Winbind authentication issues
Hi,
I'm running CentOS 5.2 on a server that acts as a router / firewall. In order to setup VPN later on, I need to get the machine to authenticate using a AD server on Windows 2003. I've followed loads of the instructions on the net and I believe I'm almost there.
The CentOS machine can actually connect to the AD server (and joined the domain), but when I try to login to it using one of the accounts in the AD, it doesn't even bother to contact the AD server.
So, this works:
# wbinfo -p
Ping to winbindd succeeded on fd 4
# wbinfo -u
<actual list of users is displayed>
But when I try
# getent passwd
I only get a list of users from /etc/passwd; nothing from the AD.
I have the following entries in /etc/nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns wins
And here is the relevant part of the smb.conf:
realm = DIGIO.LOCAL
workgroup = DIGIO
password server = digs101
security = ads
server signing = auto
netbiosname = digs001
winbind separator = +
encrypt passwords = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind use default domain = yes
winbind offline logon = false
And finally the /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DIGIO.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
DIGIO.LOCAL = {
kdc = 172.29.38.101
admin_server = digs101.digio.local
default_domain = DIGIO.LOCAL
kdc = DIGIO.LOCAL
}
[domain_realm]
.DIGIO.LOCAL = DIGIO.LOCAL
DIGIO.LOCAL = DIGIO.LOCAL
.digio.local = DIGIO.LOCAL
digio.local = DIGIO.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Any help would be greatly appriciated.
Louis
|