Winbindd + W2000
Martin Proks
proks na aerospace.fsik.cvut.cz
Pátek Únor 28 09:40:33 CET 2003
Dobry den
U W2k a XP je mozne ze mate "vyssi zabezpeceni", to znamena ze
nepovoluji anonymni listing skupin a uzivatelu (mimochodem je to
dobra vec kdyz nemate za firewal). Zkuste jeste
wbinfo -A username%password pro nastaveni uzevatele a hesla pro
listovani domenou. Viz man winbindd a man wbinfo.
Jinak poznamka: mozna se mylim, ale nemuze delat problemy i vami zvoleny
separator "/"? A mozna by bylo lepsi mit v password server * nebo pridat
WinBackup server pro pripad vypadku PDC.
Nashle,
--
Martin Proks
http://aerospace.fsik.cvut.cz/proks http://www.vzlu.cz
mailto: proks na aerospace.fsik.cvut.cz mailto: proks na vzlu.cz
StanleyB wrote:
> Zdravim vsechny,
>
> nevim kde je problem, nebo kde mam hledat co je spatne. Byl bych vdecny
> za jakoukoliv pomoc, nasmerovani. Potrebuji, aby si Smaba (2.2.5 + RH8)
> overovala uzivatele v domene W2000, ale nejak se k tomu nema. Prikladam
> konfigurace a vypisy, kde 172.16.10.17 je RH(Samba), PDC jsou W2000PDC.
>
> [root na intranet root]# winbindd -d 3 -i
> winbindd version 2.2.5 started.
> Copyright The Samba Team 2000-2001
> Initialising global parameters
> params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> Processing section "[global]"
> Processing section "[homes]"
> Processing section "[printers]"
> Processing section "[intranet]"
> Processing section "[temp]"
> Processing section "[files]"
> adding IPC service IPC$
> adding IPC service ADMIN$
> added interface ip=172.16.10.17 bcast=172.16.255.255 nmask=255.255.0.0
> added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
> added interface ip=172.16.10.17 bcast=172.16.255.255 nmask=255.255.0.0
> added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
> resolve_lmhosts: Attempting lmhosts lookup for name PDC<0x20>
> bind succeeded on port 0
> cm_get_dc_name: Returning DC PDC (172.16.10.12) for domain DOMENA
> IPC$ connections done by user DOMENA\administrator
> Connecting to host=PDC share=IPC$
> Connecting to 172.16.10.12 at port 445
> failed session setup
> Could not open a connection to DOMENA for \PIPE\lsarpc
> (NT_STATUS_LOGON_FAILURE)
> Retrying startup domain sid fetch for DOMENA
>
> smb.conf
> [global]
> log file = /var/log/samba/%m.log
> client code page = 852
> load printers = no
> character set = iso8859-2
> username level = 15
> password level = 15
> os level = 31
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> security = domain
> preferred master = no
> domain master = no
> interfaces = 172.16.10.17 127.0.0.1
> encrypt passwords = yes
> netbios name = intranet
> server string = Samba %v on RedHat 8
> password server = PDC
> workgroup = SKUPINA
> unix password sync = yes
> winbind gid = 10000-20000
> bind interfaces only = yes
> max log size = 0
> winbind separator = /
> log level = 1
>
> wbinfo:
>
> [root na intranet root]# wbinfo -u
> Error looking up domain users
>
> [root na intranet root]# wbinfo -g
> Error looking up domain groups
>
> [root na intranet root]# wbinfo -m
> Could not list trusted domains
>
> smbpasswd -j DOMENA -r PDC -u ADMIN_NA_PDC
> probehl v poradku, pocitac "Intranet je na PDC vytvoreny"
Další informace o konferenci Linux