一個samba的奇怪問題,牛人請進
大家好,幫忙看個問題,搞好久都沒搞定
用wbinfo -g能讀出域用戶組,但用wbinfo -u卻讀不出域用戶,好奇怪,之前是可以的,那天我用命令setup配置了一下驗證服務就開始出現這個毛病了。。。
getent passwd找不到用戶密碼映射,而getent group卻可以,奇怪的是域用戶都可以正常通過驗證,後來我發現新建的域用戶就通不過了,檢查
krb5.conf nsswitch.conf 還有同步時間等都是正常的。配置文件也還原了之前的也不行,牛人們,幫忙解決下吧,討論下到底會是什麼原因造成的。。。
《解決方案》
哪位好漢幫下忙,不勝感激啊。。。。。
《解決方案》
有沒有碰到過類似問題的朋友啊,,,急等。。。。
《解決方案》
檢查Kerberos,重啟winbind
《解決方案》
krb5配置如下
# vi krb5.conf
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
default_realm = ALLWINS
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
ALLWINS = {
kdc = 10.10.0.62:88
kdc = 10.10.0.62
admin_server = 10.10.0.62:749
default_domain = allwins
kdc = 10.10.0.62
}
.allwins = ALLWINS
allwins = ALLWINS
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
smb.conf配置於如下
#--authconfig--start-line--
# Generated by authconfig on 2011/01/11 10:02:44
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future
workgroup = ALLWINS
password server = 10.10.0.62
realm = ALLWINS
security = ads
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = /
template homedir = /home/%D/%U
template shell = /sbin/nologin
winbind use default domain = true
winbind offline logon = true
display charset = cp936
unix charset = cp936
dos charset = cp936
#--authconfig--end-line--
; workgroup = ALLWINS
server string = Samba Server Version %v
netbios name = NAS
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = tdbsam
encrypt passwords = yes
; realm = ALLWINS
; security = ads
; password server = 10.10.0.62
passdb backend = tdbsam
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template homedir = /home/%D/%U
; template shell = /sbin/nologin
; winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
; winbind offline logon = ture
preferred master = no
; winbind use default domain = Yes
cups options = raw
; security = domain
; passdb backend = tdbsam
; realm = MY_REALM
; password server = <NT-Server-Name>
# ----------------------- Domain Controller Options ------------------------
; security = user
; passdb backend = tdbsam
; domain master = yes
; domain logons = yes
; logon script = %m.bat
; logon script = %u.bat
; logon path = \\%L\Profiles\%u
; logon path =
; add user script = /usr/sbin/useradd "%u" -n -g users
; add group script = /usr/sbin/groupadd "%g"
; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
; delete user script = /usr/sbin/userdel "%u"
; delete user from group script = /usr/sbin/userdel "%u" "%g"
; delete group script = /usr/sbin/groupdel "%g"
# ----------------------- Browser Control Options ----------------------------
; local master = no
; os level = 33
; preferred master = yes
#----------------------------- Name Resolution -------------------------------
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
; dns proxy = yes
# --------------------------- Printing Options -----------------------------
#
disable spoolss = yes
load printers = no
cups options = raw
; printcap name = /etc/printcap
; printcap name = lpstat
; printing = cups
# --------------------------- Filesystem Options ---------------------------
重啟過winbind了,還是不行
會不會是那裡還設置了用戶密碼驗證模塊
《解決方案》
牛人們,給點意見吧。
這個問題搞好好久了,一直沒解決。。。
《解決方案》
怎麼沒人答覆,沒有高手肯指點一下???
《解決方案》
你是不是有用戶衝突??
《解決方案》
沒有啊,所有用戶都是AD上檢索同步過來的,AD上是一人一個用戶名的,不會存在衝突的啊。。。。。
問題是現在檢索不到AD上的所有用戶,鬱悶得很。。。。
《解決方案》
有沒有人知道什麼原因啊,牛人們哪去了,都不肯幫忙,。。。。。。。。。。