[samba] включение самбы в домен 2003

Alexey Sidorov alex на reutman.ru
Ср Мар 21 12:06:03 MSK 2007 

Здравствуйте.
Решил сделать очередной подход к самбе :)
Домен 2003, все машины виндовые кроме моей.

Настроил krb.conf,smb.conf
Сделал kinit
теперь могу лазить по всем машинам домена, но...

Если лезу с другой машины домена на свою, то винда спрашивает юзера/пароль
В /var/log/samba/log появляется
[2007/03/21 11:59:17, 2] smbd/sesssetup.c:setup_new_vc_session(799)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2007/03/21 11:59:17, 1] smbd/sesssetup.c:reply_spnego_kerberos(310)
  Username REUTMAN\Administrator is invalid on this system

Если лезу с другой машины на виндовую то не спрашивает, а лезет естественно тем юзером под которым
зашёл.

Как сделать что-б не спрашивала ничего?

krb.conf:
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 ticket_lifetime = 2600000
 default_realm = REUTMAN.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 REUTMAN.LOCAL = {
  kdc = server.reutman.local
  admin_server = server.reutman.local:749
  default_domain = reutman.local
 }

[domain_realm]
 .reutman.local = REUTMAN.LOCAL
 reutman.local = REUTMAN.LOCAL

[kdc]
 profile = /var/lib/kerberos/krb5kdc/kdc.conf

[pam]
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false

smb.conf:

[global]
dos charset = CP866
unix charset = CP1251

workgroup = REUTMAN
netbios name = ALEXLIN
server string =

printcap name = cups
load printers = no
printing = cups

log file = /var/log/samba/log
log level = 2

use spnego = yes

hosts deny = ALL
hosts allow = 192.168.0.0/24 127.0.0.0/8

security = ads
password server = server.reutman.local
realm = REUTMAN.LOCAL
encrypt passwords = yes

winbind uid = 10000-20000
winbind gid = 10000-20000

template homedir = /home/%U
template shell = /bin/bash

socket options = TCP_NODELAY  SO_SNDBUF=8192 SO_RCVBUF=8192

remote browse sync = 192.168.0.255
remote announce = 192.168.0.255
local master = no
wins server = 192.168.0.1
dns proxy = no

[homes]
comment = Home Directory for '%u'
browseable = no
read only = no

[C$]
comment = Administrative share for homes
path = /
admin users = @"REUTMAN\Администраторы домена"
valid users = @"REUTMAN\Пользователи домена"
read only = no

[Software]
path = /mnt/d/Software/
write list = @"REUTMAN\Alex" @"REUTMAN\Administrator" alex root
force create mode = 0765
force directory mode = 0775
#valid users = alex root
delete readonly = yes

-- 
Alexey Sidorov
	mailto:alex на reutman.ru
	JID: alex на reutman.ru
	ICQ: 5052225

Подробная информация о списке рассылки Samba