Re: mit samba(lenny) in die Windows-Domain
Liebe Leute,
vielen Dank für die Unterstützung. Ich habe das Problem jetzt behoben
und alles funktioniert wie gewohnt. Mit all den neuen Ideen hab ich
jetzt einfach den kompletten Server neu installiert und Samba+Kerberos
neu konfiguriert.
Der vollständigkeit halber hier noch kurz meine Konfiguration:
apt-get install heimdal-clients samba smbfs smbclient winbind smbclient
ntpdate
ntpdate ruft regelmäßig die zeit vom windows-server ab und resolv.conf
ist auf den windows-dns-server konfiguriert.
Samba-Konfig:
[global]
workgroup = OFFICE
realm = OFFICE.MAY.CO.AT
server string = %h server
security = ADS
obey pam restrictions = Yes
password server = srv01.office.may.co.at
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:
* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
krb5.conf:
[libdefaults]
default_realm = OFFICE.MAY.CO.AT
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
OFFICE.MAY.CO.AT = {
kdc = srv01.office.may.co.at
admin_server = srv01.office.may.co.at
}
[domain_realm]
.office.may.co.at = OFFICE.MAY.CO.AT
[login]
krb4_convert = true
krb4_get_tickets = false
# /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
#
# /etc/pam.d/common-auth - authentication settings common to all services
auth sufficient pam_winbind.so
auth required pam_unix.so nullok_secure use_first_pass
Reply to: