Добрый день.
Мне нужно сделать авторизацию squid через AD. Возникла проблема - не могу войти в домен, время тоже не сихронизируется. Подскажите, пожалуйста, в чем может быть дело.
net join ads -U djoin
djoin's password:
[2013/11/13 10:29:17, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Server not found in Kerberos database
ADS join did not work, falling back to RPC...
Unable to find a suitable server
Unable to find a suitable server
angel2# net time set
Could not locate a time server. Try specifying a target host.Версия FreeBSD 5.5-STABLE, samba-3.0.24,1
Конфиг:
angel2# testparm
Load smb config files from /usr/local/etc/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions[global]
dos charset = cp866
unix charset = koi8-r
display charset = koi8-r
workgroup = TL5
realm = TL5.AD
server string = angel2.tl5.ad
security = ADS
password server = 172.17.165.120
passdb backend = tdbsam
log file = /var/log/samba/log.%m
max log size = 500
load printers = No
os level = 0
preferred master = No
local master = No
domain master = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
hosts allow = 192.168.1., 192.168.2., 127.,angel2# more /etc/nsswitch.conf
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: files
angel2# more /etc/rc.conf | grep wi
winbindd_enable="YES"
winbindd_flags="-d 9"
Kerberos причем работает, хотя как я понял его использование не обязательно.
angel2# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: djoin@TL5.ADIssued Expires Principal
Nov 13 10:04:25 Nov 13 20:04:25 krbtgt/TL5.AD@TL5.ADИ вообще winbind не запущен и когда перезапускаешь самбу вот что пишет, так и должно быть?
angel2# /usr/local/etc/rc.d/samba.sh restart
Performing sanity check on Samba configuration: OK
winbindd not running? (check /var/run/winbindd.pid).
Removing stale Samba tdb files: .. done
Starting winbindd.
angel2# ps ax | grep winb
28397 p1 RL+ 0:00.00 grep winbЛоги
[2013/11/13 10:29:04, 5] lib/debug.c:debug_dump_status(391)
INFO: Current debug levels:
all: True/9
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
[2013/11/13 10:29:04, 1] nsswitch/winbindd.c:main(953)
winbindd version 3.0.24 started.
Copyright The Samba Team 2000-2004
[2013/11/13 10:29:04, 3] param/loadparm.c:lp_load(4950)
lp_load: refreshing parameters
[2013/11/13 10:29:04, 3] param/loadparm.c:init_globals(1410)
Initialising global parameters
[2013/11/13 10:29:04, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb.conf"
[2013/11/13 10:29:04, 3] param/loadparm.c:do_section(3687)
Processing section "[global]"
doing parameter netbios name = angel2
[2013/11/13 10:29:04, 4] param/loadparm.c:handle_netbios_name(3045)
handle_netbios_name: set global_myname to: ANGEL2
doing parameter workgroup = TL5
doing parameter server string = angel2.tl5.ad
doing parameter security = ads
doing parameter hosts allow = 192.168.1. 192.168.2. 127.
