* [Comm] samba+ads+winbind=проблемы?
@ 2008-01-23 13:58 Владимир Гусев
2008-01-23 14:07 ` Владимир Гусев
2008-01-23 14:54 ` Stavr
0 siblings, 2 replies; 4+ messages in thread
From: Владимир Гусев @ 2008-01-23 13:58 UTC (permalink / raw)
To: ALT Linux Community general discussions
Здравствуйте!
Может кто-нибудь сталкивался с проблемой описанной по этой ссылке?
http://www.opennet.ru/openforum/vsluhforumID14/1253.html
Привожу ссылку ибо проблема в точности совпадает с описанной там.
Ключевые фразы проблемы:
По истечении определенного промежутка времени (в моем случае это около
1 часа) все портится:
wbinfo -t получаю вот это :
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret
Конфиги:
smb.conf
#======================= Global Settings =======================
[global]
# Settings
kernel oplocks = yes
client use spnego = yes
server signing = auto
client signing = auto
template shell = /bin/bash
nt acl support = yes
; change notify timeout = 0
# Share Behavior
inherit permissions = yes
inherit acls = yes
map acl inherit = yes
acl compatibility = auto
dos filemode = yes
dos filetimes = yes
; dos filename resolution = yes
map archive = yes
map system = no
map hidden = no
ea support = yes
force create mode = 0760
# Domain Settings
workgroup = MOSCOW
server string = %h (Linux FileServer)
os level = 0
preferred master = no
announce as NT Server
announce version = 4.9
browse list = yes
domain master = no
local master = no
enhanced browsing = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind use default domain = yes
winbind enum groups = yes
winbind enum users = yes
winbind separator = +
realm = MOSCOW.POSTSHOP.RU
# Security
hosts allow = 192.168.1. 127.
security = ADS
password server = *
encrypt passwords = yes
# Printers
; printcap name = /etc/printcap
; load printers = yes
; printing = cups
; cups options = raw
# Logging
log file = /var/log/samba/%m.log
log level = 3
max log size = 500
# Network Settings
remote announce = 192.168.0.
disable netbios = no
netbios name = l-files
# Shares
[sources]
comment = Our sources
path = /media/raid/shares/sources
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[public]
comment = Public data store
path = /media/raid/shares/public
guest ok = yes
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[distr]
comment = DistroZZ
path = /media/raid/shares/distr
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[buhgal]
comment = Accounting department only!
path = /media/raid/shares/buhgal
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[oper]
comment = For updated our programs
path = /media/raid/shares/oper
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
; postexec = /bin/umount /cdrom
________________________________________
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MOSCOW.POSTSHOP.RU
dns_lookup_realm = true
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
MOSCOW.POSTSHOP.RU = {
kdc = 192.168.1.254
admin_server = 192.168.1.254
default_domain = MOSCOW.POSTSHOP.RU
}
[domain_realm]
.moscow.postshop.ru = MOSCOW.POSTSHOP.RU
moscow.postshop.ru = MOSCOW.POSTSHOP.RU
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
________________________________________
nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try: # `info libc "Name Service Switch"' for information about this
file.
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
--
С уважением,
Владимир Гусев
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Comm] samba+ads+winbind=проблемы?
2008-01-23 13:58 [Comm] samba+ads+winbind=проблемы? Владимир Гусев
@ 2008-01-23 14:07 ` Владимир Гусев
2008-01-23 14:54 ` Stavr
1 sibling, 0 replies; 4+ messages in thread
From: Владимир Гусев @ 2008-01-23 14:07 UTC (permalink / raw)
To: community
> Ключевые фразы проблемы:
> По истечении определенного промежутка времени (в моем случае это около
> 1 часа) все портится:
> [..]
Уточнение - в течение 5-10 минут происходит "авария".. так что полная
идентичность проблемы..
--
С уважением,
Владимир Гусев
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Comm] samba+ads+winbind=проблемы?
2008-01-23 13:58 [Comm] samba+ads+winbind=проблемы? Владимир Гусев
2008-01-23 14:07 ` Владимир Гусев
@ 2008-01-23 14:54 ` Stavr
2008-01-24 12:09 ` Владимир Гусев
1 sibling, 1 reply; 4+ messages in thread
From: Stavr @ 2008-01-23 14:54 UTC (permalink / raw)
To: community
23.01.08, 17:07, "Владимир Гусев" <vova1971@narod.ru>:
> > Ключевые фразы проблемы:
> > По истечении определенного промежутка времени (в моем случае это около
> > 1 часа) все портится:
> > [..]
> Уточнение - в течение 5-10 минут происходит "авария".. так что полная
> идентичность проблемы..
С такой проблемой не сталкивался. Однако могу предложить убрать параметр password server из smb.conf
С security=ADS он не используется
У меня все работает отлично. Вот мои конфиги
smb.conf
[global]
workgroup = MYDOMAIN
server string = ALT Samba
log file = /var/log/samba/log.%m
max log size = 50
security = ads
realm = MYDOMAIN.LOCAL
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
template homedir = /home/MYDOMAIN/%U
template shell = /bin/bash
socket options = TCP_NODELAY
dns proxy = no
[public]
comment = Public source
path = /home/samba/public
public = yes
writable = yes
/etc/nsswitch.conf
passwd: files winbind
shadow: tcb files winbind
group: files winbind
hosts: files dns winbind
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
automount: files
aliases: files
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MYDOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
MYDOMAIN.LOCAL = {
kdc = srvinit.mydomain.local:88
admin_server = srvinit.mydomain.local:749
default_domain = mydomain.local
}
[domain_realm]
.mydomain.local = MYDOMAIN.LOCAL
mydomain.local = MYDOMAIN.LOCAL
[kdc]
profile = /var/lib/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Comm] samba+ads+winbind=проблемы?
2008-01-23 14:54 ` Stavr
@ 2008-01-24 12:09 ` Владимир Гусев
0 siblings, 0 replies; 4+ messages in thread
From: Владимир Гусев @ 2008-01-24 12:09 UTC (permalink / raw)
To: community
> > > Ключевые фразы проблемы:
> > > По истечении определенного промежутка времени (в моем случае это
> > > около 1 часа) все портится:
> > > [..]
> > Уточнение - в течение 5-10 минут происходит "авария".. так что
> > полная идентичность проблемы..
>
> С такой проблемой не сталкивался. Однако могу предложить убрать
> параметр password server из smb.conf С security=ADS он не используется
>
> У меня все работает отлично. Вот мои конфиги
> [..]
Увы, ничего не помогло..
--
С уважением,
Владимир Гусев
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-01-24 12:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-01-23 13:58 [Comm] samba+ads+winbind=проблемы? Владимир Гусев
2008-01-23 14:07 ` Владимир Гусев
2008-01-23 14:54 ` Stavr
2008-01-24 12:09 ` Владимир Гусев
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git