求助FC4下Samba用ads方式用win2K的AD认证问题

wings_song · 发表于 2005-8-26 14:26:28

下面内容有点多，还请大家耐心看完，谢谢。

最后想要达到的目标是windows用户登陆到域中后访问samba，samba server利用ad中的用户名自动判断用户登陆。

首先说明：win2k Server 做域控制器，域为test2kad.com,DC域名为test-2kdc.test2kad.com,IP：10.10.20.2，网关为255.255.0.0，
DNS：10.10.20.2 wins：10.10.20.2
samba server为FC4自带host name:samba，IP为10.10.20.10，其他网络参数于win2k server相同。
网络连接绝对正常，两机都刻互相ping通，samba server上防火墙也被关闭

samba server上安装的版本：
krb5-workstation-1.4-3
pam_krb5-2.1.7-3
krb5-libs-1.4-3
krb5-auth-dialog-0.2-5
samba-client-3.0.14a-2
samba-3.0.14a-2
system-config-samba-1.2.31-1
samba-common-3.0.14a-2

下面是相关配置文件
#########################
smb.conf
# Global parameters
[global]
      workgroup = TEST2KAD
      realm = TEST2KAD.COM
      server string = Samba Server
      security = ADS
      password server = TEST-2KDC.test2kad.com
      log file = /var/log/samba/%m.log
      max log size = 50
      socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
      printcap name = /etc/printcap
      dns proxy = No
      wins server = 10.10.20.2
      idmap uid = 10000-20000
      idmap gid = 10000-20000
      template shell = /bin/bash
      winbind separator = /
      winbind cache time = 10
      winbind use default domain = Yes
      cups options = raw

[homes]
      comment = Home Directories
      read only = No
      browseable = No

[printers]
      comment = All Printers
      path = /var/spool/samba
      printable = Yes
      browseable = No

[test]
      comment = testing
      path = /home/tmp
      read only = No
      guest ok = Yes
######################

#######################
krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = TEST2KAD.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
TEST2KAD.COM = {
  kdc = TEST-2KDC.test2kad.com:88
  kdc = TEST-2KDC.test2kad.com
  admin_server = TEST-2KDC.test2kad.com:749
  default_domain = test2kad.com
  kdc = TEST-2KDC.test2kad.com
}

