all the DOMAIN and domain were replaced with the actual name.
krb5.conf
Code:
[logging]
default = FILE10000:/var/log/krb5lib.log
[libdefaults]
default_realm = DOMAIN.COM
ticket_lifetime = 24000
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
DOMAIN.COM = {
kdc = nascdca01.domain.com
admin_server = nascdca01.domain.com
default_domain = DOMAIN.COM
}
[domain_realm]
domain.com = DOMAIN.COM
.domain.com = DOMAIN.COM
[login]
krb4_convert = true
krb4_get_tickets = false
smb.conf
Code:
[global]
security = ads
netbios name = computer_name
realm = DOMAIN.COM
password server = nascdca01.domain.com
workgroup = DOMAINAD
idmap uid = 500-10000000
idmap gid = 500-10000000
#winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
encrypt passwords = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
I just checked the auth.log and notice this
Code:
May 16 08:01:02 COMPUTER_NAME pam_winbind[20446]: user 'USERNAME' granted access
May 16 08:01:02 COMPUTER_NAME gdm[20446]: (pam_unix) could not identify user (from getpwnam(USERNAME))
May 16 08:01:02 COMPUTER_NAME gdm[20446]: Couldn't set acct. mgmt for USERNAME
Bookmarks