>>вот что работает у меня:
>>
>>RedHat Enterprise ES v3
>>samba 3.0.2-6.3E
>>
>>
>>и все работает как часы
>
>Скажи версию и производителя твоей реализации керберос.
>у меня heimdal-0.6, несмотря на заверение самба-тим и сборщиков моего
>дистра (SuSE
>It`s work for me and my PDC(win2003) and others:
usrv# uname -mrs
FreeBSD 5.2.1-RELEASE i386
usrv# /usr/local/samba/sbin/smbd -V
Version 3.0.4
usrv# cat /usr/ports/security/heimdal/distinfo
MD5 (heimdal-0.6.1.tar.gz) = 20ef3dade89afc45eac9d8935a1a9cc0
SIZE (heimdal-0.6.1.tar.gz) = 3312603
usrv# cat /usr/local/samba/lib/smb.conf
# Global parameters
[global]
acl compatibility = win2k
algorithmic rid base = 1000
allow trusted domains = Yes
announce as = NT
announce version = 4.9
available = Yes
bind interfaces only = No
block size = 1024
blocking locks = Yes
browse list = Yes
browseable = Yes
case sensitive = No
change notify timeout = 60
client lanman auth = Yes
client NTLMv2 auth = No
client plaintext auth = Yes
client schannel = Auto
client signing = auto
client use spnego = No
comment = SMB server
create mask = 0744
csc policy = manual
deadtime = 0
debug hires timestamp = No
debug pid = No
debug uid = No
default case = lower
default devmode = No
delete readonly = Yes
delete veto files = No
directory mask = 0755
directory security mask = 0777
disable netbios = No
disable spoolss = No
display charset = KOI8-R
dns proxy = Yes
domain logons = No
domain master = No
dont descend = /proc,/dev
dos charset = CP866
dos filemode = No
dos filetime resolution = No
dos filetimes = No
ea support = No
encrypt passwords = Yes
enhanced browsing = Yes
enumports command = No
fake directory create times = No
fake oplocks = No
follow symlinks = Yes
force create mode = 00
force directory mode = 00
force directory security mode = 00
force security mode = 00
fstype = NTFS
getwd cache = Yes
guest account = nobody
guest ok = No
guest only = No
hide dot files = No
hide special files = No
hide unreadable = No
hide unwriteable files = No
host msdfs = No
hostname lookups = No
hosts allow = 127.0.0.0/255.0.0.0 192.168.0.0/255.255.0.0
idmap gid = 10000-20000
idmap uid = 10000-20000
inherit acls = Yes
inherit permissions = Yes
keepalive = 300
kernel change notify = Yes
kernel oplocks = Yes
lanman auth = Yes
large readwrite = Yes
ldap delete dn = No
ldap filter = (uid=%u)
ldap passwd sync = no
ldap port = 636
ldap replication sleep = 1000
ldap ssl = Yes
level2 oplocks = Yes
lm announce = Auto
lm interval = 60
load printers = Yes
local master = No
lock directory = /usr/local/samba/var/locks
lock spin count = 10
lock spin time = 40
locking = Yes
log file = /usr/local/samba/var/sambazzz.log
log level = 2
logon home = \\%N\%U
logon path = \\%N\%U\profile
lpq cache time = 10
machine password timeout = 604800
mangle case = No
mangle prefix = 1
mangled names = Yes
mangling char = ~
mangling method = hash2
map acl inherit = No
map archive = Yes
map hidden = No
map system = No
map to guest = Never
max connections = 0
max disk size = 0
max log size = 5000
max mux = 50
max open files = 20000
max print jobs = 1000
max protocol = NT1
max reported print jobs = 0
max smbd processes = 0
max ttl = 259200
max wins ttl = 518400
max xmit = 16644
min passwd length = 5
min print space = 0
min protocol = CORE
min wins ttl = 21600
msdfs root = No
name cache timeout = 660
name resolve order = lmhosts wins host bcast
netbios name = USRV
netbios scope = MH
NIS homedir = No
nt acl support = Yes
nt pipe support = Yes
nt status support = Yes
ntlm auth = Yes
null passwords = Yes
obey pam restrictions = No
oplock break wait time = 0
oplock contention limit = 2
