Hi All,
I have setup Samba using Kerberos on CentOS 5.2 linux server. All work fine for all the machines that are on the main domain.
The issue I have is that I have another PC which is on a complete workgroup/domain and Samba will not let it connect.
krb5.conf
Code:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
EXAMPLE.COM = {
kdc = rex.example.com
admin_server = rex.example.com
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
smb.conf
Code:
[global]
workgroup = EXAMPLE
server string = Samba Server Version %v
load printers = no
log file = /var/log/samba/%m.log
max log size = 50
encrypt passwords = yes
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
;allow trusted domains = No
;idmap backend = idmap_rid:ONLING=500-100000000
;idmap uid = 500-100000000 idmap gid = 500-100000000
;log level = 1
;syslog = 0
;template shell = /bin/bash
;template homedir = /home/%U
;winbind use default domain = yes
;winbind enum users = Yes
;winbind enum groups = Yes
;winbind nested groups = Yes
;printcap name = CUPS printing = cups
# logs split per m/achine
log file = /var/log/samba/%m.log
# max 50KB per log file, then rotate
max log size = 50
security = ads
realm = EXAMPLE.COM
[homes]
comment = Home Directories
valid users = %D\%U
read only = No
browseable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
[top]
comment = Top level
path = /
browseable = yes
valid users = %D\steve.ling
public = no
guest ok = no
force user = root
force group = root
writable = yes
As mentioned above as it sits all the pc that are on that "EXAMPLE.COM" domain can access the folders.
The problem is that I have a pc that is on EXMAPLE2.COM domain and I get this in the samba log for that pc.
pc name = EXAMPLE2\steve.ling
LOG
Code:
[2008/09/25 21:46:08, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2222)
cli_rpc_pipe_open: cli_nt_create failed on pipe \NETLOGON to machine REX.EXAMPLE.COM. Error was NT_STATUS_ACCESS_DENIED
[2008/09/25 21:46:08, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(2640)
cli_rpc_pipe_open_schannel: failed to get schannel session key from server REX.EXAMPLE.COM for domain EXAMPLE.
[2008/09/25 21:46:08, 0] auth/auth_domain.c:connect_to_domain_password_server(119)
connect_to_domain_password_server: unable to open the domain client session to machine REX.EXAMPLE.COM. Error was : NT_STATUS_ACCESS_DENIED.
[2008/09/25 21:46:08, 0] auth/auth_domain.c:domain_client_validate(220)
domain_client_validate: Domain password server not available.
Done any one have any idea what I am doing wrong?
NOTE:
Now if you look in smb.conf code above, I commented out some lines as I was testing samba to work with winbind & kerberos but the issue is that the connections are slow. But in this setup all my pc could connect no issue to all folders.
Thanks in advance