Jump to content

Linux + домен windows


Dimarik
 Share

Recommended Posts

у меня крик о помощи. Я перевернул уже кучу доков и похоже в конец запутолся. Помогите прикрутить Linux Mandriva к домену Windows 2000.

/etc/resolv.conf

nameserver 10.182.95.102

search 10.182.95.102

domain 10.182.95.102

/etc/samba/smb.conf

[global]

workgroup = SVK

realm=SVK.LOCAL

netbios name = dima-smb

server string = Samba Server %v

printcap name = cups

load printers = yes

printcap cache time = 60

printing = cups

log file = /var/log/samba/%m.log

max log size = 50

map to guest = bad user

security = domain

password server = *

winbind use default domain=yes

encrypt passwords = yes

smb passwd file = /etc/samba/smbpasswd

idmap uid = 10000-20000

idmap gid = 10000-20000

winbind use default domain = yes

winbind enum users=yes

winbind enum groups=yes

template shell = /bin/bash

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

wins server = 10.182.95.102

dns proxy = no

dos charset = cp866

unix charset = UTF8

[homes]

comment = Home Directories

browseable = no

writable = yes

[printers]

comment = All Printers

path = /var/spool/samba

browseable = no

guest ok = yes

writable = no

printable = yes

create mode = 0700

print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.

use client driver = yes

[print$]

path = /var/lib/samba/printers

browseable = yes

write list = @adm root

guest ok = yes

inherit permissions = yes

# Settings suitable for Winbind:

# write list = @"Domain Admins" root

# force group = +@"Domain Admins"

[pdf-gen]

path = /var/tmp

guest ok = No

printable = Yes

comment = PDF Generator (only valid users)

printing = bsd

#print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP &

print command = /usr/share/samba/scripts/print-pdf "%s" "%H" "//%L/%u" "%m" "%I" "%J" &

lpq command = /bin/true

есть еще файл /etc/samba/smb-winbind.conf настройки точно такие же сделал (ни чего умне придумать не мог)

/etc/krb5.conf

[logging]

default = FILE:/var/log/kerberos/krb5libs.log

kdc = FILE:/var/log/kerberos/krb5kdc.log

admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]

ticket_lifetime = 24000

default_realm = SVK.LOCAL

default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc

permitted_enctypes = des3-hmac-sha1 des-cbc-crc

dns_lookup_realm = false

dns_lookup_kdc = false

kdc_req_checksum_type = 2

checksum_type = 2

ccache_type = 1

forwardable = true

proxiable = true

[realms]

SVK.LOCAL={

kds=sk.svk.local:88

admin_server=sk.svk.local:749

default_domain=sk.svk.local

}

EXAMPLE.COM = {

kdc = kerberos.example.com:88

admin_server = kerberos.example.com:749

default_domain = example.com

}

[domain_realm]

.svk.local=SVK.LOCAL

svk.LOCAL=SVK.LOCAL

.example.com = EXAMPLE.COM

[kdc]

profile = /etc/kerberos/krb5kdc/kdc.conf

[pam]

debug = false

ticket_lifetime = 36000

renew_lifetime = 36000

forwardable = true

krb4_convert = false

[login]

krb4_convert = false

krb4_get_tickets = false

/etc/hosts

10.182.95.102 sk.svk.local sk

10.182.95.110 dima-smb.svk.local dima-smb

регистрация в домене проходит

#net rpc join -U имя_администратора_win_домена

Joined domain SVK

# wbinfo -p

Ping to winbindd succeeded on fd 4

# wbinfo -t

checking the trust secret via RPC calls succeeded

# wbinfo --set-auth-user=user%password (пользователь с правами админа в домене)

# wbinfo -a user%1234

plaintext password authentication succeeded

challenge/response password authentication succeeded

# wbinfo -g

BUILTIN\administrators

BUILTIN\users

(должно быть имя домена)

# wbinfo -u

Error looking up domain user

в логах:

[2007/10/03 12:59:53, 0] libads/kerberos.c:ads_kinit_password(208)

kerberos_kinit_password DIMA-SMB$@SVK.LOCAL failed: Cannot find KDC for reques

ted realm

[2007/10/03 12:59:53, 1] nsswitch/winbindd_ads.c:ads_cached_connection(114)

ads_connect for domain SVK failed: Cannot find KDC for requested realm

Link to comment
Share on other sites

  • 4 months later...

мануал с линукс вики не работает с 2007 и 2008 мандривой фри, доходим до getent group-доменных юзеров не показывает...

так же перепробовал много других мануалов из инета и не только .ру....именно с мандривой какаято засада...если кто смог настроить авторизацию в 2003 вин домене положите конфиги или на мыло скиньте...

Link to comment
Share on other sites

Приветствую!

Ну вообще-то лично я такое делал на мандриве 2007

Без проблем все по инструкции встало.

Так что тут вопрос не в неверной инструкции - а в каких-то проблемах именно с Вашей инсталляцией

Link to comment
Share on other sites

  • 1 month later...
  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...