oplocks = Yes
os level = 20
pam password change = No
paranoid server security = No
passdb backend = tdbsam
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
password level = 0
password server = PDC-NETBIOSNAME
pid directory = /usr/local/samba/var/locks
posix locking = Yes
preexec close = No
preferred master = Auto
preserve case = Yes
printable = No
printcap name = cups
printing = cups
private dir = /usr/local/samba/private
profile acls = No
protocol = NT1
read bmpx = No
read only = No
read raw = Yes
realm = MYDOMAIN.DOM
restrict anonymous = 0
root preexec close = No
security = ADS
security mask = 0777
server schannel = Auto
server signing = Auto
server string = Samba 3.0.4
set directory = No
share modes = Yes
short preserve case = Yes
show add printer wizard = Yes
smb passwd file = /usr/local/samba/private/smbpasswd
smb ports = 445 139
socket address = 0.0.0.0
socket options = IPTOS_LOWDELAY TCP_NODELAY
stat cache = Yes
store dos attributes = No
strict allocate = No
strict locking = Yes
strict sync = No
sync always = No
syslog = 1
syslog only = No
template homedir = /home/%D/%U
template primary group = nobody
template shell = /bin/false
time offset = 0
time server = No
timestamp logs = Yes
unix charset = KOI8-R
unix extensions = Yes
unix password sync = No
update encrypted = Yes
use client driver = No
use mmap = Yes
use sendfile = No
use spnego = Yes
username level = 0
utmp = No
valid users = '@MYDOMAIN\Domain Users'
wide links = Yes
winbind cache time = 300
winbind enable local accounts = Yes
winbind enum groups = Yes
winbind enum users = Yes
winbind nested groups = Yes
winbind separator = \
winbind trusted domains only = No
winbind use default domain = Yes
winbind uid = 10000-30000
winbind gid = 10000-30000
wins proxy = No
wins server = my.pdc.ip.address
wins support = No
workgroup = MYDOMAIN
write cache size = 0
write raw = Yes
wtmp directory =
[test]
path = /usr/tmp
readonly = false
usrv# cat /etc/krb5.conf
[libdefaults]
default_realm = MYDOMAIN.DOM
clockskew = 300
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
MYDOMAIN.DOM = {
kdc = PDC-NETBIOSNAME.MYDOMAIN.DOM
v4_instance_resolve = false
}
OTHER.REALM = {
v4_instance_resolve = false
v4_instance_convert = {
kerberos = kerberos
computer = computer.some.other.domain
}
}
[domain_realm]
.mydomain.dom = MYDOMAIN.DOM
usrv# cat /etc/nsswitch.conf | grep winbind
passwd: files winbind nisplus nis
group: files winbind nisplus nis
usrv# ls /usr/local/lib/*winbind*
/usr/local/lib/lib_nss_winbind.so /usr/local/lib/nss_winbind.so.1
/usr/local/lib/lib_nss_winbind.so.1 /usr/local/lib/nss_winbind.so.2
/usr/local/lib/lib_nss_winbind.so.2 /usr/local/lib/pam_winbind.so
/usr/local/lib/nss_winbind.so
usrv# id Guest
uid=10014(Guest) gid=10006(Domain Guests) groups=10006(Domain Guests)
usrv# id Administrator
uid=10006(Administrator) gid=10005(Domain Users)
groups=10005(Domain Users), 10002(Schema Admins),
10003(Enterprise Admins), 10004(Domain Admins),
10007(Group Policy Creator Owners)
usrv# /samba/bin/smbclient -L \\usrv
Password:
Anonymous login successful
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.0.4]
Sharename Type Comment
--------- ---- -------
test Disk SMB server
IPC$ IPC IPC Service (Samba 3.0.4)
ADMIN$ IPC IPC Service (Samba 3.0.4)
Anonymous login successful
Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.0.4]
Server Comment
--------- -------
host01 some host 01
host02
PDC-NETBIOSNAME MYDOMAIN PDC
USRV Samba 3.0.4
Workgroup Master
--------- -------
MYDOMAIN PDC-NETBIOSNAME
Maybe, something isn`t correct -- so, I apologized.
Версия для распечатки
(ok), 30-Май-04, 15:18 
