-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/17/2011 06:09 AM, djamel boussebha wrote: > Hi; > > I would like to set the file /etc/krb5.keytab for apache : > > # net ads keytab add HTTP -U compte_admin_dom1 > Processing principals to add... > Enter administrateur's password: > # ktutil > ktutil: l > slot KVNO Principal > ---- ---- --------------------------------------------------------------------- > ktutil: > > The file is empty ? > May be that this problem is linked to the command "net ads" ? because when I try to join the AD : > # net ads join -U administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx > Enter administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx's password: > Failed to join domain: failed to find DC for domain P9BIS.NEOPLUS.LAPOSTE.POC > > But with "rpc" it works : > > # net rpc join -U administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx > Enter administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx's password: > Joined domain P9BIS. > > When I execute : # net ads info - U administrateur > Failed to get server's current time! > LDAP server: 187.0.17.104 > LDAP server name: CINVW067.p9bis.neoplus.laposte.poc > Realm: P9BIS.NEOPLUS.LAPOSTE.POC > Bind Path: dc=P9BIS,dc=NEOPLUS,dc=LAPOSTE,dc=POC > LDAP port: 389 > Server time: Thu, 01 Jan 1970 01:00:00 CET > KDC server: 187.0.17.104 > > And # net rpc info -U administrateur > Enter administrateur's password: > Domain Name: P9BIS > Domain SID: S-1-5-21-254703050-2859693384-3493432365 > Sequence number: 1 > Num users: 50 > Num domain groups: 0 > Num local groups: 12 > > The 2 commands # wbinfo -u and wbinfo -g no returns any values for users/groups ? > The kinit works fine : > # kinit administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx > Password for administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx: > # klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx > Valid starting Expires Service principal > 11/17/11 12:05:00 11/17/11 22:05:03 krbtgt/P9BIS.NEOPLUS.LAPOSTE.POC@xxxxxxxxxxxxxxxxxxxxxxxxx > renew until 11/18/11 12:05:00 > > Kerberos 4 ticket cache: /tmp/tkt0 > klist: You have no tickets cached > > Impossible to join the AD serveur with "ads" : > # net ads testjoin > Join to domain is not valid: Operations error > # net rpc testjoin > Join to 'P9BIS' is OK > > How make work correctly the "ads" and how get the list of users of the AD domain ? > > Any help would be very appreciated. > > Regards > > > > > > > > > > > --- En date de : Mer 16.11.11, djamel boussebha <dboussebha@xxxxxxxx> a écrit : > > > De: djamel boussebha <dboussebha@xxxxxxxx> > Objet: Problem with Winbind > À: "samba@xxxxxxxxxxxxxxx" <samba@xxxxxxxxxxxxxxx>, "foedisch@xxxxxxxxxx" <foedisch@xxxxxxxxxx>, "AndrewPhilipoff" <aphilipoff@xxxxxxxxxxxxxxxxx> > Date: Mercredi 16 novembre 2011, 17h24 > > > > > > > > Hi; > > wbinfo can not get the user names and group names of my AD domain (Windows 2008 SP2) > The result for "wbinfo -t" is ok : > "checking the trust secret for domain P9BIS via RPC calls succeeded" > But when i try to get wbinfo -n "USER1" or wbinfo -r "USER1" it shows this error message: "Could not lookup name USER1" > I use Samba version : 3.5.12. > > Any help would be very appreciated... thanks to anyone! > I noticed the server time has the year 1970. The ads methods use kerberos and that is time sensitive. Get the accurate date/time and things should start working for you. Perhaps have it sync with a time server. Robert - -- ________ Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7FOnEACgkQup357T5MfTZ5IgCg0kqoEoWaDT2ayt2XjKW5RJs0 +LEAnAgyCHQw5JtlXHxrX6EuZ2VHaBbC =tSUp -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba