Всем привет!
Дано: Samba 3.0.12, FreeBSD 5.4
Самба нормально вошла в домен, прекрасно видит пользователей и группы
[ router root @ /usr/local/etc ] => wbinfo -u
TEST\administrator
TEST\guest
TEST\support_388945a0
TEST\fs$
TEST\krbtgt
TEST\luba
TEST\ira
TEST\sveta
TEST\secretar
TEST\nataly
TEST\irene
TEST\mike
...
[ router root @ /usr/local/etc ] => wbinfo -g
BUILTIN\system operators
BUILTIN\replicators
BUILTIN\guests
BUILTIN\power users
BUILTIN\print operators
BUILTIN\administrators
BUILTIN\account operators
BUILTIN\backup operators
BUILTIN\users
TEST\domain computers
TEST\domain controllers
TEST\schema admins
TEST\enterprise admins
TEST\domain admins
TEST\domain users
TEST\domain guests
TEST\group policy creator owners
TEST\dnsupdateproxy
TEST\managers
TEST\directors
...
Что-то непонятное с аутентификацией, в самбу пользователь заходит и определяется (есть открытый ресурс INC)
[ router root @ /var/log/samba ] => cat log.smbd
file_init: Information only: requested 10000 open files, 7244 are available.
[2005/10/18 12:23:41, 1] smbd/service.c:make_connection_snum(642)
192.168.0.5 (192.168.0.5) connect to service INC initially as user TEST\test123 (uid=10001, gid=10005) (pid 36884)
[2005/10/18 12:23:46, 1] smbd/service.c:close_cnum(830)
192.168.0.5 (192.168.0.5) closed connection to service INC
[2005/10/18 12:23:56, 1] smbd/service.c:make_connection_snum(642)
192.168.0.5 (192.168.0.5) connect to service INC initially as user TEST\test123 (uid=10001, gid=10005) (pid 36888)
[2005/10/18 12:24:06, 1] smbd/service.c:close_cnum(830)
192.168.0.5 (192.168.0.5) closed connection to service INC
При этом ntlm_auth вот как ругается:
[ router root @ /usr/local/etc ] => ntlm_auth --diagnostics --username=test123 --password=test123
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
[2005/10/18 12:18:57, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test Plaintext failed!
Wrong Password (0xc000006a)
[2005/10/18 12:18:57, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test Plaintext LM broken failed!
Wrong Password (0xc000006a)
Wrong Password (0xc000006a)
[2005/10/18 12:18:58, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test Plaintext NT only failed!
Wrong Password (0xc000006a)
[2005/10/18 12:18:58, 1] utils/ntlm_auth_diagnostics.c:diagnose_ntlm_auth(594)
Test Plaintext LM only failed!
Тикет от кербероса получен:
[ router root @ /var/log/samba ] => klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: administrator@TEST.LAN
Issued Expires Principal
Oct 18 12:23:49 Oct 18 22:23:49 krbtgt/TEST.LAN@TEST.LAN
/usr/locat/etc/smb.conf:
[global]
workgroup = test
server string = FreeBSD Router
netbios name = FREEBSD
load printers = no
security = ads
realm = test.lan
password server = fs.test.lan
encrypt passwords = yes
winbind separator = \\
winbind use default domain = yes
winbind uid = 10000-15000
winbind gid = 10000-15000
winbind enum users = yes
winbind enum groups = yes
hosts allow = 192.168.0.0/24 127.0.0.1
interfaces = lo0 dc0
bind interfaces only = yes
[INC]
comment = Incoming files
path = /var/ftp/incoming
read only = no
guest ok = no
valid users = "TEST\Domain users"
/etc/krb5.conf:
[libdefaults]
default_realm = TEST.LAN
clockskew = 300
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
TEST.LAN = {
kdc = fs.TEST.lan
admin_server = fs.TEST.lan
}
[domain_realm]
.TEST.lan = TEST.LAN
/etc/nsswitch.conf:
group: files winbind
group_compat: nis
hosts: files dns
networks: files
passwd: files winbind
passwd_compat: nis
shells: files
Вопрос сопсна один - куда копать?
Вариант для распечатки
Samba, вопросы интеграции Unix и Windows (Public)
(ok) on
18-Окт-05, 12:40 (MSK)
