linux加入到windows域的問題

linux加入到windows域的問題

使用了這個指令後出現下面的錯誤提示：

#/usr/bin/net join -w smbwinserver -S smbwin.smbwin.com -U Administrator
Password:

Using short domain name -- SMBWINSERVER
Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'SMBLDAPSERVER' in realm 'SMBWIN.COM'
Failed to join domain: Type or value exists
ADS join did not work, falling back to RPC...
Joined domain SMBWINSERVER.


請問各位這個是怎麼回事？

解析的問題？

老大，這是配置，請過目看看，是不是哪裡出錯了？

Windows 2003 Server
hostname: smbwin.smbwin.com
Domine:  smbwinserver
Full Domine:   smbwinserver.smbwin.com
IP: 192.168.16.26/24
GW: 192.168.16.26
dns: 192.168.16.26

Create Forward Lookup Zones and Reverse Lookup Zones for DNS,for expmale:

Forward Lookup Zones:
host(A)    smbwin      192.168.16.26
host(A)    smbldap     192.168.16.25

Reverse Lookup Zones:
192.168.16.26    Pointer(PTR)  smbwin.smbwin.com
192.168.16.25    Pointer(PTR)  smbldap.smbwin.com

=======================================================================

RHEL 5.1
hostname: smbldap.smbwin.com
Domine:  smbwinserver
Full Domine:   smbwinserver.smbwin.com
IP: 192.168.16.25/24
GW: 192.168.16.26
dns: 192.168.16.26


1)  vi /etc/hosts
127.0.0.1               localhost.localdomain    localhost
192.168.16.25           smbldap.smbwin.com    smbldap
192.168.16.26           smbwinserver.smbwin.com    smbwin

2) vi /etc/resolv.conf
nameserver 192.168.16.26

3) vi /etc/krb5.conf

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log


default_realm = SMBWIN.COM
dns_lookup_realm = true
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes


SMBWIN.COM = {
  admin_server = smbwin.smbwin.com
  default_domain = SMBWIN.COM
  kdc = smbwin.smbwin.com
}


.smbwin.com = SMBWIN.COM
smbwin.com = SMBWIN.COM


pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
}



4) Compiling Samba-3.0.28a.tar.tar
tar zxvf samba-3.0.28a.tar.tar
cd samba-3.0.28a/source/
./configure \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--libexecdir=/usr/libexec \
--sharedstatedir=/usr/share \
--localstatedir=/usr/var \
--libdir=/usr/lib \
--includedir=/usr/include \
--mandir=/usr/man \
--with-ctdb=/lib \
--with-profiling-data \
--enable-developer \
--enable-krb5developer \
--enable-socket-wrapper \
--enable-swat \
--enable-shared-libs \
--with-ldap \
--with-ads \
--with-krb5=/usr/kerberos \
--with-automount \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-quotas \
--with-sys-quotas \
--with-cluster-support \
--with-acl-support \
--with-winbind


5) vi /etc/samba/smb.conf


  workgroup = smbwinserver
  netbios name = smbldapserver
  server string = Samba Server
  security = ads
  load printers = yes
  log file = /usr/local/samba/var/log.%m
  max log size = 50
  password server = smbwin.smbwin.com
  realm = SMBWIN.COM
  passdb backend = tdbsam
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  add user script = /usr/sbin/useradd %u
  add group script = /usr/sbin/groupadd %g
  add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u
  delete user script = /usr/sbin/userdel %u
  delete user from group script = /usr/sbin/deluser %u %g
  delete group script = /usr/sbin/groupdel %g
  idmap uid = 15000-20000
  idmap gid = 15000-20000
  winbind enum groups = yes
  winbind enum users = yes
  winbind separator  = /
  winbind use default domain = yes
  template homedir = /homes/%D/%U
  template shell = /bin/bash
  encrypt passwords = yes


6) # service smb start
   # service winbind start

還有，到下面的幾步的時候還是沒有問題的。。。
9)# wbinfo -t
checking the trust secret via RPC calls succeeded

10)# wbinfo -u      (Checking user information for windows domain)
administrator
guest
support_388945a0
iusr_smbwin
iwam_smbwin
aspnet
wmus_smbwin
krbtgt
it01
it02
it03
it04
it05
it06
ops01
ops02
ops03
ops04
ops05
ops06
admin01
admin02
admin03
admin04
admin05
admin06
sale01
sale02
sale03
sale04
sale05
sale06

11) # wbinfo -g      (Checking Group information for windows domain)
domain computers
domain controllers
schema admins
enterprise admins
domain admins
domain users
domain guests
group policy creator owners
dnsupdateproxy
szit
ops
admin
sales


12) # kinit administrator@SMBWIN.COM
Password for administrator@SMBWIN.COM:




問題是，在windows2003的「網上鄰居」裡雖然可以看到 smbldapserver，但是用windows 域的任一個帳號都不能打開 smbldapserver 。。。。。都提示密碼錯誤。。。。

既然可是看到SAMBA伺服器，不能訪問應該還是密碼的問題。
還有，是不是帳號對應的問題？
新手，說錯了大家別拍磚^^

Tags: