samba和2003 AD結合的問題
OS: debian 4.1.1-21
kernel: 2.6.18-4-686
samba: Version 3.0.24
硬體環境是用vmware workstation 6.5.0 模擬出來的
krb5.conf主要內容如下
krb4_convert = true
krb4_get_tickets = false
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
default_realm = TEST.LOCAL
dns_lookup_realm = false
dns_lookup_kdb = true
TEST.LOCAL = {
kdc = 192.168.0.2:88
admin_server = 192.168.0.2:749
default_domain = TEST.LOCAL
.test.local = TEST.LOCAL
test.local = TEST.LOCAL
smb.conf主要內容如下:
workgroup = TEST
realm = TEST.LOCAL
winbind enum groups = no
winbind enum users = no
winbind use default domain = yes
netbios name = file-server
winbind separator = /
template homedir = /home/%U
security = domain
password server = 192.168.0.2
comment = Home Directories
browseable = no
path = /home/%U
writable = yes
目的,每個域用戶在samba上都只能訪問自己的宿主目錄。但是現在無法使用域賬號去訪問sabma。
nsswitch文件部分配置如下
passwd: compat files winbind
group: compat files winbind
shadow: compat
net rpc join -S DC.TEST.LOCAL -U administrator
顯示成功加入域
偶爾會出現Connection failed: NT_STATUS_CONNECTION_REFUSED
net rpc testjoin
顯示沒有加入到域
wbinfo -p
wbinfo -t
命令顯示成功
wbinfo -u
wbinfo -g
無法顯示域里的用戶信息和組信息
kinit administrator@TEST.LOCAL
成功運行
以下是部分日誌內容
log.smbd
printing/pcap.c:pcap_cache_reload(159)
Unable to open printcap file /etc/printcap for read!
printing/pcap.c:pcap_cache_reload(159)
Unable to open printcap file /etc/printcap for read!
printing/pcap.c:pcap_cache_reload(159)
Unable to open printcap file /etc/printcap for read!
printing/pcap.c:pcap_cache_reload(159)
Unable to open printcap file /etc/printcap for read!
smbd/server.c:main(847)
smbd version 3.0.24 started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
param/loadparm.c:map_parameter(2698)
Unknown parameter encountered: "winbind enmu users"
param/loadparm.c:lp_do_parameter(3428)
Ignoring unknown parameter "winbind enmu users"
param/loadparm.c:map_parameter(2698)
Unknown parameter encountered: "securiyt"
param/loadparm.c:lp_do_parameter(3428)
Ignoring unknown parameter "securiyt"
printing/pcap.c:pcap_cache_reload(159)
Unable to open printcap file /etc/printcap for read!
printing/pcap.c:pcap_cache_reload(159)
Unable to open printcap file /etc/printcap for read!
smbd/server.c:main(881)
log.nmbd
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303)
nmbd/nmbd_become_dmb.c:become_domain_master_query_success(233)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290)
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303)
nmbd/nmbd_become_dmb.c:become_domain_master_query_success(233)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
param/loadparm.c:set_server_role(4202)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
param/loadparm.c:set_server_role(4202)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_processlogon.c:process_logon_packet(641)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
param/loadparm.c:set_server_role(4202)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_processlogon.c:process_logon_packet(641)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
param/loadparm.c:set_server_role(4202)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd.c:terminate(58)
nmbd/nmbd.c:main(699)
param/loadparm.c:set_server_role(4202)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:add_logon_names(163)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
log.winbindd
nsswitch/winbindd.c:main(953)
nsswitch/winbindd_util.c:winbindd_param_init(787)
nsswitch/winbindd_util.c:winbindd_param_init(788)
nsswitch/winbindd.c:main(986)
nsswitch/winbindd.c:main(953)
param/loadparm.c:set_server_role(4202)
nsswitch/winbindd_util.c:winbindd_param_init(787)
nsswitch/winbindd_util.c:winbindd_param_init(788)
nsswitch/winbindd.c:main(986)
nsswitch/winbindd.c:main(953)
param/loadparm.c:set_server_role(4202)
nsswitch/winbindd_util.c:winbindd_param_init(787)
nsswitch/winbindd_util.c:winbindd_param_init(788)
nsswitch/winbindd.c:main(986)
nsswitch/winbindd_group.c:winbindd_getgrnam(270)
nsswitch/winbindd_group.c:winbindd_getgrnam(270)
nsswitch/winbindd_group.c:winbindd_getgrnam(270)
[ 本帖最後由 addbe 於 2008-9-19 14:16 編輯 ]
《解決方案》
精華有一篇比較好的文章。建議你看看
《解決方案》
samba+域 就是這樣,毛病多,還沒完善呢
《解決方案》
原帖由 aleng 於 2008-9-24 15:03 發表 http://bbs.chinaunix.net/images/common/back.gif
samba+域 就是這樣,毛病多,還沒完善呢
什麼叫毛病?
你這個人說話怎麼不走腦子啊?
《解決方案》
我用rhel5.2作samba+ad,就沒有出過問題,很穩定呀
《解決方案》
可能找到解決的方法了
應該是缺少了libnss_winbind.so這個庫文件導致的
在編譯samba的時候加上,然後把在生成source/nsswitch下面生成的libnss_winbind ln到/usr/lib/libnss_winbind.so.2應該可以解決wbinfo正常工作,但是getent無法獲取passwd以及group的問題
《解決方案》
原帖由 lovegqin 於 2008-9-24 15:04 發表 http://bbs.chinaunix.net/images/common/back.gif
什麼叫毛病?
你這個人說話怎麼不走腦子啊?
恩,問題沒多少,完善是必須的,比如:samba不能作為ad的pdc,所以,如果使用ad認證的話,需要windows作為ads。不知我說對了沒有。。。有點懷疑自己對samba-howto的理解:evil: