Доброго времени суток
Итак, имеется сабж на FreeBSD-5.3 в качестве файл-сервера, самба собрана из исходников с поддержкой LDAP, ADS, Kerberos, winbind. Также установлен из портов heimdal-0.6.3_3.
Проблема в следующем: при попытке зайти на шару выдается окно с предложением ввести логин/пароль но их не принимает и, соответственно, никого на шару не пускает. В логах наблюдаю следующее:===
[2006/11/09 10:47:00, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Message size is incompatible with encryption type
[2006/11/09 10:47:00, 3] libads/kerberos_verify.c:ads_secrets_verify_ticket(261)
ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Message size is incompatible with encryption type
[2006/11/09 10:47:00, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(252)
ads_secrets_verify_ticket: enc type [23] decrypted message !
===
Не совсем понятно: после перебора криптометодов сообщение таки было расшифровано или таки нет?
Далее пытаюсь зарегистрироваться юзером srvadmin (Администратор домена):
===
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user SGNI\srvadmin
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is sgni\srvadmin
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(83)
Trying _Get_Pwnam(), username as given is SGNI\srvadmin
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(93)
Trying _Get_Pwnam(), username as uppercase is SGNI\SRVADMIN
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(102)
Checking combinations of 0 uppercase letters in sgni\srvadmin
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals didn't find user [SGNI\srvadmin]!
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user srvadmin
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is srvadmin
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(93)
Trying _Get_Pwnam(), username as uppercase is SRVADMIN
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(102)
Checking combinations of 0 uppercase letters in srvadmin
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals didn't find user [srvadmin]!
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_alloc(131)
Finding user srvadmin
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(75)
Trying _Get_Pwnam(), username as lowercase is srvadmin
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(93)
Trying _Get_Pwnam(), username as uppercase is SRVADMIN
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(102)
Checking combinations of 0 uppercase letters in srvadmin
[2006/11/09 10:47:00, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals didn't find user [srvadmin]!
[2006/11/09 10:47:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(310)
Username SGNI\srvadmin is invalid on this system
[2006/11/09 10:47:00, 3] smbd/error.c:error_packet(146)
error packet at smbd/sesssetup.c(315) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
===
Почему, в чем дело? Из-за чего юзер не находится?
Kerberos настроен - самба успешно регистрируется в домене, протокол - вроде как 5-ый:
krb5.conf:
===
[libdefaults]
default_realm = 0905.DN.STA
dns_lookup_realm = false
dns_lookup_kdc = false
krb4_get_tickets = false
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
[appdefaults]
proxiable = true
ticket_lifetime = 24000
[realms]
0905.DN.STA = {
kdc = zeon.0905.dn.sta:88
admin_server = zeon.0905.dn.sta:749
default_domain = 0905.dn.sta
}
[domain_realm]
.0905.dn.sta = 0905.dn.STA
0905.dn.sta = 0905.DN.STA
[kdc]
enable-kerberos4 = false
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
===
klist выдает следующее:
===
Credentials cache: FILE:/tmp/krb5cc_0
Principal: srvadmin@0905.DN.STA
Issued Expires Principal
Nov 9 11:36:47 Nov 9 18:16:41 krbtgt/0905.DN.STA@0905.DN.STA
===
smb.conf:
===
[global]
dos charset = 866
unix charset = KOI8-U
workgroup = SGNI
realm = 0905.DN.STA
server string = File server
interfaces = 10.5.9.0/24
security = ADS
auth methods = winbind
private dir = /etc/samba
passdb backend = tdbsam:/etc/samba/passdb.tdb
lanman auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 10 ads:10
log file = /var/log/samba/samba.log
max log size = 0
announce as = win95
client signing = Yes
server signing = Yes
deadtime = 360
paranoid server security = No
max open files = 100000
load printers = No
show add printer wizard = No
os level = 8
preferred master = Yes
dns proxy = No
log level = 10 ads:10
log file = /var/log/samba/samba.log
max log size = 0
announce as = win95
client signing = Yes
server signing = Yes
deadtime = 360
paranoid server security = No
max open files = 100000
load printers = No
show add printer wizard = No
os level = 8
preferred master = Yes
dns proxy = No
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind trusted domains only = Yes
winbind refresh tickets = Yes
hosts allow = 10.5.9.
map acl inherit = Yes
case sensitive = No
hide unreadable = Yes
[pub]
comment = pubic access
path = /pub
valid users = @SGNI\it
guest ok = Yes
===
В событиях на вынь-сервере ничего не фиксируется. Пробовал удалять данные о компе из домена и регистрироваться по-новой - безрезультатно.
Время с сервером синхронизировано, в /etc/hosts вынь-сервер и фри-машина прописаны - FQDN -имена получаю.
Куда смотреть, что делать, где ошибка?
