Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Layout of domains
- CSCTRAIN.LOCAL -> (One-way forest trust) -> CSCTEST.LOCAL -> ad-centos 6.7 client running Winbind Version 3.6.23-20.el6
- When querying a user in the CSCTRAIN.LOCAL domain it seems that it cannot find the domain controller ad-server.csctrain.local in the Kerberos database
- [root@ad-centos smb_krb5]# wbinfo -i csctrain.local\\jason-csctrain
- failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
- Could not get info for user csctrain.local\jason-csctrain
- [root@ad-centos smb_krb5]#
- Connected to LDAP server evw3300295.csctrain.local
- time offset is -4 seconds
- Found SASL mechanism GSS-SPNEGO
- ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
- ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
- ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
- ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
- ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
- ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore
- ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
- ads_krb5_mk_req: smb_krb5_get_credentials failed for ldap/ad-server.csctrain.local@CSCTRAIN.LOCAL (Server not found in Kerberos database)
- kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database
- ad_idmap_cached_connection_internal: failed to connect to AD
- ADS uninitialized: Server not found in Kerberos database
- Finished processing child request 59
- Could not convert sid S-1-5-21-1756739036-3764305495-3557332716-1147: NT_STATUS_UNSUCCESSFUL
- [root@ad-centos samba]# cat /etc/krb5.conf
- [logging]
- default = FILE:/var/log/krb5libs.log
- kdc = FILE:/var/log/krb5kdc.log
- admin_server = FILE:/var/log/kadmind.log
- [libdefaults]
- default_realm = CSCTEST.LOCAL
- dns_lookup_realm = true
- dns_lookup_kdc = true
- ticket_lifetime = 24h
- renew_lifetime = 7d
- forwardable = true
- [realms]
- CSCTEST.LOCAL = {
- kdc = ad-server.csctest.local
- admin_server = ad-server.csctest.local
- }
- CSCTRAIN.LOCAL = {
- kdc = ad-server.csctrain.local
- }
- [domain_realm]
- csctest.local = CSCTEST.LOCAL
- .csctest.local = CSCTEST.LOCAL
- csctrain.local = CSCTRAIN.LOCAL
- .csctrain.local = CSCTRAIN.LOCAL
- [root@ad-centos samba]#
- [root@ad-centos samba]# cat /etc/samba/smb.conf
- [global]
- workgroup = CSCTEST
- password server = ad-server.csctest.local
- realm = CSCTEST.LOCAL
- security = ADS
- template homedir = /home/%U
- template shell = /bin/bash
- # winbind use default domain = true
- winbind offline logon = false
- # Added by Jason
- allow trusted domains = yes
- # map untrusted to domain = yes
- idmap config * : backend = tdb
- idmap config * : range = 2000 - 9999
- idmap config * : base_rid = 0
- # idmap backend = tdb
- # idmap uid = 2000 - 3000
- # idmap gid = 2000 - 3000
- idmap config CSCTEST : backend = ad
- idmap config CSCTEST : range = 10000 - 20000
- idmap config CSCTEST : schema_mode = rfc2307
- idmap config CSCTRAIN : backend = ad
- idmap config CSCTRAIN : range = 20000 - 30000
- idmap config CSCTRAIN : schema_mode = rfc2307
- winbind enum users = yes
- winbind enum groups = yes
- winbind nested groups = yes
- # client use spnego = no
- # End of Jason edits
- server string = Samba Server Version %v
- log level = 10
- log file = /var/log/samba/log.%m
- max log size = 50
- passdb backend = tdbsam
- [homes]
- comment = Home Directories
- browseable = no
- writable = yes
- [root@ad-centos samba]#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement