Re: [Samba] krb ticket for the computer account
On 11/11/2010 12:18, Mustafa Kuscu wrote: [DOMAIN\computercomputer ~]$ sudo mount -t cifs -o sec=krb5 //remotehost/remoteshare /mnt/localmount mount error(126): Required key not available Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) Any ideas on how to debug this further? I think you need to define KRB5CCNAME to point to your ticket cache file (/tmp/krb5cc_0) or have a /tmp/krb5cc_ file where is the UID of the sudo user. -- Liam Grettonliam.gret...@le.ac.uk HPC Architect http://www.le.ac.uk/its IT Services Tel: +44 (0)116 2522254 University Of Leicester, University Road Leicestershire LE1 7RH, United Kingdom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind and existing UIDs
I guess I'll stick with the method I'm currently using then. Can anyone answer my original questions below, or would I be better off asking in samba-technical? 1. Is winbind guaranteed to never delete mappings from its database, only to add new ones? 2. Is 'idmap alloc' documented anywhere? I can't find an explanation of what the alloc options actually do. -- Liam Grettonliam.gret...@le.ac.uk HPC Architecthttp://www.le.ac.uk/its/ IT Services Tel: +44 (0)116 2522254 University Of Leicester, University Road Leicestershire LE1 7RH, United Kingdom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbind and existing UIDs
On 04/02/2010 15:00, Gaiseric Vandal wrote: On 02/04/10 04:07, Liam Gretton wrote: What I've done to get round this is to use the ldap backend for winbind, and create the mappings myself. This seems to work perfectly well but I can't believe there's not a means within winbind to use the account username to look up UIDs from an existing range. It looks like from the Samba how to documentation that you might want to use the RID backend- which would use the Active Directory to store the IDMAP info instead of a standalone LDAP server. As I understand it, that will just derive a new UID from the RID. I need winbind to use existing UIDs. Also, writing anything back to the AD is probably out of the question in our environment. Also, MS Services for Unix uses relies on unix attributes - I don't think it has to expand the schema when installed. But if you install it it may give you the option to tweak the uid. Installing SFU isn't an option, unfortunately. I would want to point out that under Sun's Samba 3.0.3x release I have had a lot of problems with domain trusts with a Windows 2003 server (mixed mode) and the idmapping cache- even with idmapping in LDAP. The PDC and one BDC are running 3.0.3x.I have a 2nd BDC running Samba 3.4.x (compiled from source) which seems to handle this a lot better. I've only been testing so far but haven't encountered any problems yet with 3.0.34 and 3.0.37. Doesn't mean I won't at some point though! -- Liam Grettonliam.gret...@le.ac.uk HPC Architecthttp://www.le.ac.uk/its/ IT Services Tel: +44 (0)116 2522254 University Of Leicester, University Road Leicestershire LE1 7RH, United Kingdom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind and existing UIDs
Hi, I'm implementing a Samba service on Solaris (the native CIFS service being unreliable in our environment); all is working well but I have a couple of questions regarding winbind which I can't find answers to in the documentation. I'm using 3.0.37 at the moment, but it wouldn't be a big deal to use a more recent version if necessary. The system will join an existing Windows AD. We have Unix UIDs/GIDs already assigned, so I really need winbind to NOT allocate UIDs on its own, but to use our existing ones. We don't have the option of extending the AD schema to include UIDs; our existing Unix accounts are all in LDAP. What I've done to get round this is to use the ldap backend for winbind, and create the mappings myself. This seems to work perfectly well but I can't believe there's not a means within winbind to use the account username to look up UIDs from an existing range. My questions are therefore: 1. Can I rely on winbind to never delete mappings from its database? I.e. if I've created its backend LDAP database myself, can I be sure that those mappings won't ever need to be recreated? 2. I wonder if the 'idmap alloc' options would actually do what I want, but I can't find a simple explanation of what alloc backends actually do. Am I barking up the wrong tree thinking that an appropriate alloc backend will do what I want? -- Liam Grettonliam.gret...@le.ac.uk HPC Architecthttp://www.le.ac.uk/its/ IT Services Tel: +44 (0)116 2522254 University Of Leicester, University Road Leicestershire LE1 7RH, United Kingdom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba