Re: Re : Problem with Winbind

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/17/2011 06:09 AM, djamel boussebha wrote:
> Hi;
>  
> I would like to set the file /etc/krb5.keytab  for apache :
>  
> # net ads keytab add HTTP -U compte_admin_dom1
> Processing principals to add...
> Enter administrateur's password:
> # ktutil
> ktutil:  l
> slot KVNO Principal
> ---- ---- ---------------------------------------------------------------------
> ktutil:
> 
> The file is empty ?
> May be that this problem is linked to the command "net ads" ? because when I try to join the AD :
> # net ads join -U administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx
> Enter administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx's password:
> Failed to join domain: failed to find DC for domain P9BIS.NEOPLUS.LAPOSTE.POC
>  
> But with "rpc" it works :
>  
> # net rpc join -U administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx
> Enter administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx's password:
> Joined domain P9BIS.
>  
> When I execute :  # net ads info - U administrateur
> Failed to get server's current time!
> LDAP server: 187.0.17.104
> LDAP server name: CINVW067.p9bis.neoplus.laposte.poc
> Realm: P9BIS.NEOPLUS.LAPOSTE.POC
> Bind Path: dc=P9BIS,dc=NEOPLUS,dc=LAPOSTE,dc=POC
> LDAP port: 389
> Server time: Thu, 01 Jan 1970 01:00:00 CET
> KDC server: 187.0.17.104
> 
> And # net rpc info -U administrateur
> Enter administrateur's password:
> Domain Name: P9BIS
> Domain SID: S-1-5-21-254703050-2859693384-3493432365
> Sequence number: 1
> Num users: 50
> Num domain groups: 0
> Num local groups: 12
>  
> The 2 commands # wbinfo -u  and wbinfo -g no returns any values for users/groups ?
> The kinit works fine :
>  # kinit administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx
> Password for administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx:
> # klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx
> Valid starting     Expires            Service principal
> 11/17/11 12:05:00  11/17/11 22:05:03  krbtgt/P9BIS.NEOPLUS.LAPOSTE.POC@xxxxxxxxxxxxxxxxxxxxxxxxx
>         renew until 11/18/11 12:05:00
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
>  
> Impossible to join the AD serveur with "ads" :
> # net ads testjoin
> Join to domain is not valid: Operations error
> # net rpc testjoin
> Join to 'P9BIS' is OK
>  
> How make work correctly the "ads" and how get the list of users of the AD domain ?
> 
> Any help would be very appreciated.
>  
> Regards
> 
>  
> 
> 
>  
>  
>  
>  
> 
> 
> --- En date de : Mer 16.11.11, djamel boussebha <dboussebha@xxxxxxxx> a écrit :
> 
> 
> De: djamel boussebha <dboussebha@xxxxxxxx>
> Objet: Problem with Winbind
> À: "samba@xxxxxxxxxxxxxxx" <samba@xxxxxxxxxxxxxxx>, "foedisch@xxxxxxxxxx" <foedisch@xxxxxxxxxx>, "AndrewPhilipoff" <aphilipoff@xxxxxxxxxxxxxxxxx>
> Date: Mercredi 16 novembre 2011, 17h24
> 
> 
> 
> 
> 
> 
> 
> Hi;
>  
> wbinfo can not get the user names and group names of my AD domain (Windows 2008 SP2)
> The result for "wbinfo -t" is ok :
> "checking the trust secret for domain P9BIS via RPC calls succeeded"
> But when i try to get wbinfo -n "USER1" or wbinfo -r "USER1" it shows this error message:  "Could not lookup name USER1"
> I use Samba version : 3.5.12.
> 
> Any help would be very appreciated... thanks to anyone!
> 
I noticed the server time has the year 1970.  The ads methods use
kerberos and that is time sensitive.  Get the accurate date/time and
things should start working for you.  Perhaps have it sync with a time
server.

Robert

- -- 
________

Robert Freeman-Day

https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7FOnEACgkQup357T5MfTZ5IgCg0kqoEoWaDT2ayt2XjKW5RJs0
+LEAnAgyCHQw5JtlXHxrX6EuZ2VHaBbC
=tSUp
-----END PGP SIGNATURE-----
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



[Index of Archives]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [RAID]     [Trinity TED Users]     [Yosemite News]
  Powered by Linux