LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-21-2005, 08:07 PM   #1
Adrnalnrsh
LQ Newbie
 
Registered: Sep 2005
Posts: 17

Rep: Reputation: 0
Help with SMB, Krb5, and ADS.


Having problems with Samba/Winbind, and authenticating to ADS.
Running FC1 Samba/Wnbindd version 3.0.7-2.FC1


Question. Does FC1 support a higher version of Samba than 3.0.7-2?

When I restart Winbind, I get

"[2005/09/21 08:25:21, 1] nsswitch/winbindd.c:main(854)
winbindd version 3.0.7-2.FC1 started.
Copyright The Samba Team 2000-2004
[2005/09/21 08:25:21, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
krb5_cc_get_principal failed (No credentials cache found)"



All of the following are good to go!

1) Samba server installed. Don't need to start smbd services.
Samba version: 3.0.14a or higher.
Verificare AD support like this:

# smbd -b | grep LDAP
HAVE_LDAP_H
HAVE_LDAP
HAVE_LDAP_DOMAIN2HOSTLIST
...

# smbd -b | grep KRB
HAVE_KRB5_H
HAVE_ADDRTYPE_IN_KRB5_ADDRESS
HAVE_KRB5
...

# smbd -b | grep ADS
WITH_ADS
WITH_ADS

# smbd -b | grep WINBIND
WITH_WINBIND
WITH_WINBIND

2) ntp installed and running on both AD and Linux machine. Timing MUST be in sync

3) kerberos installed (file /etc/krb5.conf)

4) /lib/security/pam_winbind.so module installed

__________________________________________________ __

I run all these following tests and all work accept one.

TESTS:


#wbinfo -t - WORKS
checking the trust secret via RPC calls succeeded

What users? - WORKS
#wbinfo -u
...

Show groups now: - WORKS
#wbinfo -g
...

Can I login? - WORKS
#wbinfo -auser%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

My SID, please - FAILS - Gives me error "Could not lookup name %username%"
#wbinfo -nuser
your SID here

passwd? - WORKS
#getent passwd
...

group? - WORKS
#getent group
 
Old 04-09-2006, 09:45 PM   #2
chosmer
Member
 
Registered: Feb 2002
Location: Vermont
Distribution: Fedora Cores
Posts: 39

Rep: Reputation: 15
Your kerberos ticket is placed in /tmp. I notice that my ticket gets old sometimes and I need to delete the ticket and re-authenticate with "kinit -V administrator@whateverdomain.com" Then I dont get that error.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Help krb5-libs/c compiler blackspade Linux - Software 4 08-17-2005 04:39 AM
IBM ads vs. the Intel ads on TV vharishankar General 1 03-16-2005 06:47 AM
libssl.so.4 & krb5? Peit Linux - Software 2 10-07-2004 08:08 AM
Krb5-telnet dvong3 Linux - General 1 03-27-2004 04:13 AM
change passwords krb5 acb67 Linux - Security 0 07-29-2003 11:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration