Quote:
Originally Posted by paul_mat
best bet would be post your /etc/krb5.conf here and your /etc/samba/smb.conf here along with your /var/log/samba/winbind log file.
also on my website below i have a how-to writtern for joining a *nix machine to a domain and there is a script that will join it for you. you can look at both of them and see if they help you out.
|
Hi paul_mat thank you for your reply to my question. I have post the files that you asked me and you can find them below.I would also like to ask you how it is better to have a Domain Member Server where security=domain or Samba ADS Domain where security=ADS.Could you please tell me your opinion.Moreover, if i use Domain Server I will have to use winbind and if i use ADS i will have to use the realm.Or it doens't matter?
krb5.conf
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = mydomain
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
MYDOMAIN.LOCAL = {
kdc = 192.168.1.1:88
default_domain = mydomain.local
admin_server = server.mydomain.local:749
}
[domain_realm]
.mydomain.local = MYDOMAIN.LOCAL
[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[login]
krb4_convert = false
krb4_get_tickets = false
smb.conf file
[global]
idmap gid = 10000-20000
write list = exleys,@AllUsers
force group = exleys
user = @AllUsers
allow hosts = 192.168.1. 82.110.225.130
dns proxy = no
netbios name = Server
writeable = yes
printing = cups
idmap uid = 10000-20000
default = Publicdrive
workgroup = mydomain
os level = 20
printcap name = cups
security = domain
max log size = 50
winbind separator = \
log file = /var/server/logs/samba/log.%m
guest account = exleys
load printers = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = no
map to guest = bad user
encrypt passwords = yes
winbind trusted domains only = yes
realm = mydomain.local
public = yes
printer admin = @adm
template shell = /bin/bash
server string = Linux Server
template homedir = /home/winnt/%D/%U
force user = exleys
comment = Public Drive
valid users = @AllUsers
winbind cache time = 10
ldap idmap suffix=ou=ldmap,dc=quenya,dc=org
[Website]
comment = Website
user = @ITAdmin,@AllUsers
path = /var/www/html
write list = @AllUsers
allow hosts = 192.168.1. 82.110.225.132
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# to allow user 'guest account' to print.
guest ok = yes
writable = no
printable = yes
create mode = 0700
[print$]
path = /var/lib/samba/printers
browseable = yes
write list = @adm root
guest ok = yes
inherit permissions = yes
# Settings suitable for Winbind:
# write list = @"Domain Admins" root
# force group = +@"Domain Admins"
[pdf-gen]
lpq command = /bin/true
comment = PDF Generator (only valid users)
print command = /usr/share/samba/scripts/print-pdf "%s" "%H" "//%L/%u" "%m" "%I" "%J" &
printing = bsd
printable = Yes
path = /var/tmp
[Cumbria and S Lakes Public]
comment = LakesPublic
valid users = @Lakes
user = @Lakes
write list = @Lakes
path = /var/Lakes/Public
only user = yes
[Clearlydata]
public = yes
path = /home/Shares/Finance
[Publicdrive]
revalidate = yes
valid users = exleys,@AllUsers
user = exleys,@AllUsers
path = /var/Publicdrive
only user = yes
force group = AllUsers
[Lancaster Public]
comment = Lancaster drive
path = /var/Lancaster/publicdrive
[software]
read list = guest
path = /var/software
write list =
comment = software
public = yes
guest only = yes
user =
[C and E Lancs Public]
comment = Preston Public Drive
valid users = @Preston
user = @Preston
path = /var/preston/Public
write list = @Preston
[GM Private]
comment = private drive
valid users = @BoltonAdmin
user = @BoltonAdmin
write list = @BoltonAdmin
only user = yes
path = /var/Bolton/privatedrive
[GM Public]
write list = @Bolton
path = /var/Bolton/publicdrive
force group = Bolton
valid users = @Bolton
user = @Bolton
create mode = 775
directory mode = 775
[C and E Lancs Private]
comment = Central and East Lancs Public Drive
valid users = @PrestonAdmin
user = @PrestonAdmin
path = /var/preston/private
write list = @PrestonAdmin
[Cumbria and S Lakes Private]
comment = LakesPrivate
valid users = @LakesAdmin
user = @LakesAdmin
path = /var/Lakes/Private
write list = @LakesAdmin
[Lancaster Private]
path = /var/Lancaster/privatedrive
[Users]
path = /var/Users
Regarding this file that you asked
"/var/log/samba/winbind log file" i am not sure if this is what you asked,as this path does not exit.I found the winbind log file in the path: "/var/server/logs/samba" and its content was:
[2006/01/26 11:18:05, 0] lib/pidfile. c : pidfile_create(91)
ERROR: winbindd is already running. File /var/run/winbindd.pid exists and process id 17486 is running.
[2006/01/26 12:30:04, 0] lib/pidfile. c : pidfile_create(91)
ERROR: winbindd is already running. File /var/run/winbindd.pid exists and process id 17486 is running.
Sorry for the long code.
Thank you very much,
Xenia