Собственно сабж.
Настроена и введена в домен. Но списка пользователей/груп получить не возможно. В сетевом окружении чудно видна:
root@bs:~# wbinfo -t
checking the trust secret for domain CTS via RPC calls succeeded
root@bs:~# wbinfo -u
BS+skif
root@bs:~# wbinfo -g
root@bs:~# net ads testjoin
Join is OK
root@bs:~#
Содержимое resolv.conf и nsswitch.conf
root@bs:~# cat /etc/nsswitch.conf | grep -v \#
passwd: compat winbind
group: compat winbind
shadow: compat winbind
hosts: files dns
networks: files dns
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup files winbind
root@bs:~# cat /etc/resolv.conf | grep -v \#
domain cts.grp
search cts.grp
nameserver 10.1.1.1
root@bs:~#
Имя сервера
root@bs:~# hostname
bs
root@bs:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:07:e9:0b:30:14
inet addr:xxx.xxx.xxx.72 Bcast:xxx.xxx.xxx.255 Mask:255.255.255.0
inet6 addr: fe80::207:e9ff:fe0b:3014/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:122894449 errors:1 dropped:0 overruns:0 frame:1
TX packets:79434897 errors:15 dropped:0 overruns:0 carrier:15
collisions:0 txqueuelen:1000
RX bytes:1898867802 (1.8 GB) TX bytes:3885769006 (3.8 GB)
eth1 Link encap:Ethernet HWaddr 00:e0:81:4c:d1:25
inet addr:10.1.1.4 Bcast:10.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:81ff:fe4c:d125/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:392672877 errors:0 dropped:48362 overruns:0 frame:0
TX packets:327789125 errors:67031880 dropped:0 overruns:0 carrier:67031880
collisions:138614660 txqueuelen:1000
RX bytes:1503393888 (1.5 GB) TX bytes:1338630520 (1.3 GB)
Interrupt:16 Memory:dc480000-dc4a0000
eth1:1 Link encap:Ethernet HWaddr 00:e0:81:4c:d1:25
inet addr:10.1.1.8 Bcast:10.1.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:16 Memory:dc480000-dc4a0000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6330919 errors:0 dropped:0 overruns:0 frame:0
TX packets:6330919 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2155926277 (2.1 GB) TX bytes:2155926277 (2.1 GB)
tap0 Link encap:Ethernet HWaddr ee:10:9a:a9:87:43
inet addr:10.1.2.1 Bcast:10.1.2.255 Mask:255.255.255.0
inet6 addr: fe80::ec10:9aff:fea9:8743/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1410 Metric:1
RX packets:571123 errors:0 dropped:0 overruns:0 frame:0
TX packets:947496 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:39019875 (39.0 MB) TX bytes:289690662 (289.6 MB)
root@bs:~#
Теперь собственно конфиг самбы:
root@bs:~# cat /etc/samba/smb.conf | grep -v \# | grep -v \;
[global]
workgroup = CTS
server string = Backup Server
dns proxy = no
interfaces = 10.1.1.4
log file = /var/log/samba/log.log
max log size = 1000
syslog = 8
panic action = /usr/share/samba/panic-action %d
security = ads
encrypt passwords = true
realm = CTS.GRP
os level = 2
idmap uid = 500-100000000
idmap gid = 500-100000000
template shell = /bin/bash
usershare allow guests = yes
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
nt acl support = yes
password server = 10.1.1.1
dos charset = CP866
unix charset = CP1251
display charset = LOCALE
auth methods=winbind
socket options = TCP_NODELAY
load printers = no
hosts allow = 10.1.1. 192.168.8. 127.
domain master = no
preferred master = no
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[Install]
comment = Install folder
read only = yes
guest ok = yes
path = /storage/Install
[stor]
comment = Storage Folder
read only = no
guest ok = no
path = /storage
valid users = @"CTS+Администраторы домена", @"OBCTS+samba users"
admin users = @CTS+"samba users"
root@bs:~#
Содержимое krb5.conf
root@bs:~# cat /etc/krb5.conf | grep -v \#
[libdefaults]
default_realm = CTS.GRP
ticket_lifetime = 24000
clockskew = 300
dns_lookup_realm = false
dns_lookup_kdc = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
CTS.GRP = {
kdc = dc1.cts.grp
admin_server = dc1.cts.grp
default_domain = cts.grp
}
[domain_realm]
.cts.grp = CTS.GRP
CTS.GRP = CTS.GRP
[logging]
default = FILE:/var/log/krb5.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
root@bs:~#
Билетик на KERBEROS
root@bs:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: someuser@CTS.GRP
Valid starting Expires Service principal
01/03/11 14:26:32 01/03/11 21:06:32 krbtgt/CTS.GRP@CTS.GRP
Собственно сие (по началу без кербероса и с security = domain ) работало достаточно длительное время. Потом враз перестало. samba пользуется как бекап сервер и сервер для всяких дистрибутивов. Соответственно никто на нём практически не сидит. И вот начали валиться репорты, что бекапы не идут. из всех ошибок нарылась только эта:
root@bs:~# tail -f /var/log/samba/log.wb-CTS
[2011/01/03 14:26:52.878740, 0] winbindd/winbindd.c:195(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2011/01/03 14:26:59.545476, 1] winbindd/winbindd_ads.c:214(query_user_list)
Not a user account? atype=0x30000000
root@bs:~# tail -f /var/log/samba/log.winbindd-idmap
[2011/01/02 21:40:36.600718, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/03 14:23:10.221321, 0] winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2011/01/03 14:23:10.221401, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2011/01/03 14:23:10.221447, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2011/01/03 14:26:52.878731, 0] winbindd/winbindd.c:195(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
root@bs:~# tail -f /var/log/samba/log.log
[2011/01/03 14:26:05.368502, 1] ../librpc/ndr/ndr.c:395(ndr_pull_error)
ndr_pull_error(1): String terminator not present or outside string boundaries
[2011/01/03 14:26:52.880238, 0] winbindd/winbindd.c:195(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=1)
[2011/01/03 14:26:54.909280, 0] winbindd/winbindd_cache.c:3076(initialize_winbindd_cache)
initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2011/01/03 14:26:59.556645, 1] ../librpc/ndr/ndr.c:395(ndr_pull_error)
ndr_pull_error(1): String terminator not present or outside string boundaries
[2011/01/03 14:33:02.975669, 1] ../librpc/ndr/ndr.c:395(ndr_pull_error)
ndr_pull_error(1): String terminator not present or outside string boundaries
К сожалению самостоятельные поиски решения ответа не дали. Может кто сталкивался с подобным и подскажет?
PS:
root@bs:~# uname -r
2.6.35-22-generic-pae
root@bs:~# cat /etc/debian_version
squeeze/sid
root@bs:~# dpkg -l | grep samba
ii samba 2:3.5.4~dfsg-1ubuntu8.1 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:3.5.4~dfsg-1ubuntu8.1 common files used by both the Samba server and client
ii samba-common-bin 2:3.5.4~dfsg-1ubuntu8.1 common files used by both the Samba server and client
ii samba-doc 2:3.5.4~dfsg-1ubuntu8.1 Samba documentation
ii samba-tools 2:3.5.4~dfsg-1ubuntu8.1 Samba testing utilities
root@bs:~#
Вариант для распечатки
