免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 IT运维 服务器应用 samba和2003 AD结合的问题
最近访问板块 发新帖
查看: 5356 | 回复: 6
打印 上一主题 下一主题

[samba] samba和2003 AD结合的问题 [复制链接]

addbe

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2008-09-19 14:14 |只看该作者 |倒序浏览
OS: debian 4.1.1-21
kernel: 2.6.18-4-686
samba: Version 3.0.24
硬件环境是用vmware workstation 6.5.0 模拟出来的

krb5.conf主要内容如下

  2. [login]
  3.         krb4_convert = true
  4.         krb4_get_tickets = false
  5.         default = FILE:/var/log/krb5libs.log
  6.         kdc = FILE:/var/log/krb5kdc.log
  7.         admin_server = FILE:/var/log/kadmind.log
  8. [libdefaults]
  9.         default_realm = TEST.LOCAL
  10.         dns_lookup_realm = false
  11.         dns_lookup_kdb = true
  12. [realms]
  13.         TEST.LOCAL = {
  14.                 kdc = 192.168.0.2:88
  15.                 admin_server = 192.168.0.2:749
  16.                 default_domain = TEST.LOCAL
  17. [domain_realm]
  18.         .test.local = TEST.LOCAL
  19.         test.local = TEST.LOCAL
复制代码


smb.conf主要内容如下:

  2. [global]
  3.    workgroup = TEST
  4.    realm = TEST.LOCAL
  5.     winbind enum groups = no
  6.     winbind enum users  = no
  7.     winbind use default domain = yes
  8.     netbios name = file-server
  9.     winbind separator = /
  10.     template homedir = /home/%U
  11.     security = domain
  12.     password server = 192.168.0.2
  13. [homes]
  14.    comment = Home Directories
  15.    browseable = no
  16.    path = /home/%U
  17.    writable = yes
复制代码

目的,每个域用户在samba上都只能访问自己的宿主目录。但是现在无法使用域账号去访问sabma。
nsswitch文件部分配置如下

  2. passwd:         compat files winbind
  3. group:          compat files winbind
  4. shadow:         compat
复制代码

  2. net rpc join -S DC.TEST.LOCAL -U administrator
复制代码

显示成功加入域
偶尔会出现[qoute]Connection failed: NT_STATUS_CONNECTION_REFUSED[/quote]


  2. net rpc testjoin
复制代码

显示没有加入到域

  2. wbinfo -p
  3. wbinfo -t
复制代码

命令显示成功

  2. wbinfo -u
  3. wbinfo -g
复制代码

无法显示域里的用户信息和组信息

  2. kinit [email]administrator@TEST.LOCAL[/email]
复制代码

成功运行

以下是部分日志内容
log.smbd
[2008/09/18 13:49:40, 0] printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
[2008/09/18 13:49:40, 0] printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
[2008/09/18 14:04:53, 0] printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
[2008/09/18 14:04:53, 0] printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
[2008/09/18 14:28:06, 0] smbd/server.c:main(847)
  smbd version 3.0.24 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2006
[2008/09/18 14:28:06, 0] param/loadparm.c:map_parameter(2698)
  Unknown parameter encountered: "winbind enmu users"
[2008/09/18 14:28:06, 0] param/loadparm.c:lp_do_parameter(3428)
  Ignoring unknown parameter "winbind enmu users"
[2008/09/18 14:28:06, 0] param/loadparm.c:map_parameter(2698)
  Unknown parameter encountered: "securiyt"
[2008/09/18 14:28:06, 0] param/loadparm.c:lp_do_parameter(3428)
  Ignoring unknown parameter "securiyt"
[2008/09/18 14:28:06, 0] printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
[2008/09/18 14:28:06, 0] printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!
[2008/09/18 14:28:06, 0] smbd/server.c:main(881)

log.nmbd
[2008/09/19 12:45:57, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
[2008/09/19 12:46:45, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
[2008/09/19 12:46:45, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
[2008/09/19 12:47:04, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
[2008/09/19 12:54:34, 0] nmbd/nmbd.c:terminate(58)
[2008/09/19 12:54:37, 0] nmbd/nmbd.c:main(699)
[2008/09/19 12:54:37, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 12:54:37, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 12:54:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290)
[2008/09/19 12:54:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303)
[2008/09/19 12:54:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290)
[2008/09/19 12:54:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303)
[2008/09/19 12:54:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(233)
[2008/09/19 12:54:41, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 12:54:41, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 12:54:45, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
[2008/09/19 12:55:00, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
[2008/09/19 12:59:47, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290)
[2008/09/19 12:59:47, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303)
[2008/09/19 12:59:47, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(233)
[2008/09/19 13:01:36, 0] nmbd/nmbd.c:terminate(58)
[2008/09/19 13:01:39, 0] nmbd/nmbd.c:main(699)
[2008/09/19 13:01:39, 1] param/loadparm.c:set_server_role(4202)
[2008/09/19 13:01:39, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 13:01:39, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 13:01:43, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 13:01:43, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 13:05:24, 0] nmbd/nmbd.c:terminate(58)
[2008/09/19 13:05:27, 0] nmbd/nmbd.c:main(699)
[2008/09/19 13:05:27, 1] param/loadparm.c:set_server_role(4202)
[2008/09/19 13:05:27, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 13:05:27, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 13:05:32, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 13:05:32, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 13:05:40, 0] nmbd/nmbd_processlogon.c:process_logon_packet(641)
[2008/09/19 13:08:54, 0] nmbd/nmbd.c:terminate(58)
[2008/09/19 13:08:57, 0] nmbd/nmbd.c:main(699)
[2008/09/19 13:08:57, 1] param/loadparm.c:set_server_role(4202)
[2008/09/19 13:08:57, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 13:08:57, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 13:09:01, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 13:09:01, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 13:10:27, 0] nmbd/nmbd_processlogon.c:process_logon_packet(641)
[2008/09/19 13:11:23, 0] nmbd/nmbd.c:terminate(58)
[2008/09/19 13:11:26, 0] nmbd/nmbd.c:main(699)
[2008/09/19 13:11:26, 1] param/loadparm.c:set_server_role(4202)
[2008/09/19 13:11:26, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 13:11:26, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 13:11:30, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 13:11:30, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 13:17:02, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
[2008/09/19 13:18:42, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
[2008/09/19 13:18:42, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
[2008/09/19 13:19:01, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
[2008/09/19 13:30:40, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
[2008/09/19 13:30:40, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
[2008/09/19 13:30:59, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
[2008/09/19 13:42:37, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
[2008/09/19 13:42:37, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
[2008/09/19 13:42:56, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
[2008/09/19 13:53:02, 0] nmbd/nmbd.c:terminate(58)
[2008/09/19 13:53:05, 0] nmbd/nmbd.c:main(699)
[2008/09/19 13:53:05, 1] param/loadparm.c:set_server_role(4202)
[2008/09/19 13:53:05, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 13:53:05, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
[2008/09/19 13:53:09, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 13:53:09, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(124)
[2008/09/19 13:58:47, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
[2008/09/19 14:06:33, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(309)
[2008/09/19 14:06:33, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149)
[2008/09/19 14:06:52, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)

log.winbindd
[2008/09/19 12:55:19, 1] nsswitch/winbindd.c:main(953)
[2008/09/19 12:55:19, 0] nsswitch/winbindd_util.c:winbindd_param_init(787)
[2008/09/19 12:55:19, 0] nsswitch/winbindd_util.c:winbindd_param_init(788)
[2008/09/19 12:55:19, 1] nsswitch/winbindd.c:main(986)
[2008/09/19 13:01:48, 1] nsswitch/winbindd.c:main(953)
[2008/09/19 13:01:48, 1] param/loadparm.c:set_server_role(4202)
[2008/09/19 13:01:48, 0] nsswitch/winbindd_util.c:winbindd_param_init(787)
[2008/09/19 13:01:48, 0] nsswitch/winbindd_util.c:winbindd_param_init(788)
[2008/09/19 13:01:48, 1] nsswitch/winbindd.c:main(986)
[2008/09/19 13:09:40, 1] nsswitch/winbindd.c:main(953)
[2008/09/19 13:09:40, 1] param/loadparm.c:set_server_role(4202)
[2008/09/19 13:09:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(787)
[2008/09/19 13:09:40, 0] nsswitch/winbindd_util.c:winbindd_param_init(788)
[2008/09/19 13:09:40, 1] nsswitch/winbindd.c:main(986)
[2008/09/19 13:29:15, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(270)
[2008/09/19 13:29:17, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(270)
[2008/09/19 13:29:18, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(270)

[ 本帖最后由 addbe 于 2008-9-19 14:16 编辑 ]
lovegqin

论坛徽章:
0
2 [报告]
发表于 2008-09-20 09:24 |只看该作者
提示: 作者被禁止或删除 内容自动屏蔽
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
aleng

论坛徽章:
0
3 [报告]
发表于 2008-09-24 15:03 |只看该作者
samba+域 就是这样,毛病多,还没完善呢
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
lovegqin

论坛徽章:
0
4 [报告]
发表于 2008-09-24 15:04 |只看该作者
提示: 作者被禁止或删除 内容自动屏蔽
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
lanyuku

论坛徽章:
0
5 [报告]
发表于 2008-09-25 13:20 |只看该作者
我用rhel5.2作samba+ad,就沒有出過問題,很穩定呀
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
addbe

论坛徽章:
0
6 [报告]
发表于 2008-10-29 11:14 |只看该作者
可能找到解决的方法了
应该是缺少了libnss_winbind.so这个库文件导致的
在编译samba的时候加上,然后把在生成source/nsswitch下面生成的libnss_winbind ln到/usr/lib/libnss_winbind.so.2应该可以解决wbinfo正常工作,但是getent无法获取passwd以及group的问题
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
nudtdk

论坛徽章:
0
7 [报告]
发表于 2008-10-31 00:47 |只看该作者
原帖由 lovegqin 于 2008-9-24 15:04 发表


什么叫毛病?
你这个人说话怎么不走脑子啊?

恩,问题没多少,完善是必须的,比如:samba不能作为ad的pdc,所以,如果使用ad认证的话,需要windows作为ads。不知我说对了没有。。。有点怀疑自己对samba-howto的理解
实战分享:从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线! | 新一代分布式关系型数据库RadonDB知多少?
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP