samba+winbindd緊急求救

rikycheng

各位大大，請幫幫忙，小弟用的是Mandriva2006+WIN 2003 AD，下面有samba 與krb5的詳細配置，之前linux加入網域時都很順利，smb +winbindd啟動OK，然後各子域與父域的用戶都可以訪問SAMBA，可是最近一段時間不知怎麼了，除了本地域：mpecn.fih.gd的用戶外，其它子域或父域的用戶都沒法訪問了，WINDOW方面的信任沒問題，WINDOW下訪問題OK。

大俠們幫看看，問題會出在哪呢？

有做過重新編譯SAMBA ，重新退域再入域了，還是一樣不行，超煩。

小弟先謝過好心人了。


smb.conf:

Load smb config files from /usr/local/samba/lib/smb.conf
WARNING: The "printer admin" option is deprecated
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[backup$]"
Processing section "[pub$]"
Processing section "[software$]"
Processing section "[tmp]"
Processing section "[ntcm]"
Processing section "[Recorder]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
        workgroup = MPECN
        realm = MPECN.FIH.GD
        netbios aliases = server1
        server string = Samba Server
        security = ADS
        auth methods = winbind
        max log size = 50
        dns proxy = No
        wins server = 10.167.66.105, 10.161.7.166
        idmap uid = 10000-50000
        idmap gid = 10000-50000
        template homedir = /home/%U
        template shell = /bin/bash
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        printer admin = @MPECN\IT, "@MPECN\Domain Admins"



krb5.conf:

[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = MPECN.FIH.GD
default_tgs_enctypes = rc4-hmac des3-hmac-sha1 des-cbc-md5 des-cbc-crc
default_tkt_enctypes = rc4-hmac des3-hmac-sha1 des-cbc-md5 des-cbc-crc
permitted_enctypes = rc4-hmac des3-hmac-sha1 des-cbc-md5 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true

[realms]
FIH.GD = {
  kdc = 10.134.93.70:88
  admin_server = 10.134.93.70:749
  default_domain = fih.gd
}
BJCN.FIH.GD = {
  kdc = 10.186.19.10:88
  admin_server = 10.186.19.10:749
  default_domain = bjcn.fih.gd
}
MPECN.FIH.GD = {
  kdc = 10.167.66.105:88
  admin_server = 10.167.66.105:749
  default_domain = mpecn.fih.gd
}
MPM.FIH.GD = {
   kdc = 10.162.128.84:88
   admin_server = 10.162.128.84:749
   default_domain = mpm.fih.gd
}
MANDRAKESOFT.COM = {
  kdc = kerberos.mandrakesoft.com:88
  admin_server = kerberos.mandrakesoft.com:749
  default_domain = mandrakesoft.com
}

[domain_realm]
  .fih.gd = FIH.GD
  fih.gd = FIH.GD
  .mpecn.fih.gd = MPECN.FIH.GD
  mpecn.fih.gd = MPECN.FIH.GD
  .bjcn.fih.gd = BJCN.FIH.GD
  bjcn.fih.gd = BJCN.FIH.GD
  .mpm.fih.gd = MPM.FIH.GD
  mpm.fih.gd = MPM.FIH.GD
  .mandrakesoft.com = MANDRAKESOFT.COM

[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf

[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[login]
krb4_convert = false
krb4_get_tickets = false

rikycheng

有沒有人來幫讀一下下啊