altlinux master 2.4
При попытке подключиться к ресурсам самбы, с виндовой машины, выскакивает окно авторизации.
Как сделать так, что бы самба пускала только пользователей и группы которые есть в демене W2003.
Настройки сделал такие:
krb5.conf
[libdefaults]
default_realm = DOMAIN.LOCAL
[realms]
DOMAIN.LOCAL = {
kdc = dc.domain.local
admin_server = dc.domain.local
}
[domain_realms]
.domain.local = DOMAIN.LOCAL
и smb.conf
[global]
workgroup = DOMAIN
netbios name = prox
server string = prox
log file = /var/log/samba/log.%m
max log size = 50
hosts allow = 192.168.0. 127.
security = ads
password server = dc.domain.local
encrypt passwords = yes
realm = DOMAIN.LOCAL
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
dos charset = CP866
unix charset = KOI8-R
display charset = KOI8-R
[var]
path = /var
writable = yes
guest ok = no
browseable = yes
create mask = 744
kinit и wbinfo проходят без проблем и net ads join -U admin%password подключает.
Но как только я пытаюсь с сервера зайти на самбу:
В /var/log/samba/log.192.168.0.10
[2005/10/06 14:15:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(248)
Username DOMAIN+admin is invalid on this system
[2005/10/06 14:15:37, 1] smbd/sesssetup.c:reply_spnego_kerberos(248)
Username DOMAIN+admin is invalid on this system
В /var/log/samba/log.winbindd
[2005/10/06 14:20:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159)
user 'ADMIN' does not exist
[2005/10/06 14:20:53, 3] nsswitch/winbindd_acct.c:winbindd_create_user(880)
[ 2277]: create_user: user=>(admin), group=>()
[2005/10/06 14:20:53, 5] nsswitch/winbindd_acct.c:wb_getpwnam(393)
wb_getpwnam: Found user (admin)
[2005/10/06 14:20:53, 0] nsswitch/winbindd_acct.c:winbindd_create_user(884)
winbindd_create_user: Refusing to create user that already exists (admin)
[2005/10/06 14:20:53, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124)
[ 2277]: getpwnam admin
[2005/10/06 14:20:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159)
user 'admin' does not exist
[2005/10/06 14:20:53, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124)
[ 2277]: getpwnam ADMIN
[2005/10/06 14:20:53, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159)
user 'ADMIN' does not exist
[2005/10/06 14:20:53, 5] nsswitch/winbindd.c:winbind_client_read(465)
read failed on sock 20, pid 2277: EOF
Помогите разобраться.
Samba & W2003sp1 (Нет доступа к ресурсам samba для пользователей AD)
Модераторы: SLEDopit, Модераторы разделов
-
sergius
- Сообщения: 782
Re: Samba & W2003sp1
Покажи вывод таких команд:
wbinfo -t
wbinfo -g
wbinfo -u
И еще покажи файл /etc/nsswitch.conf
wbinfo -t
wbinfo -g
wbinfo -u
И еще покажи файл /etc/nsswitch.conf
-
viktor
- Сообщения: 3
Re: Samba & W2003sp1
# wbinfo -p
Ping to winbindd succeeded on fd 4
# wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -u
admin
Гость
SUPPORT_388945a0
DC$
krbtgt
IUSR_DC
IWAM_DC
1C$
sql
SQLDebugger
HOST/prox
# wbinfo -g
BUILTIN+System Operators
BUILTIN+Replicators
BUILTIN+Guests
BUILTIN+Power Users
BUILTIN+Print Operators
BUILTIN+Administrators
BUILTIN+Account Operators
BUILTIN+Backup Operators
BUILTIN+Users
Компьютеры домена
Контроллеры домена
Администраторы схемы
Администраторы предприятия
Администраторы домена
Пользователи домена
Гости домена
Владельцы-создатели групповой политики
DnsUpdateProxy
Radmin
nsswitch.conf
passwd: files winbind
shadow: tcb files nisplus nis
group: files winbind
hosts: files nisplus nis dns
# To use db, put the "db" in front of "files" for things you want to be
# looked up first in the db files.
#
#passwd: db files nisplus nis
#shadow: db tcb files nisplus nis
#group: db files nisplus nis
#
#hosts: db files nisplus nis dns
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
Ping to winbindd succeeded on fd 4
# wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -u
admin
Гость
SUPPORT_388945a0
DC$
krbtgt
IUSR_DC
IWAM_DC
1C$
sql
SQLDebugger
HOST/prox
# wbinfo -g
BUILTIN+System Operators
BUILTIN+Replicators
BUILTIN+Guests
BUILTIN+Power Users
BUILTIN+Print Operators
BUILTIN+Administrators
BUILTIN+Account Operators
BUILTIN+Backup Operators
BUILTIN+Users
Компьютеры домена
Контроллеры домена
Администраторы схемы
Администраторы предприятия
Администраторы домена
Пользователи домена
Гости домена
Владельцы-создатели групповой политики
DnsUpdateProxy
Radmin
nsswitch.conf
passwd: files winbind
shadow: tcb files nisplus nis
group: files winbind
hosts: files nisplus nis dns
# To use db, put the "db" in front of "files" for things you want to be
# looked up first in the db files.
#
#passwd: db files nisplus nis
#shadow: db tcb files nisplus nis
#group: db files nisplus nis
#
#hosts: db files nisplus nis dns
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus