Samba goes Active Directory.... sollte zumindest

M

Mauri1990

Grünschnabel
Hallo zusammen,
ich muss hier in der Arbeit einen Samba-Server aufsetzen, welcher die Userdaten+PW von einem AD Windows 2003 Server holt. Gut, nur des klappt nicht so ganz :-/
Leider ist die ganze Sache Neuland für mich und deswegen wende ich mich nun nach 3 Tagen voller Googeln usw. den Rat von euch. Ich hoffe ihr sieht etwas, was ich nicht gesehen habe... (k, bin auch schon langsam fertig... von 9 Uhr in der früh bis 17:00...)

Die Samba-version ist 3.0.23c
Der Linux Server heißt slxmctec
Der Windoof Server heißt htsrvw3
beide können sich gegenseitig anpingen und auflösen
Beide sind in der Domain juwel.hotel
Es soll nur 1 User darauf zugriff haben: mauritest
wenn ich versuche mich auf den Fileserver zu verbinden und den user mauritest mit dem richtigen PW eingäbe, erkennt er zumindest, dass der User sich in juwel befindet.... aber das PW ist angeblich falsch, bzw. nimmt er es nicht an. Der linux server hat in AD das Vertrauensstellung (oder wie das hieß :) )

hier kommt die smb.conf
Code:
[global]
realm = juwel.hotel
workgroup = juwel
netbios name= slxmctec
server string = Linux Samba Fileserver
#mb passwd file = /etc/samba/smbpasswd
#passdb backend = tbsam
pam password change = no
unix password sync = No
domain logons = Yes
os level = 20
encrypt passwords = yes
domain master = No
ldap ssl = no
#read only = yes
msdfs proxy = no
security = ADS
valid users = mauritest
guest ok = no
password server = htsrvw3.juwel.hotel
idmap uid = 10000-15000
idmap gid = 10000-15000
winbind separator = /
client use spnego = no
server signing = auto

[profiles]
profile acls = Yes
browseable = No
path = /usr1/daten/

[daten]
path = /usr1/daten
inherit acls = Yes
browsable = Yes
vfs objects = recycle:repository=.recycle
recycle:version = true
recycle:touch=false
recycle:keeptree=true
hide unreadable = no
valid users = mauritest
dont descend = .recycle
read only = No

hier wäre dann die krb5.conf
Code:
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = JUWEL.HOTEL
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 JUWEL.HOTEL = {
  kdc = htsrvw3.juwel.hotel
  admin_server = htsrvw3.juwel.hotel:749
  default_domain = juwel.hotel
 }

[domain_realm]
 .juwel.hotel = JUWEL.HOTEL
 juwel.hotel = JUWEL.HOTEL

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

Code:
hier die resolv.conf
domain JUWEL.HOTEL
nameserver 172.20.4.210
search JUWEL.HOTEL

Ich hoffe es kann mir einer helfen, weil langsam kann ich durch das viele ausprobieren geistig und körperlich nicht mehr... :(



Grüße,
Marui
 
Und was sagen die Logs von Samba, wenn du dich anmelden willst?
 
Code:
[2006/09/19 16:06:51, 0] smbd/server.c:main(847)
  smbd version 3.0.23c-SerNet-RedHat started.
  Copyright Andrew Tridgell and the Samba Team 1992-2006
[2006/09/19 16:06:51, 0] param/loadparm.c:map_parameter(2690)
  Unknown parameter encountered: "inheric acls"
[2006/09/19 16:06:51, 0] param/loadparm.c:lp_do_parameter(3420)
  Ignoring unknown parameter "inheric acls"
[2006/09/19 16:06:51, 0] smbd/server.c:main(881)
  standard input is not a socket, assuming -D option
[2006/09/19 16:06:52, 1] lib/account_pol.c:account_policy_get(329)
  account_policy_get: tdb_fetch_uint32 failed for field 1 (min password length), returning 0
[2006/09/19 16:06:52, 1] lib/account_pol.c:account_policy_get(329)
  account_policy_get: tdb_fetch_uint32 failed for field 2 (password history), returning 0
[2006/09/19 16:06:52, 1] lib/account_pol.c:account_policy_get(329)
  account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to change password), returning 0
[2006/09/19 16:06:52, 1] lib/account_pol.c:account_policy_get(329)
  account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age), returning 0
[2006/09/19 16:06:52, 1] lib/account_pol.c:account_policy_get(329)
  account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age), returning 0
[2006/09/19 16:06:52, 1] lib/account_pol.c:account_policy_get(329)
  account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration), returning 0
[2006/09/19 16:06:52, 1] lib/account_pol.c:account_policy_get(329)
  account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count minutes), returning 0
[2006/09/19 16:06:52, 1] lib/account_pol.c:account_policy_get(329)
  account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout attempt), returning 0
[2006/09/19 16:06:52, 1] lib/account_pol.c:account_policy_get(329)
  account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time), returning 0
[2006/09/19 16:06:52, 1] lib/account_pol.c:account_policy_get(329)
  account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine password change), returning 0
[2006/09/19 16:06:52, 0] libads/kerberos.c:ads_kinit_password(208)
  kerberos_kinit_password JUWEL@JUWEL.HOTEL failed: Client not found in Kerberos database
[2006/09/19 16:06:52, 0] printing/nt_printing.c:nt_printing_init(649)
  nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
[2006/09/19 16:07:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:07:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:07:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:07:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:07:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:07:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:11:02, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:11:10, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:12:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:12:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:12:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:12:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:12:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:12:31, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:13:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:13:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:13:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:13:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:13:49, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:14:03, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:17:04, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:17:04, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:17:04, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:17:04, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:17:04, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:17:11, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:17:12, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:10, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:11, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:12, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:12, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:12, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:12, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:12, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:12, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:13, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:19:54, 0] smbd/server.c:main(847)
  smbd version 3.0.23c-SerNet-RedHat started.
  Copyright Andrew Tridgell and the Samba Team 1992-2006
[2006/09/19 16:19:54, 1] param/loadparm.c:set_server_role(4194)
  Server's Role (logon server) NOT ADVISED with domain-level security
[2006/09/19 16:19:55, 0] smbd/server.c:main(881)
  standard input is not a socket, assuming -D option
[2006/09/19 16:22:04, 0] smbd/server.c:main(847)
  smbd version 3.0.23c-SerNet-RedHat started.
  Copyright Andrew Tridgell and the Samba Team 1992-2006
[2006/09/19 16:22:04, 0] smbd/server.c:main(881)
  standard input is not a socket, assuming -D option
[2006/09/19 16:22:04, 0] libads/kerberos.c:ads_kinit_password(208)
  kerberos_kinit_password JUWEL@JUWEL.HOTEL failed: Client not found in Kerberos database
[2006/09/19 16:22:04, 0] printing/nt_printing.c:nt_printing_init(649)
  nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
[2006/09/19 16:28:35, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:28:35, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:28:35, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:28:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:28:36, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
  Failed to verify incoming ticket!
[2006/09/19 16:42:21, 0] smbd/server.c:main(847)
  smbd version 3.0.23c-SerNet-RedHat started.
  Copyright Andrew Tridgell and the Samba Team 1992-2006
[2006/09/19 16:42:21, 1] param/loadparm.c:set_server_role(4194)
  Server's Role (logon server) NOT ADVISED with domain-level security
[2006/09/19 16:42:21, 0] smbd/server.c:main(881)
  standard input is not a socket, assuming -D option

was soll das ganz genau heißen?

Gruße,
Mauri
 
[2006/09/19 16:06:52, 0] libads/kerberos.c:ads_kinit_password(208)
kerberos_kinit_password **********L failed: Client not found in Kerberos database
[2006/09/19 16:06:52, 0] printing/nt_printing.c:nt_printing_init(649)
nt_printing_init: error checking published printers: WERR_ACCESS_DENIED
[2006/09/19 16:07:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(202)
Failed to verify incoming ticket!

es sieht so aus als ob deine kerberos konfig nicht korrekt ist.
was bringt den die ausgabe von:
"getent passwd"
oder
"getent group"?
 
Code:
Script started on Wed 20 Sep 2006 02:20:19 PM CEST
[root@slxmctec samba]# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
ident:x:100:101::/home/ident:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
desktop:x:80:80:desktop:/var/lib/menu/kde:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
support:x:500:500::/usr1/hogatex:/bin/sh
hogatex:x:501:501::/usr1/hogatex:/bin/sh
ifstart:x:502:502::/usr1/hogatex:/bin/sh
omar:x:503:500:omar:/usr1/hogatex:/bin/sh
philipp:x:504:503::/usr1/hogatex:/bin/bash
vasilios:x:505:504::/home/vasilios:/bin/bash
Susan:x:506:505:Susan:/usr1/hogatex:/bin/bash
Christophe:x:508:506:Christophe Harnisch:/usr1/hogatex:/bin/bash
salztal_pc02$:x:509:509::/dev/null:/bin/false
[root@slxmctec samba]# getent group
root:x:0:root,Christophe
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
wheel:x:10:root
mail:x:12:mail
news:x:13:news
uucp:x:14:uucp
man:x:15:
games:x:20:
gopher:x:30:
dip:x:40:
ftp:x:50:
lock:x:54:
nobody:x:99:
users:x:100:
floppy:x:19:
vcsa:x:69:
utmp:x:22:
rpm:x:37:
slocate:x:21:
nscd:x:28:
ident:x:101:
netdump:x:34:
sshd:x:74:
rpc:x:32:
rpcuser:x:29:
nfsnobody:x:65534:
mailnull:x:47:
smmsp:x:51:
pcap:x:77:
xfs:x:43:
ntp:x:38:
gdm:x:42:
desktop:x:80:
apache:x:48:
named:x:25:
support:x:500:
hogatex:x:501:
ifstart:x:502:
philipp:x:503:
vasilios:x:504:
Susan:x:505:
Christophe:x:506:
pcadmin:x:507:support
salztal_pc02$:x:509:
Code:
[root@slxmctec samba]# getent passwd[1m[34m^M[0m
root:x:0:0:root:/root:/bin/bash[1m[34m^M[0m
bin:x:1:1:bin:/bin:/sbin/nologin[1m[34m^M[0m
daemon:x:2:2:daemon:/sbin:/sbin/nologin[1m[34m^M[0m
adm:x:3:4:adm:/var/adm:/sbin/nologin[1m[34m^M[0m
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin[1m[34m^M[0m
sync:x:5:0:sync:/sbin:/bin/sync[1m[34m^M[0m
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown[1m[34m^M[0m
halt:x:7:0:halt:/sbin:/sbin/halt[1m[34m^M[0m
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin[1m[34m^M[0m
news:x:9:13:news:/etc/news:[1m[34m^M[0m
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin[1m[34m^M[0m
operator:x:11:0:operator:/root:/sbin/nologin[1m[34m^M[0m
games:x:12:100:games:/usr/games:/sbin/nologin[1m[34m^M[0m
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin[1m[34m^M[0m
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin[1m[34m^M[0m
nobody:x:99:99:Nobody:/:/sbin/nologin[1m[34m^M[0m
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin[1m[34m^M[0m
rpm:x:37:37::/var/lib/rpm:/sbin/nologin[1m[34m^M[0m
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin[1m[34m^M[0m
ident:x:100:101::/home/ident:/sbin/nologin[1m[34m^M[0m
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash[1m[34m^M[0m
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin[1m[34m^M[0m[25;63H1,1[25;77HTop[1;1H[?25h[?0c[?25l[?1c[25;1H[K[25;1H:[?25h[?0cq[?25l[?1c[?25h[?0c

//edit:
hm.... scheint so, als verträgt windows ein paar zeichen nicht ^^
wenn kerberos nicht in ordnung ist.... was wäre dann dort falsch? die war schon automatisch so eingestellt, wie is in den meisten how-to's geschrieben wurde, bloß ein bisschen mehr text war da halt drinnen, deswegen habe ich selber nichts daran gemacht, weil soviel ich weiß es gefährlich sein kann. Ich weiß zwar nicht, inwiefern gefährlich, aber ich habe es vorsichtshalber mal gelassen.

Grüße,
Mauri
 
Zuletzt bearbeitet:
das kann man pauschal nicht sagen ... da könnte es viele sachen geben!
- probiere mal ein kinit <uid eines domänen users>. was passiert?
- ist htsrvw3.juwel.hotel vom server per dns auflösbar?
- ist es sichergestellt das der admin_server korrekt auf htsrvw3.juwel.hotel und auf port 749 läuft? kommt mir persönlich irgendwie komisch vor.
- was steht den in der /var/kerberos/krb5kdc/kdc.conf ?
- was sagen den die logs?:
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log


edit: schon mal http://www.pro-linux.de/work/server/samba3-domaene.html gelesen?
 
Zuletzt bearbeitet:
ok, danke für die internet seite, ich habe erkannt, dass der linux rechner den Windows rechner nicht als kdc nimmt, sondern sich selber. weiß einer wie ich dem Linux das besser lehren kann? ^^

um auf den post von damager einzugehen,

wenn ich kinit mauritest oder Administrator eingebe, dann kommt:
Code:
kinit(v5): Cannot contect any KDC for requested realm while getting initial cred etials
zu punkt 2: ja

sowohl als die kdc.conf als auch die logs existieren leider nicht.....
 
dann entferne mal den eintrag:
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
aus der /etc/krb5.conf
ausserdem würde ich die port-nummer in dem admin_server-eintrag auch entfernen.

solange das kinit nicht funtzt hast du ein problem in deiner kerberos-config :]
 
nun heißts nachdem ich die krb5.conf editier habe:
Clow skew too great while getting......

//edit:
gefixt :)
es war nur die uhrzeit

mal schauen ob ich es jetzt doch noch komplett packe :D

//edit 2:

sooo, das ganze ding funktioniert nun, habe aber x-sachen ändern müssen :)
das einzige was ich noch machen muss ist, dass nur der user mauritest da rein kommt, aber ich denke das packe ich alleine :)

lob und vielen dank an euch :)
 
Zuletzt bearbeitet:

Ähnliche Themen

Samba 4.9.5-Debian - Kennwort von unix übernehmen

Zugriff Ubuntu 16.04. auf Freigabe 18.04. LTS nicht möglich

Samba-Server mit Univention Corporate Server

Samba Dateien und Ordner verschieben

Zugriff auf Samba Fileserver Freigaben verweigert(Samba 4 Active Directory Domäne)

Zurück
Oben