doing parameter load printers = no
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 500
doing parameter password server = 172.17.165.120
doing parameter realm = TL5.AD
doing parameter passdb backend = tdbsam
doing parameter socket options = TCP_NODELAY
doing parameter local master = no
doing parameter os level = 0
doing parameter domain master = no
doing parameter preferred master = no
doing parameter domain logons = no
doing parameter display charset = koi8-r
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2LE
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2LE
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16LE
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16LE
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2BE
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2BE
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16BE
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16BE
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF8
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF8
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-8
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-8
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ASCII
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ASCII
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset 646
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset 646
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ISO-8859-1
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ISO-8859-1
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS2-HEX
[2013/11/13 10:29:04, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS2-HEX
doing parameter unix charset = koi8-r
doing parameter dos charset = cp866
doing parameter winbind use default domain = no
doing parameter winbind uid = 10000-20000
doing parameter winbind gid = 10000-20000
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
[2013/11/13 10:29:04, 4] param/loadparm.c:lp_load(4981)
pm_process() returned Yes
[2013/11/13 10:29:04, 7] param/loadparm.c:lp_servicenumber(5117)
lp_servicenumber: couldn't find homes
[2013/11/13 10:29:04, 8] param/loadparm.c:add_a_service(2495)
add_a_service: Creating snum = 0 for IPC$
[2013/11/13 10:29:04, 3] param/loadparm.c:lp_add_ipc(2629)
adding IPC service
[2013/11/13 10:29:04, 2] lib/interface.c:add_interface(81)
added interface ip=
[2013/11/13 10:29:04, 5] lib/util.c:init_names(286)
Netbios name list:-
my_netbios_names[0]="ANGEL2"
[2013/11/13 10:29:04, 2] lib/interface.c:add_interface(81)
added interface ip=
[2013/11/13 10:29:04, 5] lib/gencache.c:gencache_init(61)
Opening cache file at /var/db/samba/gencache.tdb
[2013/11/13 10:29:04, 5] libsmb/namecache.c:namecache_enable(58)
namecache_enable: enabling netbios namecache, timeout 660 seconds
[2013/11/13 10:29:04, 5] sam/idmap.c:smb_register_idmap(93)
smb_register_idmap: Successfully added idmap backend 'ldap'
[2013/11/13 10:29:04, 5] sam/idmap.c:smb_register_idmap(93)
smb_register_idmap: Successfully added idmap backend 'tdb'
[2013/11/13 10:29:04, 8] lib/util.c:fcntl_lock(1959)
fcntl_lock fd=8 op=8 offset=0 count=1 type=3
[2013/11/13 10:29:04, 8] lib/util.c:fcntl_lock(1978)
fcntl_lock: Lock call successful
[2013/11/13 10:29:04, 4] lib/time.c:TimeInit(136)
TimeInit: Serverzone is -14400
[2013/11/13 10:29:04, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
Registered MSG_REQ_POOL_USAGE
[2013/11/13 10:29:04, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2013/11/13 10:29:04, 0] nsswitch/winbindd_util.c:init_domain_list(518)
Could not fetch our SID - did we join?
[2013/11/13 10:29:04, 0] nsswitch/winbindd.c:main(1051)
unable to initalize domain list
Толи я чего сделал, толи админинистратор КД.
winbind запустился, только почему то в двух экземплярах запускаетсяangel2# ps ax | grep winb
28752 ?? Ss 0:00.06 /usr/local/sbin/winbindd -d 9 -s /usr/local/etc/smb.conf
28753 ?? I 0:00.07 /usr/local/sbin/winbindd -d 9 -s /usr/local/etc/smb.confВ логах написано что зашел
fcntl_lock: Lock call successful
[2013/11/13 11:36:03, 4] lib/time.c:TimeInit(136)
TimeInit: Serverzone is -14400
[2013/11/13 11:36:03, 2] lib/tallocmsg.c:register_msg_pool_usage(61)
Registered MSG_REQ_POOL_USAGE
[2013/11/13 11:36:03, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2013/11/13 11:36:03, 2] nsswitch/winbindd_util.c:add_trusted_domain(175)
Added domain TL5 TL5.AD S-1-5-21-1335328686-3722870911-1389011291
[2013/11/13 11:36:03, 2] nsswitch/winbindd_util.c:add_trusted_domain(175)
Added domain ANGEL2 S-1-5-21-3461308923-3814976255-1297993263
[2013/11/13 11:36:03, 2] nsswitch/winbindd_util.c:add_trusted_domain(175)
Added domain BUILTIN S-1-5-32
[2013/11/13 11:36:03, 5] nsswitch/winbindd_util.c:init_child_recv(420)
Received child initialization response for domain TL5
[2013/11/13 11:36:11, 6] nsswitch/winbindd.c:new_connection(601)
accepted socket 17
[2013/11/13 11:36:11, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(483)
[ 0]: request interface version
[2013/11/13 11:36:11, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(516)
[ 0]: request location of privileged pipe
[2013/11/13 11:36:11, 6] nsswitch/winbindd.c:new_connection(601)
accepted socket 18
[2013/11/13 11:36:11, 3] nsswitch/winbindd_user.c:winbindd_setpwent_internal(450)
[ 0]: setpwent
[2013/11/13 11:36:29, 6] nsswitch/winbindd.c:new_connection(601)
Но все равно вот такangel2# wbinfo -p
Ping to winbindd succeeded on fd 4
angel2# wbinfo -u
Error looking up domain users
angel2# wbinfo -g
Error looking up domain groups