/
read only = no
user = @"DOMAIN+domain users"
force group = users
force user = users
guest ok = no
krb5.conf
[libdefaults]
default_realm = REALM.COM
clockskew = 300
dns_lookup_realm = true
dns_lookup_kdc = true
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc
[realms]
REALM.COM = {
kdc = 192.168.0.2
default_domain = scl.utah.edu
admin_server = 192.168.0.2
}
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
[domain_realm]
.domain.com = REALM.COM
domain.com = REALM.COM
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
}
nsswitch.conf
passwd: files winbind
shadow: files
group: files winbind
pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth include common-auth
auth required pam_nologin.so
auth required pam_mail.so
auth sufficient pam_winbind.so
#account include common-account
account sufficient pam_winbind.so
password include common-password
session include common-session
session required pam_resmgr.so
What am I doing wrong? I followed the samba howto on ADS domain membership
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member
here are the results of the commands run when creating the computer
account:
[EMAIL PROTECTED]:~> sudo net ads join -U"Admin"
Admin's password:
[2005/09/14 13:26:03, 0] libads/ldap.c:ads_add_machine_acct(1405)
ads_add_machine_acct: Host account for odin-newb already exists -
modifying old account
Using short domain name -- SCL.UTAH.EDU
Joined 'ODIN-NEWB' to realm 'SCL.UTAH.EDU'
Am I ok up to this point?
--
Jason Gerfen
"My girlfriend threated to
leave me if I went boarding...
I will miss her."
~ DIATRIBE aka FBITKK
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