[domain_realm]
.test2kad.com = TEST2KAD.COM
test2kad.com = TEST2KAD.COM

################################

###########################
resolv.conf

search test2kad.com
nameserver 10.10.20.2

###########################

配置完成后，用kinit username@REALM,在这里使用kinit [email protected]来测试krb5工作是否正确，没有问题通过
然后在win2k机器上为samba server创建computer name
net ads join －U administrator
出现如下信息
###############################
[root@samba samba]# kinit [email protected]
Password for [email protected]:
[root@samba samba]# net ads join -U Administrator
Administrator's password:
Using short domain name -- TEST2KAD
Joined 'SAMBA' to realm 'TEST2KAD.COM'
*** glibc detected *** net: free(): invalid pointer: 0x005f47f0 ***
======= Backtrace: =========
/lib/libc.so.6[0x438424]
/lib/libc.so.6(__libc_free+0x77)[0x43895f]
/lib/libcom_err.so.2(remove_error_table+0x4b)[0x119abb]
/usr/lib/libkrb5.so.3[0x592823]
/usr/lib/libkrb5.so.3[0x5925c7]
/usr/lib/libkrb5.so.3[0x5e33ba]
/lib/ld-linux.so.2[0x15b058]
/lib/libc.so.6(exit+0xc5)[0x3ffc69]
/lib/libc.so.6(__libc_start_main+0xce)[0x3e9dee]
net[0x21b0f1]
======= Memory map: ========
00111000-00118000 r-xp 00000000 03:01 826609    /usr/lib/libpopt.so.0.0.0
00118000-00119000 rwxp 00006000 03:01 826609    /usr/lib/libpopt.so.0.0.0
00119000-0011b000 r-xp 00000000 03:01 1658827 /lib/libcom_err.so.2.1
0011b000-0011c000 rwxp 00001000 03:01 1658827 /lib/libcom_err.so.2.1
0011c000-0011e000 r-xp 00000000 03:01 816734    /usr/lib/gconv/IBM850.so
0011e000-00120000 rwxp 00001000 03:01 816734    /usr/lib/gconv/IBM850.so
00120000-00124000 r-xp 00000000 03:01 1656530 /lib/libnss_dns-2.3.5.so
00124000-00125000 r-xp 00003000 03:01 1656530 /lib/libnss_dns-2.3.5.so
00125000-00126000 rwxp 00004000 03:01 1656530 /lib/libnss_dns-2.3.5.so
00129000-0012b000 r-xp 00000000 03:01 1658815 /lib/libdl-2.3.5.so
0012b000-0012c000 r-xp 00001000 03:01 1658815 /lib/libdl-2.3.5.so
0012c000-0012d000 rwxp 00002000 03:01 1658815 /lib/libdl-2.3.5.so
0012d000-00142000 r-xp 00000000 03:01 834895    /usr/lib/libsasl2.so.2.0.20
00142000-00143000 rwxp 00015000 03:01 834895    /usr/lib/libsasl2.so.2.0.20
00143000-0014c000 r-xp 00000000 03:01 1658812 /lib/libgcc_s-4.0.0-20050520.so
.1
0014c000-0014d000 rwxp 00009000 03:01 1658812 /lib/libgcc_s-4.0.0-20050520.so
.1
0014d000-00167000 r-xp 00000000 03:01 1658809 /lib/ld-2.3.5.so
00167000-00168000 r-xp 00019000 03:01 1658809 /lib/ld-2.3.5.so
00168000-00169000 rwxp 0001a000 03:01 1658809 /lib/ld-2.3.5.so
00169000-0019e000 r-xp 00000000 03:01 1658829 /lib/libssl.so.0.9.7f
0019e000-001a1000 rwxp 00035000 03:01 1658829 /lib/libssl.so.0.9.7f
001a1000-001b3000 r-xp 00000000 03:01 834825    /usr/lib/libz.so.1.2.2.2
001b3000-001b4000 rwxp 00011000 03:01 834825    /usr/lib/libz.so.1.2.2.2
001b4000-001bd000 r-xp 00000000 03:01 1656533 /lib/libnss_files-2.3.5.so
001bd000-001be000 r-xp 00008000 03:01 1656533 /lib/libnss_files-2.3.5.so
001be000-001bf000 rwxp 00009000 03:01 1656533 /lib/libnss_files-2.3.5.so
001ee000-003b2000 r-xp 00000000 03:01 826900    /usr/bin/net
003b2000-003c3000 rwxp 001c4000 03:01 826900    /usr/bin/net
003c3000-003d5000 rwxp 003c3000 00:00 0
003d5000-004f9000 r-xp 00000000 03:01 1658810 /lib/libc-2.3.5.so
004f9000-004fb000 r-xp 00124000 03:01 1658810 /lib/libc-2.3.5.so
004fb000-004fd000 rwxp 00126000 03:01 1658810 /lib/libc-2.3.5.so
004fd000-004ff000 rwxp 004fd000 00:00 0
00583000-005f2000 r-xp 00000000 03:01 834859    /usr/lib/libkrb5.so.3.2
005f2000-005f5000 rwxp 0006e000 03:01 834859    /usr/lib/libkrb5.so.3.2
0064f000-00672000 r-xp 00000000 03:01 834858    /usr/lib/libk5crypto.so.3.0
00672000-00673000 rwxp 00023000 03:01 834858    /usr/lib/libk5crypto.so.3.0
00673000-0076b000 r-xp 00000000 03:01 1658828 /lib/libcrypto.so.0.9.7f
0076b000-0077d000 rwxp 000f8000 03:01 1658828 /lib/libcrypto.so.0.9.7f
0077d000-00780000 rwxp 0077d000 00:00 0
009a1000-009a3000 r-xp 00000000 03:01 834857    /usr/lib/libkrb5support.so.0.0
009a3000-009a4000 rwxp 00001000 03:01 834857    /usr/lib/libkrb5support.so.0.0
009a8000-009b7000 r-xp 00000000 03:01 1656593 /lib/libresolv-2.3.5.so
009b7000-009b8000 r-xp 0000e000 03:01 1656593 /lib/libresolv-2.3.5.so
009b8000-009b9000 rwxp 0000f000 03:01 1656593 /lib/libresolv-2.3.5.so
009b9000-009bb000 rwxp 009b9000 00:00 0
00a32000-00a37000 r-xp 00000000 03:01 1658822 /lib/libcrypt-2.3.5.so
00a37000-00a38000 r-xp 00004000 03:01 1658822 /lib/libcrypt-2.3.5.so
00a38000-00a39000 rwxp 00005000 03:01 1658822 /lib/libcrypt-2.3.5.so
00a39000-00a60000 rwxp 00a39000 00:00 0
00a98000-00a99000 r-xp 00a98000 00:Aborted
[root@samba samba]#
###################################

这时从win2k server 活动目录中已经在机器帐号中发现samber这台机器，但不知道为什么还会出现如上出错信息，请高手指点。

下面在用wbinfo -u #命令输出win2k 机器上用户列表时出错
Error Looking up domain usrs

在测试中发现，当使用shere user 等认证方式时wbinfo命令可以正确使用，也就是说这时winbind工作正确，而就是使用ads方式时出错

在ads方式从windows客户机访问samba回出现“当前没有可用的登陆服务器登陆请求”

请问在什么地方有问题？应该怎样解决？希望大家来讨论一下，一下经验，帮帮忙,谢谢了！

wings_song · 发表于 2005-8-30 17:26:50

人还是要靠自己

在尝试多种方法修改各种参数无效后我将samba3.0.14a所有rpm包卸载掉,去samba官网下载了最新的samba3.0.20,安装后还是同样的配置参数就全跑通了,在win2003server上也通过了验证,大家如果有兴趣可以利用我上面帖子里的参数配置试一下,ads模式下,只要windows用户登陆到域中,不用再输入密码就可以通过samba的验证,使用起来非常方便,也方便管理.
在这之前折腾了一周多都没有结果.......血泪的教训啊......以后大家遇到类似的问题不要想我一样傻折腾了,换个新版本试试

aluocn · 发表于 2005-9-17 16:41:24

看到俺的帖子给俺回一下吧!
在装RH9时我选择安装了SAMBA如下:
=================================
[root@xxblx docs]# rpm -qa|grep samba
samba-client-2.2.7a-7.9.0
samba-2.2.7a-7.9.0
redhat-config-samba-1.0.4-1
samba-common-2.2.7a-7.9.0
=================================
问题是我如何卸载samba,我想安装samba3.0.20!
谢谢!

aluocn · 发表于 2005-9-17 16:51:42

通过执行以下命令后,我的再执行rpm -qa|grep samba就看不到如上帖所示的东东了,应该是卸载士净了吧!
[root@xxblx docs] rpm -e --nodeps samba-2.2.7a
[root@xxblx docs] rpm -e samba-common-2.2.7a-7.9.0
[root@xxblx docs] samba-client-2.2.7a-7.9.0
[root@xxblx docs] #rpm -e redhat-config-samba-1.0.4-1
再运行[root@xxblx docs] vi /etc/samba/smb.conf也看不到配置内容了!

		自动登录	找回密码
密码			注册