URL: https://www.opennet.ru/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID14
Нить номер: 1589
[ Назад ]

Исходное сообщение
"AD в связке Samba 3.0.28 && Windows 2003 SP1 R2"

Отправлено Alexandr_K , 29-Дек-07 08:22 
Возникла проблема при вводе Sambы в домен w2k3.
Руководствуюсь докой http://www.lissyara.su/?id=1180
Затык возник при входе в домен командой net ads join -U ftps
Выдает ошибку:
---
odp# net ads join -U ftps
Host is not configured as a member server.
Invalid configuration.  Exiting....
Failed to join domain: Invalid domain role
---
Билет получил нормально:
---
odp# kinit -p ftps@ODP.LOCAL
ftps@ODP.LOCAL's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
---
odp# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: ftps@ODP.LOCAL
Issued           Expires          Principal
Dec 29 11:18:11  Dec 29 17:57:00  krbtgt/ODP.LOCAL@ODP.LOCAL
---
Мои конфиги:
---
krb5.conf

[logging]
default = FILE:/var/log/krb/krb5libs.log
kdc = FILE:/var/log/krb/krb5kdc.log
admin_server = FILE:/var/log/krb/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = ODP.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum = 2
checksum_type = 2
ccache_type = 2
clockskew = 300
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
ODP.LOCAL = {
kdc = DC1-FS.ODP.LOCAL
admin_server = DC1-FS.ODP.LOCAL
default_domain = odp.local
}
[domain realm]
.odp.local = ODP.LOCAL
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
krb4_convert = false
[login]
krb4_convert = false
krb4_get_tikets = false
---
nsswitch.conf

passwd: files winbind
group: files winbind
shadow: files winbind
group_compat: nis
passwd_compat: nis
hosts: files dns
networks: files
shells: files
---
smb.conf

[global]
workgroup = ODP
netbios name = FTPS
server string = Samba Server
log file = /var/log/samba/log.%m
max log size = 50
hosts allow = 10.0.0. 127.
security = ads
auth methods = winbind
client NTLMv2 auth = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
inherit acls = yes
map acl inherit = yes
nt acl support = yes
realm = ODP.LOCAL
password server = dc1-fs.odp.local
encrypt passwords = yes
winbind separator = +
winbind use default domain = yes
winbind uid = 10000-15000
winbind gid = 10000-15000
winbind enum users = yes
winbind enum groups = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 10.0.0.11/24
local master = no
domain master = no
preferred master = no
domain logons = no
dns proxy = No
dos charset = cp866
unix charset = koi8-r
display charset = cp866
guest ok = yes
[homes]
comment = Home Directories
read only = No
browseable = No
[public]
comment = FTP Data
path = /usr/export
read list = "@ODP\Domain Users"
write list = "@ODP\Domain Admins"
read only = No
browseable = Yes
create mode = 666
directory mode = 666
create mask = 0666
directory mask = 0777
---


Содержание

Сообщения в этом обсуждении
"AD в связке Samba 3.0.28 && Windows 2003 SP1 R2"
Отправлено Alexandr , 29-Дек-07 09:21 
idmap uid = 10000-20000
idmap gid = 10000-20000
и
winbind uid = 10000-15000
winbind gid = 10000-15000
это синонимы
guest ok-зачем?
можешь добавить
realm=ODP

"AD в связке Samba 3.0.28 && Windows 2003 SP1 R2"
Отправлено Alexandr_K , 29-Дек-07 09:30 
>idmap uid = 10000-20000
>idmap gid = 10000-20000

>winbind uid = 10000-15000
>winbind gid = 10000-15000
>это синонимы

Хорошо, первые убрал
>guest ok-зачем?

убрал
>можешь добавить
>realm=ODP

так у меня прописано ODP.LOCAL, или недо без .LOCAL ?


"AD в связке Samba 3.0.28 && Windows 2003 SP1 R2"
Отправлено alexandr , 29-Дек-07 10:20 
interfaces = 10.0.0.11/24
local master = no
domain master = no
preferred master = no
domain logons = no
auth methods = winbind
client NTLMv2 auth = yes
попробуй без этого

"AD в связке Samba 3.0.28 && Windows 2003 SP1 R2"
Отправлено sign , 29-Дек-07 20:49 
>Host is not configured as a member server.
>Invalid configuration.  Exiting....
>Failed to join domain: Invalid domain role

А что говорит по этому поводу  testparm ?