From: "Владимир Гусев" <vova1971@narod.ru>
To: ALT Linux Community general discussions <community@lists.altlinux.org>
Subject: [Comm] samba+ads+winbind=проблемы?
Date: Wed, 23 Jan 2008 16:58:21 +0300
Message-ID: <20080123165821.6d6f0203@biblo.gusev.ru> (raw)
Здравствуйте!
Может кто-нибудь сталкивался с проблемой описанной по этой ссылке?
http://www.opennet.ru/openforum/vsluhforumID14/1253.html
Привожу ссылку ибо проблема в точности совпадает с описанной там.
Ключевые фразы проблемы:
По истечении определенного промежутка времени (в моем случае это около
1 часа) все портится:
wbinfo -t получаю вот это :
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret
Конфиги:
smb.conf
#======================= Global Settings =======================
[global]
# Settings
kernel oplocks = yes
client use spnego = yes
server signing = auto
client signing = auto
template shell = /bin/bash
nt acl support = yes
; change notify timeout = 0
# Share Behavior
inherit permissions = yes
inherit acls = yes
map acl inherit = yes
acl compatibility = auto
dos filemode = yes
dos filetimes = yes
; dos filename resolution = yes
map archive = yes
map system = no
map hidden = no
ea support = yes
force create mode = 0760
# Domain Settings
workgroup = MOSCOW
server string = %h (Linux FileServer)
os level = 0
preferred master = no
announce as NT Server
announce version = 4.9
browse list = yes
domain master = no
local master = no
enhanced browsing = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind use default domain = yes
winbind enum groups = yes
winbind enum users = yes
winbind separator = +
realm = MOSCOW.POSTSHOP.RU
# Security
hosts allow = 192.168.1. 127.
security = ADS
password server = *
encrypt passwords = yes
# Printers
; printcap name = /etc/printcap
; load printers = yes
; printing = cups
; cups options = raw
# Logging
log file = /var/log/samba/%m.log
log level = 3
max log size = 500
# Network Settings
remote announce = 192.168.0.
disable netbios = no
netbios name = l-files
# Shares
[sources]
comment = Our sources
path = /media/raid/shares/sources
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[public]
comment = Public data store
path = /media/raid/shares/public
guest ok = yes
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[distr]
comment = DistroZZ
path = /media/raid/shares/distr
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[buhgal]
comment = Accounting department only!
path = /media/raid/shares/buhgal
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[oper]
comment = For updated our programs
path = /media/raid/shares/oper
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
; postexec = /bin/umount /cdrom
________________________________________
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MOSCOW.POSTSHOP.RU
dns_lookup_realm = true
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
MOSCOW.POSTSHOP.RU = {
kdc = 192.168.1.254
admin_server = 192.168.1.254
default_domain = MOSCOW.POSTSHOP.RU
}
[domain_realm]
.moscow.postshop.ru = MOSCOW.POSTSHOP.RU
moscow.postshop.ru = MOSCOW.POSTSHOP.RU
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
________________________________________
nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try: # `info libc "Name Service Switch"' for information about this
file.
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
--
С уважением,
Владимир Гусев
next reply other threads:[~2008-01-23 13:58 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-23 13:58 Владимир Гусев [this message]
2008-01-23 14:07 ` Владимир Гусев
2008-01-23 14:54 ` Stavr
2008-01-24 12:09 ` Владимир Гусев
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080123165821.6d6f0203@biblo.gusev.ru \
--to=vova1971@narod.ru \
--cc=community@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git