歡迎您光臨本站 註冊首頁
開源互助社區>文檔>運維技術

samba和2003 AD結合的問題

←手機掃碼閱讀     火星人 @ 2014-03-04 , reply:0

samba和2003 AD結合的問題

OS: debian 4.1.1-21
kernel: 2.6.18-4-686
samba: Version 3.0.24
硬體環境是用vmware workstation 6.5.0 模擬出來的

krb5.conf主要內容如下


        krb4_convert = true
        krb4_get_tickets = false
        default = FILE:/var/log/krb5libs.log
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmind.log

        default_realm = TEST.LOCAL
        dns_lookup_realm = false
        dns_lookup_kdb = true

        TEST.LOCAL = {
                kdc = 192.168.0.2:88
                admin_server = 192.168.0.2:749
                default_domain = TEST.LOCAL

        .test.local = TEST.LOCAL
        test.local = TEST.LOCAL


smb.conf主要內容如下:


   workgroup = TEST
   realm = TEST.LOCAL
    winbind enum groups = no
    winbind enum users  = no
    winbind use default domain = yes
    netbios name = file-server
    winbind separator = /
    template homedir = /home/%U
    security = domain
    password server = 192.168.0.2

   comment = Home Directories
   browseable = no
   path = /home/%U
   writable = yes

目的,每個域用戶在samba上都只能訪問自己的宿主目錄。但是現在無法使用域賬號去訪問sabma。
nsswitch文件部分配置如下

passwd:         compat files winbind
group:          compat files winbind
shadow:         compat


net rpc join -S DC.TEST.LOCAL -U administrator

顯示成功加入域
偶爾會出現Connection failed: NT_STATUS_CONNECTION_REFUSED


net rpc testjoin

顯示沒有加入到域

wbinfo -p
wbinfo -t

命令顯示成功

wbinfo -u
wbinfo -g

無法顯示域里的用戶信息和組信息

kinit administrator@TEST.LOCAL

成功運行

以下是部分日誌內容
log.smbd

printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
smbd/server.c:main(847)
  smbd version 3.0.24 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2006
param/loadparm.c:map_parameter(2698)
  Unknown parameter encountered: "winbind enmu users"
param/loadparm.c:lp_do_parameter(3428)
  Ignoring unknown parameter "winbind enmu users"
param/loadparm.c:map_parameter(2698)
  Unknown parameter encountered: "securiyt"
param/loadparm.c:lp_do_parameter(3428)
  Ignoring unknown parameter "securiyt"
printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
smbd/server.c:main(881)

log.nmbd

nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303)
nmbd/nmbd_become_dmb.c:become_domain_master_query_success(233)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303)
nmbd/nmbd_become_dmb.c:become_domain_master_query_success(233)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
param/loadparm.c:set_server_role(4202)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
param/loadparm.c:set_server_role(4202)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_processlogon.c:process_logon_packet(641)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
param/loadparm.c:set_server_role(4202)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_processlogon.c:process_logon_packet(641)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
param/loadparm.c:set_server_role(4202)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
param/loadparm.c:set_server_role(4202)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)

log.winbindd

nsswitch/winbindd.c:main(953)
nsswitch/winbindd_util.c:winbindd_param_init(787)
nsswitch/winbindd_util.c:winbindd_param_init(788)
nsswitch/winbindd.c:main(986)
nsswitch/winbindd.c:main(953)
param/loadparm.c:set_server_role(4202)
nsswitch/winbindd_util.c:winbindd_param_init(787)
nsswitch/winbindd_util.c:winbindd_param_init(788)
nsswitch/winbindd.c:main(986)
nsswitch/winbindd.c:main(953)
param/loadparm.c:set_server_role(4202)
nsswitch/winbindd_util.c:winbindd_param_init(787)
nsswitch/winbindd_util.c:winbindd_param_init(788)
nsswitch/winbindd.c:main(986)
nsswitch/winbindd_group.c:winbindd_getgrnam(270)
nsswitch/winbindd_group.c:winbindd_getgrnam(270)
nsswitch/winbindd_group.c:winbindd_getgrnam(270)


[ 本帖最後由 addbe 於 2008-9-19 14:16 編輯 ]
《解決方案》

精華有一篇比較好的文章。建議你看看
《解決方案》

samba+域 就是這樣,毛病多,還沒完善呢
《解決方案》

原帖由 aleng 於 2008-9-24 15:03 發表 http://bbs.chinaunix.net/images/common/back.gif
samba+域 就是這樣,毛病多,還沒完善呢

什麼叫毛病?
你這個人說話怎麼不走腦子啊?
《解決方案》

我用rhel5.2作samba+ad,就沒有出過問題,很穩定呀
《解決方案》

可能找到解決的方法了
應該是缺少了libnss_winbind.so這個庫文件導致的
在編譯samba的時候加上,然後把在生成source/nsswitch下面生成的libnss_winbind ln到/usr/lib/libnss_winbind.so.2應該可以解決wbinfo正常工作,但是getent無法獲取passwd以及group的問題
《解決方案》

原帖由 lovegqin 於 2008-9-24 15:04 發表 http://bbs.chinaunix.net/images/common/back.gif


什麼叫毛病?
你這個人說話怎麼不走腦子啊?
恩,問題沒多少,完善是必須的,比如:samba不能作為ad的pdc,所以,如果使用ad認證的話,需要windows作為ads。不知我說對了沒有。。。有點懷疑自己對samba-howto的理解:evil:

[火星人 ] samba和2003 AD結合的問題已經有709次圍觀

http://coctec.com/docs/service/show-post-26602.html

熱門文章

  1. sed當中使用變數替換以及執行外部命令
  2. 英特爾的VT-x、VT-d、VT-c技術概述
  3. NXDomain指的是什麼意思?
  4. CACTI不能顯示圖像,rra下沒有文件!許可權,PATH,snmpwalk沒問題
  5. VPN技術討論——IPsec VPN與SSL VPN的比較。
  6. vsftp的問題500 OOPS: unrecognised variable in config file: cal_root
  7. openldap 很慢問題
  8. 為何htpasswd命令不能用
  9. tomcat的CLOSE_WAIT是怎麼回事
  10. 開源資產管理軟體—OCS-NG

最新文章

  1. 如何使用DMA66的硬碟
  2. 網卡設置指南
  3. Linux下新手裝網卡指南
  4. 設置串列埠和數據機
  5. 如何在Linux上使用HAProxy配置HTTP負載均衡系統
  6. 解決 502 bad gateway
  7. 配置mysql5.5主從伺服器
  8. Mongodb中關於GUID的顯示問題詳析
  9. Openssl實現雙向認證教程(附服務端客戶端程式碼)
  10. JVM執行時資料區劃分原理詳解