[CentOS] Winbind / kerb eros

Tue Jan 9 13:20:24 UTC 2007
Daniel Teixeira <dteixeira at bitecnica.com>

hi'
 
Ive followed the steps from http://weblog.bignerdranch.com/?p=6
<http://weblog.bignerdranch.com/?p=6&page=2> &page=2 and
http://forums.fedoraforum.org/showthread.php?t=92804
I'm trying to login as a domain user in x (gdm)
 
If a boot the pc and try to login i get the following error in
/var/log/messages:
 
Jan  9 13:10:35 zgltsp03 gdm(pam_unix)[2812]: check pass; user unknown
Jan  9 13:10:35 zgltsp03 gdm(pam_unix)[2812]: authentication failure;
logname= u
id=0 euid=0 tty=ws001.domain.lan:0 ruser= rhost=ws001.domain.lan
Jan  9 13:10:35 zgltsp03 pam_winbind[2812]: user 'domain+daniel' granted
access
Jan  9 13:10:35 zgltsp03 gdm(pam_unix)[2812]: could not identify user (from
getpwnam(domain+daniel))
Jan  9 13:10:35 zgltsp03 gdm-binary[2812]: Couldn't set acct. mgmt for
domain+daniel

 
 
now if i call in a shell de command "wbinfo -u -g" and then try to login
everything works fine!    
almost as if the wbinfo would remind the server that those users could
login.. 
 
after a few minutes (2 or 3) i try to login again with the same user and it
doesnt work again!!
 
 
 
this line is quite strange, no? .... could not identify user (from
getpwnam(domain+daniel))
 
 
 
my krb5 file:
 
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 
[libdefaults]
 ticket_lifetime = 24000
 default_realm = domain.LAN
# default_tgs_enctypes = des-cbc-crc des-cbc-md5
# default_tkt_enctypes = des-cbc-crc des-cbc-md5
 forwardable = true
 proxiable = true
 dns_lookup_realm = true
 dns_lookup_kdc = true
 
[realms]
 domain.LAN = {
  kdc = 10.0.0.100:88
#  admin_server = 10.0.0.100:749
  default_domain = domain.lan
 }
 
[domain_realm]
 .domain.lan = DOMAIN.LAN
 domain.lan = DOMAIN.LAN
 
[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf
 
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

 
and my smb.conf file:
 
[global]
 
   workgroup = DOMAIN
   netbios name = SERVIDORES
   server string = LTSP Server
   winbind separator = +
 
   dns proxy = no
 
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   winbind enum users = yes
   winbind enum groups = yes
   template shell = /bin/bash
 
   winbind use default domain = no
#  username map = /etc/samba/smbusers
 
   security = ads
   encrypt passwords = yes
   realm = DOMAIN.LAN
   password server = controller.domain.lan
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 
   local master = no
   domain master = False
   preferred master = False
 

   printcap name = /etc/printcap
   load printers = yes
   proxy = no
 
 
 
 
PS: i replaced the real domain name with "domain"
 
 
 

many thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20070109/85c3c609/attachment-0004.html>