- Samba-3.0.23c, Kerberos и W2K Srv AD, xasm, 00:48 , 16-Ноя-06 (1)
- Samba-3.0.23c, Kerberos и W2K Srv AD, Дмитрий, 18:11 , 20-Ноя-06 (2)
- Samba-3.0.23c, Kerberos и W2K Srv AD, Basileo, 14:41 , 22-Ноя-06 (5)
- Samba-3.0.23c, Kerberos и W2K Srv AD, Дмитрий, 16:04 , 22-Ноя-06 (6)
- Samba-3.0.23c, Kerberos и W2K Srv AD, Basileo, 17:37 , 22-Ноя-06 (7)
- Samba-3.0.23c, Kerberos и W2K Srv AD, Дмитрий, 17:58 , 22-Ноя-06 (8)
- Samba-3.0.23c, Kerberos и W2K Srv AD, Basileo, 10:00 , 23-Ноя-06 (9)
- Samba-3.0.23c, Kerberos и W2K Srv AD, VVD, 20:18 , 19-Янв-07 (10)
После апгрейда c 3.0.22 на 3.0.23 самба перестала пускать на шары с сообщениями в логах: [2006/12/14 17:28:38, 2] lib/access.c:check_access(323) Allowed connection from (10.0.0.27) [2006/12/14 17:28:39, 2] smbd/service.c:make_connection_snum(580) user 'user_name' (from session setup) not permitted to access this share (share_name) [2006/12/14 17:28:46, 2] lib/access.c:check_access(323) Allowed connection from (10.0.0.27) [2006/12/14 17:28:46, 2] smbd/sesssetup.c:setup_new_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/12/14 17:28:46, 0] libads/authdata.c:decode_pac_data(797) decode_pac_data: failed to parse PAC [2006/12/14 17:28:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(310) Username DOMAIN_NAME+COMPUTER_NAME$ is invalid on this system [2006/12/14 17:28:46, 2] smbd/sesssetup.c:setup_new_vc_session(799) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/12/14 17:28:46, 0] libads/authdata.c:decode_pac_data(797) decode_pac_data: failed to parse PACsmb.conf не менялся (security=ads) net ads join проходит нормально wbinfo -t, wbinfo -u работает нормально А вот зайти на как раньше с win машин не могу. $ls /usr/local/lib/nss_winbind.so* /usr/local/lib/nss_winbind.so -> nss_winbind.so.1 /usr/local/lib/nss_winbind.so.1 $ cat /etc/nsswitch.conf group: compat group_compat: nis hosts: files dns networks: files passwd: compat passwd_compat: nis shells: files Пытался прописывать winbind в nsswitch.conf - не помогает. Может неправильно вписывал - а как надо? Что ещё показать?
- Samba-3.0.23c, Kerberos и W2K Srv AD, Дмитрий, 20:59 , 19-Янв-07 (11)
- Samba-3.0.23c, Kerberos и W2K Srv AD, VVD, 23:44 , 19-Янв-07 (12)
$ grep -Ev '^#|^;|^[ ]*$' /usr/local/etc/smb.conf [global] workgroup = DOMAIN netbios name = GW message command = /bin/sh -c '/root/bin/winpopup.sh %s %f %m' & time server = True server string = GateWay security = ads auth methods = winbind hosts allow = 10.0.0.0/24 127.0.0.1 load printers = no log file = /var/log/samba/log.%m max log size = 50 log level = 2 password server = 10.0.0.3 encrypt passwords = yes nt acl support = Yes name resolve order = wins host bcast lmhosts guest ok = No realm = DOMAIN.LOCAL socket options = TCP_NODELAY interfaces = 10.0.0.1 127.0.0.1 bind interfaces only = yes local master = no os level = 0 domain master = no preferred master = no domain logons = no wins support = no wins server = 10.0.0.3 dns proxy = no display charset = koi8-r unix charset = koi8-r dos charset = cp866 #делал по разному: и "+" и "\" и вообще убирал параметр winbind separator = \ winbind use default domain = yes winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes [pub] path = /pub browseable = no writable = yes guest ok = no public = no printable = no valid users = DOMAIN\user1 DOMAIN\user2 DOMAIN\user3 DOMAIN\COMPUTER$ user1 user2 user3 COMPUTER$ force user = existing_local_user$ cat /etc/krb5.conf [libdefaults] default_realm = DOMAIN.LOCAL [realms] DOMAIN.LOCAL = { kdc = server.domain.local admin_server = server.domain.local } #server.domain.local - win2k domain controller Что лучше оставить в winbind separator и в valid users?
- Samba-3.0.23c, Kerberos и W2K Srv AD, awsswa, 14:46 , 23-Янв-07 (13)
- Samba-3.0.23c, Kerberos и W2K Srv AD, VVD, 17:49 , 23-Янв-07 (14)
>>Что лучше оставить в winbind separator и в valid users? > winbind separator - можно вообще из конфига выбросить, по умолчанию там >правильный "\" # man smb.conf /winbind separator winbind separator (G) This parameter allows an admin to define the character used when listing a username of the form of DOMAIN \fIuser. This parameter is only applicable when using the pam_winbind.so and nss_winbind.so modules for UNIX services. Please note that setting this parameter to + causes problems with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group. Default: winbind separator = '' Example: winbind separator = +
- Samba-3.0.23c, Kerberos и W2K Srv AD, VVD, 18:25 , 23-Янв-07 (15)
winbind separator убрал valid users = @DOMAIN\user1 @DOMAIN\user2 @DOMAIN\user3 @DOMAIN\COMPUTER$ user1 user2 user3 COMPUTER$Ничего не изменилось - тежи ошибки в логах. :-(
- Samba-3.0.23c, Kerberos и W2K Srv AD, glitch, 12:49 , 09-Фев-07 (16)
- Samba-3.0.23c, Kerberos и W2K Srv AD, glitch, 18:58 , 09-Фев-07 (17)
|