Jump to content
Sign in to follow this  
Dimarik

Linux+Домен Win 2K

Recommended Posts

у меня крик о помощи. Я перевернул уже кучу доков и похоже в конец запутолся. Помогите прикрутить Linux Mandriva к домену Windows 2000.

/etc/resolv.conf

nameserver 10.182.95.102

search 10.182.95.102

domain 10.182.95.102

/etc/samba/smb.conf

[global]

workgroup = SVK

realm=SVK.LOCAL

netbios name = dima-smb

server string = Samba Server %v

printcap name = cups

load printers = yes

printcap cache time = 60

printing = cups

log file = /var/log/samba/%m.log

max log size = 50

map to guest = bad user

security = domain

password server = *

winbind use default domain=yes

encrypt passwords = yes

smb passwd file = /etc/samba/smbpasswd

idmap uid = 10000-20000

idmap gid = 10000-20000

winbind use default domain = yes

winbind enum users=yes

winbind enum groups=yes

template shell = /bin/bash

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

wins server = 10.182.95.102

dns proxy = no

dos charset = cp866

unix charset = UTF8

[homes]

comment = Home Directories

browseable = no

writable = yes

[printers]

comment = All Printers

path = /var/spool/samba

browseable = no

guest ok = yes

writable = no

printable = yes

create mode = 0700

print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.

use client driver = yes

[print$]

path = /var/lib/samba/printers

browseable = yes

write list = @adm root

guest ok = yes

inherit permissions = yes

# Settings suitable for Winbind:

# write list = @"Domain Admins" root

# force group = +@"Domain Admins"

[pdf-gen]

path = /var/tmp

guest ok = No

printable = Yes

comment = PDF Generator (only valid users)

printing = bsd

#print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP &

print command = /usr/share/samba/scripts/print-pdf "%s" "%H" "//%L/%u" "%m" "%I" "%J" &

lpq command = /bin/true

есть еще файл /etc/samba/smb-winbind.conf настройки точно такие же сделал (ни чего умне придумать не мог)

/etc/krb5.conf

[logging]

default = FILE:/var/log/kerberos/krb5libs.log

kdc = FILE:/var/log/kerberos/krb5kdc.log

admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]

ticket_lifetime = 24000

default_realm = SVK.LOCAL

default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc

permitted_enctypes = des3-hmac-sha1 des-cbc-crc

dns_lookup_realm = false

dns_lookup_kdc = false

kdc_req_checksum_type = 2

checksum_type = 2

ccache_type = 1

forwardable = true

proxiable = true

[realms]

SVK.LOCAL={

kds=sk.svk.local:88

admin_server=sk.svk.local:749

default_domain=sk.svk.local

}

EXAMPLE.COM = {

kdc = kerberos.example.com:88

admin_server = kerberos.example.com:749

default_domain = example.com

}

[domain_realm]

.svk.local=SVK.LOCAL

svk.LOCAL=SVK.LOCAL

.example.com = EXAMPLE.COM

[kdc]

profile = /etc/kerberos/krb5kdc/kdc.conf

[pam]

debug = false

ticket_lifetime = 36000

renew_lifetime = 36000

forwardable = true

krb4_convert = false

[login]

krb4_convert = false

krb4_get_tickets = false

/etc/hosts

10.182.95.102 sk.svk.local sk

10.182.95.110 dima-smb.svk.local dima-smb

регистрация в домене проходит

#net rpc join -U имя_администратора_win_домена

Joined domain SVK

# wbinfo -p

Ping to winbindd succeeded on fd 4

# wbinfo -t

checking the trust secret via RPC calls succeeded

# wbinfo --set-auth-user=user%password (пользователь с правами админа в домене)

# wbinfo -a user%1234

plaintext password authentication succeeded

challenge/response password authentication succeeded

# wbinfo -g

BUILTIN\administrators

BUILTIN\users

(должно быть имя домена)

# wbinfo -u

Error looking up domain user

в логах:

[2007/10/03 12:59:53, 0] libads/kerberos.c:ads_kinit_password(208)

kerberos_kinit_password DIMA-SMB$@SVK.LOCAL failed: Cannot find KDC for reques

ted realm

[2007/10/03 12:59:53, 1] nsswitch/winbindd_ads.c:ads_cached_connection(114)

ads_connect for domain SVK failed: Cannot find KDC for requested realm

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...