[Comm] samba+ads+winbind=проблемы?
Владимир Гусев
=?iso-8859-1?q?vova1971_=CE=C1_narod=2Eru?=
Ср Янв 23 16:58:21 MSK 2008
Здравствуйте!
Может кто-нибудь сталкивался с проблемой описанной по этой ссылке?
http://www.opennet.ru/openforum/vsluhforumID14/1253.html
Привожу ссылку ибо проблема в точности совпадает с описанной там.
Ключевые фразы проблемы:
По истечении определенного промежутка времени (в моем случае это около
1 часа) все портится:
wbinfo -t получаю вот это :
checking the trust secret via RPC calls failed
error code was NT_STATUS_ACCESS_DENIED (0xc0000022)
Could not check secret
Конфиги:
smb.conf
#======================= Global Settings =======================
[global]
# Settings
kernel oplocks = yes
client use spnego = yes
server signing = auto
client signing = auto
template shell = /bin/bash
nt acl support = yes
; change notify timeout = 0
# Share Behavior
inherit permissions = yes
inherit acls = yes
map acl inherit = yes
acl compatibility = auto
dos filemode = yes
dos filetimes = yes
; dos filename resolution = yes
map archive = yes
map system = no
map hidden = no
ea support = yes
force create mode = 0760
# Domain Settings
workgroup = MOSCOW
server string = %h (Linux FileServer)
os level = 0
preferred master = no
announce as NT Server
announce version = 4.9
browse list = yes
domain master = no
local master = no
enhanced browsing = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind use default domain = yes
winbind enum groups = yes
winbind enum users = yes
winbind separator = +
realm = MOSCOW.POSTSHOP.RU
# Security
hosts allow = 192.168.1. 127.
security = ADS
password server = *
encrypt passwords = yes
# Printers
; printcap name = /etc/printcap
; load printers = yes
; printing = cups
; cups options = raw
# Logging
log file = /var/log/samba/%m.log
log level = 3
max log size = 500
# Network Settings
remote announce = 192.168.0.
disable netbios = no
netbios name = l-files
# Shares
[sources]
comment = Our sources
path = /media/raid/shares/sources
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[public]
comment = Public data store
path = /media/raid/shares/public
guest ok = yes
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[distr]
comment = DistroZZ
path = /media/raid/shares/distr
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[buhgal]
comment = Accounting department only!
path = /media/raid/shares/buhgal
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
[oper]
comment = For updated our programs
path = /media/raid/shares/oper
guest ok = no
read only = no
browseable = yes
writeable = yes
create mask = 0760
directory mask = 0760
acl group control = yes
store dos attributes = yes
; postexec = /bin/umount /cdrom
________________________________________
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MOSCOW.POSTSHOP.RU
dns_lookup_realm = true
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
MOSCOW.POSTSHOP.RU = {
kdc = 192.168.1.254
admin_server = 192.168.1.254
default_domain = MOSCOW.POSTSHOP.RU
}
[domain_realm]
.moscow.postshop.ru = MOSCOW.POSTSHOP.RU
moscow.postshop.ru = MOSCOW.POSTSHOP.RU
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
________________________________________
nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try: # `info libc "Name Service Switch"' for information about this
file.
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
--
С уважением,
Владимир Гусев
Подробная информация о списке рассылки community