Winbindd + W2000

Martin Proks proks na aerospace.fsik.cvut.cz
Pátek Únor 28 09:40:33 CET 2003 

Dobry den

U W2k a XP je mozne ze mate "vyssi zabezpeceni", to znamena ze
nepovoluji anonymni listing skupin a uzivatelu (mimochodem je to
dobra vec kdyz nemate za firewal). Zkuste jeste
wbinfo -A username%password pro nastaveni uzevatele a hesla pro
listovani domenou. Viz man winbindd a man wbinfo.

Jinak poznamka: mozna se mylim, ale nemuze delat problemy i vami zvoleny
separator "/"? A mozna by bylo lepsi mit v password server * nebo pridat
WinBackup server pro pripad vypadku PDC.

Nashle,
-- 
Martin Proks
http://aerospace.fsik.cvut.cz/proks             http://www.vzlu.cz
mailto: proks na aerospace.fsik.cvut.cz            mailto: proks na vzlu.cz


StanleyB wrote:
> Zdravim vsechny,
> 
> nevim kde je problem, nebo kde mam hledat co je spatne. Byl bych vdecny
> za jakoukoliv pomoc, nasmerovani. Potrebuji, aby si Smaba (2.2.5 + RH8)
> overovala uzivatele v domene W2000, ale nejak se k tomu nema. Prikladam
> konfigurace a vypisy, kde 172.16.10.17 je RH(Samba), PDC jsou W2000PDC.
> 
> [root na intranet root]# winbindd -d 3 -i
> winbindd version 2.2.5 started.
> Copyright The Samba Team 2000-2001
> Initialising global parameters
> params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> Processing section "[global]"
> Processing section "[homes]"
> Processing section "[printers]"
> Processing section "[intranet]"
> Processing section "[temp]"
> Processing section "[files]"
> adding IPC service IPC$
> adding IPC service ADMIN$
> added interface ip=172.16.10.17 bcast=172.16.255.255 nmask=255.255.0.0
> added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
> added interface ip=172.16.10.17 bcast=172.16.255.255 nmask=255.255.0.0
> added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
> resolve_lmhosts: Attempting lmhosts lookup for name PDC<0x20>
> bind succeeded on port 0
> cm_get_dc_name: Returning DC PDC (172.16.10.12) for domain DOMENA
> IPC$ connections done by user DOMENA\administrator
> Connecting to host=PDC share=IPC$
> Connecting to 172.16.10.12 at port 445
> failed session setup
> Could not open a connection to DOMENA for \PIPE\lsarpc
> (NT_STATUS_LOGON_FAILURE)
> Retrying startup domain sid fetch for DOMENA
> 
> smb.conf
> [global]
>         log file = /var/log/samba/%m.log
>         client code page = 852
>         load printers = no
>         character set = iso8859-2
>         username level = 15
>         password level = 15
>         os level = 31
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         security = domain
>         preferred master = no
>         domain master = no
>         interfaces = 172.16.10.17 127.0.0.1
>         encrypt passwords = yes
>         netbios name = intranet
>         server string = Samba %v on RedHat 8
>         password server = PDC
>         workgroup = SKUPINA
>         unix password sync = yes
>         winbind gid = 10000-20000
>         bind interfaces only = yes
>         max log size = 0
>         winbind separator = /
>         log level = 1
> 
> wbinfo:
> 
> [root na intranet root]# wbinfo -u
> Error looking up domain users
> 
> [root na intranet root]# wbinfo -g
> Error looking up domain groups
> 
> [root na intranet root]# wbinfo -m
> Could not list trusted domains
> 
> smbpasswd -j DOMENA -r PDC -u ADMIN_NA_PDC
> probehl v poradku, pocitac "Intranet je na PDC vytvoreny"

Další informace o konferenci Linux