[samba] Ошибки Samba и Kerbros
Шевченко Дмитрий
f0r_s2mba на mail.ru
Вт Фев 8 16:56:45 MSK 2005
Samba ADS Domain Member
При присоединении самбы к домену в логах W2k Server, следующая ошибка:
KDC 8
Учетная запись itofbsd$ не имеет подходящего ключа для генерации билета Kerberos.
Если этот тип шифрования поддерживается, то изменение или установка пароля
позволит сгенерировать подходящий ключ.
При подключении к самбе запрашивается логин и пароль... Видимо дело в используемом алгоритме шифрования. Принудительная установка к /etc/krb5.conf приводит к неизвестной ошибке net... Подскажите, может что не так?
Вот мои конфги:
uname -mrs
FreeBSD 5.3-RELEASE i386
smbd -V
Version 3.0.10
heimdal - 0.6.1
more /etc/krb5.conf
[libdefaults]
default_realm = OFK43
clockskew = 150
v4_instance_resolve = false
dns_lookup_kdc = true
dns_lookup_realm = false
ticket_lifetime = 6 days
renew_lifetime = 6 days
[realms]
OFK43 = {
kdc = aquarius.ofk43:88
kpasswd_server = aquarius.ofk43:464
default_domain = ofk43
}
[domain_realm]
.ofk43 = OFK43
more /usr/local/etc/samba/smb.conf
[global]
# NT Netbios Name & Description field.
workgroup = OFK43
netbios name = ITOFBSD
server string = Shevchenko Dmitry
# Network Parametrs
hosts allow = 192.168.43.
interfaces = 192.168.43.251
wins server = 192.168.43.1
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = IPTOS_LOWDELAY TCP_NODELAY
realm = OFK43
security = ads
encrypt passwords = yes
password server = aquarius.ofk43
winbind cache time = 300
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
# Loging
log file = /var/samba/log.%m
max log size = 50
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
; passdb backend = tdbsam
# Browser Control Options:
local master = no
os level = 25
domain master = no
preferred master = no
domain logons = no
dns proxy = no
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
klist -v
Credentials cache: FILE:/tmp/krb5cc_1001
Principal: drug на OFK43
Cache version: 4
Server: krbtgt/OFK43 на OFK43
Ticket etype: arcfour-hmac-md5
Auth time: Feb 7 14:50:04 2005
End time: Feb 8 00:50:04 2005 (expired)
Renew till: Feb 14 14:50:04 2005
Ticket flags: renewable, initial, pre-authenticated
Addresses: IPv4:192.168.43.251
Ошибки подключении к самбе:
check_ntlm_password: Checking password for unmapped user [OFK43]\[Tumatova]@[ITOLEAD] with the new password interface
[2005/02/07 17:02:39, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [OFK43]\[Tumatova]@[ITOLEAD]
[2005/02/07 17:02:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/02/07 17:02:39, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/02/07 17:02:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/02/07 17:02:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/02/07 17:02:39, 3] auth/auth_util.c:make_server_info_info3(1127)
User Tumatova does not exist, trying to add it
[2005/02/07 17:02:39, 0] auth/auth_util.c:make_server_info_info3(1134)
make_server_info_info3: pdb_init_sam failed!
Ошибки в логах самой самбы:
Found SASL mechanism GSS-SPNEGO
[2005/02/07 16:38:05, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
pp ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2005/02/07 16:38:05, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2005/02/07 16:38:05, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2005/02/07 16:38:05, 3] libads/sasl.c:ads_sasl_spnego_bind(204)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2005/02/07 16:38:05, 3] libads/sasl.c:ads_sasl_spnego_bind(211)
ads_sasl_spnego_bind: got server principal name =aquarius$@OFK43
[2005/02/07 16:38:05, 3] libsmb/clikrb5.c:ads_krb5_mk_req(382)
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
Подробная информация о списке рассылки Samba