Есть Windows Server 2003 на нём весит Active Directory с кучой машин под windows. Задача включить School Server в этот домен, да так чтоб пользователи этого домена могли работать с файлами на School Server'е.
Уже пытался что нибудь сделать:
/etc/samba/smb.conf
#
#======================= Global Settings =====================================
[global]
dos charset = CP866
unix charset = CP1251
display charset = LOCALE
printcap name = cups
load printers = yes
printing = cups
log file = /var/log/samba/log.%m
max log size = 50
log level = 2
security = ads
auth methods = winbind
password server = serv32.lyceum
realm = LYCEUM
password level = 8
username level = 8
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = \
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
socket options = TCP_NODELAY
local master = no
domain master = no
preferred master = no
domain logons = no
add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u
dns proxy = no
use sendfile = yes
#============================ Share Definitions ==============================
[homes]
comment = Home Directory for '%u'
path = /home/%U
browseable = no
writable = yes
root preexec = /etc/samba/scripts/preexec.sh -u %U -d %D
/etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = LYCEUM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
LYCEUM = {
kdc = server32.lyceum
admin_server = kerberos.example.com:749
default_domain = lyceum
}
[domain_realm]
.lyceum = LYCEUM
lyceum = LYCEUM
[kdc]
profile = /var/lib/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
nsswith.conf
#
# Please refer to nsswitch.conf(5) for more information on this file.
#
# This is the Name Service Switch configuration file. This file should
# be sorted with the most-used databases at the beginning.
#
# Specifying '[NOTFOUND=return]' means that the search for an entry
# should stop if the search with the previous service turned up nothing.
# Note that if the search failed due to some other reason (like no NIS
# server responding) then the search continues with the next service.
#
# Legal name services are:
#
# files Use local files
# tcb Use local tcb shadow files, see tcb(5)
# db Use local database files under /var/db
# nis or yp Use NIS (NIS version 2), also called YP
# nisplus or nis+ Use NIS+ (NIS version 3)
# dns Use DNS (Domain Name Service)
# compat Use NIS in compatibility mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
passwd: files ldap compat winbind
shadow: tcb files ldap compat winbind
group: files ldap compat winbind
hosts: files nisplus nis dns
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
bootparams: nisplus [NOTFOUND=return] files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
wbinfo -t выдаёт:
checking the trust secret via RPC calls failed
error code was NT_STATUS_CONTROLLER_NOT_FOUND (0xc0000233)
Could not check secret
wbinfo -u
Error looking up domain users
net time set прописывал
net join тоже - успешно, на windows появился, добавил linux'овом серваке поставил галочку , что может запрашивать авторизацию пользователей.
Вот лог машины с которой пытаюсь подсоединиться к linux'u
[2009/03/05 03:22:04, 1] libads/kerberos_verify.c:ads_verify_ticket(375)
ads_verify_ticket: smb_krb5_parse_name(project$) failed (Configuration file does not specify default realm)
[2009/03/05 03:22:04, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2009/03/05 03:22:04, 1] libads/kerberos_verify.c:ads_verify_ticket(375)
ads_verify_ticket: smb_krb5_parse_name(project$) failed (Configuration file does not specify default realm)
[2009/03/05 03:22:04, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2009/03/05 03:22:11, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 192.168.1.12. Error Connection reset by peer
[2009/03/05 03:22:11, 0] lib/util_sock.c:send_smb(761)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/03/05 03:29:42, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
[2009/03/05 03:29:42, 0] lib/util_sock.c:send_smb(761)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/03/05 03:41:28, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2009/03/05 03:41:28, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
[2009/03/05 03:41:34, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 192.168.1.12. Error Connection reset by peer
[2009/03/05 03:41:34, 0] lib/util_sock.c:send_smb(761)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2009/03/04 19:47:51, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
Username LYCEUM#Melges is invalid on this system
Точно так делал на Office Server и на Ubuntu server всё работало!
Помогите, кто как может!
