E
enear
5.4.07 Problem umgangen
Hallo,
vielleicht kann mir hier jemand weiterhelfen.
Ich versuche einen rhel4 64bit Server in die AD aufzunehmen und scheitere dabei bis jetz kläglich, gleiche konfiguration und configs funktionieren auf nem rhel4 32bit einwandfrei.
Linux efanode999 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:56:28 EST 2006 x86_64 x86_64 x86_64 GNU/Linux
Installed Packages
samba.x86_64 3.0.10-1.4E.11 installed
samba-client.x86_64 3.0.10-1.4E.11 installed
samba-common.x86_64 3.0.10-1.4E.11 installed
samba-swat.x86_64 3.0.10-1.4E.11 installed
krb5-libs.x86_64 1.3.4-33 installed
krb5-workstation.x86_64 1.3.4-33 installed
pam_krb5.x86_64 2.1.8-1 installed
smb.conf
krb5.conf
resolv.conf
nsswitch.conf
klist
net ads testjoin
net ads join -Uuser -d3
log.winbindd
Hoffe jemandem fällt der Fehler auf sonst werd ich bis das ding geht
Danke im vorraus
Gruß
Hallo,
vielleicht kann mir hier jemand weiterhelfen.
Ich versuche einen rhel4 64bit Server in die AD aufzunehmen und scheitere dabei bis jetz kläglich, gleiche konfiguration und configs funktionieren auf nem rhel4 32bit einwandfrei.
Linux efanode999 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:56:28 EST 2006 x86_64 x86_64 x86_64 GNU/Linux
Installed Packages
samba.x86_64 3.0.10-1.4E.11 installed
samba-client.x86_64 3.0.10-1.4E.11 installed
samba-common.x86_64 3.0.10-1.4E.11 installed
samba-swat.x86_64 3.0.10-1.4E.11 installed
krb5-libs.x86_64 1.3.4-33 installed
krb5-workstation.x86_64 1.3.4-33 installed
pam_krb5.x86_64 2.1.8-1 installed
smb.conf
Code:
# Global parameters
[global]
workgroup = GROUP
realm = GROUP.LOCAL
server string = %h server (Samba %v)
security = ADS
obey pam restrictions = Yes
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
wins server = 150.99.17.2
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind use default domain = Yes
invalid users = root
krb5.conf
Code:
[libdefaults]
default_realm = GROUP.LOCAL
ticket_lifetime = 24000
dns_lookup_realm = yes
dns_lookup_kdc = yes
...
[realms]
GROUP.LOCAL = {
kdc = demucsinf902
kdc = demucsinf903
admin_server = demucsinf902
default_domain=group.local
}
...
resolv.conf
Code:
search group.local
nameserver 150.99.17.2
nameserver 150.99.17.3
nsswitch.conf
Code:
passwd: files nis winbind
shadow: files nis winbind
...
klist
Code:
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: user@GROUP.LOCAL
Valid starting Expires Service principal
04/03/07 11:33:42 04/03/07 21:33:46 krbtgt/GROUP.LOCAL@GROUP.LOCAL
renew until 04/04/07 11:33:42
04/03/07 11:35:18 04/03/07 21:33:46 demucsinf903$@GROUP.LOCAL
renew until 04/04/07 11:33:42
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
net ads testjoin
Code:
EFANODE999$@GROUP.LOCAL's password:
[2007/04/03 12:54:59, 0] libads/kerberos.c:ads_kinit_password(146)
kerberos_kinit_password [B]EFANODE999$[/B]@GROUP.LOCAL failed: Client not found in Kerberos database
[2007/04/03 12:54:59, 0] utils/net_ads.c:ads_startup(186)
ads_connect: Client not found in Kerberos database
Join to domain is not valid
net ads join -Uuser -d3
Code:
[2007/04/03 12:55:42, 3] param/loadparm.c:lp_load(3894)
lp_load: refreshing parameters
[2007/04/03 12:55:42, 3] param/loadparm.c:init_globals(1312)
Initialising global parameters
[2007/04/03 12:55:42, 3] param/params.c:pm_process(566)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2007/04/03 12:55:42, 3] param/loadparm.c:do_section(3396)
Processing section "[global]"
[2007/04/03 12:55:42, 2] lib/interface.c:add_interface(79)
added interface ip=10.0.0.99 bcast=10.0.0.255 nmask=255.255.255.0
[2007/04/03 12:55:42, 2] lib/interface.c:add_interface(79)
added interface ip=150.99.15.80 bcast=150.99.15.255 nmask=255.255.254.0
users's password:
[2007/04/03 12:55:47, 3] libads/ldap.c:ads_connect(285)
Connected to LDAP server 150.99.17.2
[2007/04/03 12:55:47, 3] libads/ldap.c:ads_server_info(2469)
got ldap server name demucsinf902@GROUP.LOCAL, using bind path: dc=GROUP,dc=LOCAL
[2007/04/03 12:55:47, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/04/03 12:55:47, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/04/03 12:55:47, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/04/03 12:55:47, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/04/03 12:55:47, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
ads_sasl_spnego_bind: got server principal name =demucsinf902$@GROUP.LOCAL
[2007/04/03 12:55:47, 3] libsmb/clikrb5.c:ads_krb5_mk_req(382)
[B]ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)[/B]
[2007/04/03 12:55:47, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(319)
Ticket in ccache[MEMORY:net_ads] expiration Tue, 03 Apr 2007 22:55:47 GMT
log.winbindd
Code:
[2007/04/03 10:50:24, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(544)
spnego_gen_negTokenTarg failed: No credentials cache found
[2007/04/03 10:50:24, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain GROUP failed: Cannot read password
[2007/04/03 10:50:24, 1] nsswitch/winbindd_util.c:init_domain_list(327)
Could not fetch sid for our domain GROUP
Hoffe jemandem fällt der Fehler auf sonst werd ich bis das ding geht
Danke im vorraus
Gruß
Zuletzt bearbeitet von einem Moderator: