gnoovy
10.04.10, 01:17
hi leutz,
verstehe die Welt nicht mehr. Habe einen Fedora und Suse als Domainmember einer W2k8-R2 Domäne integriert. Bevor ich den Suse-Server integriert hatte, konnte ich problemlos auf fedora mittels Netzwerkumgebung einwandfrei zugreifen. Nur verlangt er jetzt nach Suse-Integration auf einmal ein Benutzername und Kennwort für den Zugriff auf die Linux-Server. Habe aber an den Configs nichts verändert.
Sinn und Zweck der Integration des Suse-Servers war, dass beim fedora-server neu angelegte Accounts in Windows nicht mit setfacl auf Linux Dateien und Ordner berechtigen konnte.
Anbei mal meine Configs vom fedora-server und suse-server.
fedora-server
-------------------
smb.conf
# Samba config file created using SWAT
# from UNKNOWN (192.168.178.1)
# Date: 2010/04/10 01:00:30
[global]
workgroup = WINNET
realm = WINNET.LOCAL
server string =
security = ADS
password server = dc1.winnet.local
log file = /var/log/samba/log.%m
max log size = 50
server signing = auto
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
force directory mode = 07777
cups options = raw
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
browsable = No
[ELO-FT-DEMO]
path = /ELOenterprise/data/ft-DEMO
read only = No
inherit permissions = Yes
inherit acls = Yes
profile acls = Yes
map acl inherit = Yes
[ELO-LOGS]
path = /tomcat6/logs
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
browsable = No
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = WINNET.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yes
[realms]
WINNET.LOCAL = {
kdc = dc1.winnet.local:88
admin_server = dc1.winnet.local:749
}
[domain_realm]
.winnet.local = WINNET.LOCAL
winnet.local = WINNET.LOCAL
suse-server
---------------------
smb.conf
# Samba config file created using SWAT
# from UNKNOWN (ïª2.16죿)
# Date: 2010/04/08 00:46:19
[global]
workgroup = WINNET
realm = WINNET.LOCAL
server string =
security = ADS
map to guest = Bad User
password server = dc1.winnet.local
server signing = auto
printcap name = cups
logon path =
logon home =
usershare allow guests = Yes
idmap backend = ad
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
valid users = @winnet+domänenbenutzer
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No
browsable = No
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
browsable = No
[Test]
path = /test
read only = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
profile acls = Yes
map acl inherit = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No
browsable = No
krb5.conf
[libdefaults]
default_realm = WINNET.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_liefetime = 24h
renew_lifetime = 7d
forwardable = yes
[realms]
WINNET.LOCAL = {
kdc = dc1.winnet.local:88
admin_server = dc1.winnet.local:749
}
[domain_realm]
.winnet.local = WINNET.LOCAL
winnet.local = WINNET.LOCAL
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
verstehe die Welt nicht mehr. Habe einen Fedora und Suse als Domainmember einer W2k8-R2 Domäne integriert. Bevor ich den Suse-Server integriert hatte, konnte ich problemlos auf fedora mittels Netzwerkumgebung einwandfrei zugreifen. Nur verlangt er jetzt nach Suse-Integration auf einmal ein Benutzername und Kennwort für den Zugriff auf die Linux-Server. Habe aber an den Configs nichts verändert.
Sinn und Zweck der Integration des Suse-Servers war, dass beim fedora-server neu angelegte Accounts in Windows nicht mit setfacl auf Linux Dateien und Ordner berechtigen konnte.
Anbei mal meine Configs vom fedora-server und suse-server.
fedora-server
-------------------
smb.conf
# Samba config file created using SWAT
# from UNKNOWN (192.168.178.1)
# Date: 2010/04/10 01:00:30
[global]
workgroup = WINNET
realm = WINNET.LOCAL
server string =
security = ADS
password server = dc1.winnet.local
log file = /var/log/samba/log.%m
max log size = 50
server signing = auto
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
force directory mode = 07777
cups options = raw
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
browsable = No
[ELO-FT-DEMO]
path = /ELOenterprise/data/ft-DEMO
read only = No
inherit permissions = Yes
inherit acls = Yes
profile acls = Yes
map acl inherit = Yes
[ELO-LOGS]
path = /tomcat6/logs
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
browsable = No
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = WINNET.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yes
[realms]
WINNET.LOCAL = {
kdc = dc1.winnet.local:88
admin_server = dc1.winnet.local:749
}
[domain_realm]
.winnet.local = WINNET.LOCAL
winnet.local = WINNET.LOCAL
suse-server
---------------------
smb.conf
# Samba config file created using SWAT
# from UNKNOWN (ïª2.16죿)
# Date: 2010/04/08 00:46:19
[global]
workgroup = WINNET
realm = WINNET.LOCAL
server string =
security = ADS
map to guest = Bad User
password server = dc1.winnet.local
server signing = auto
printcap name = cups
logon path =
logon home =
usershare allow guests = Yes
idmap backend = ad
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
valid users = @winnet+domänenbenutzer
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No
browsable = No
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
browsable = No
[Test]
path = /test
read only = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
profile acls = Yes
map acl inherit = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No
browsable = No
krb5.conf
[libdefaults]
default_realm = WINNET.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_liefetime = 24h
renew_lifetime = 7d
forwardable = yes
[realms]
WINNET.LOCAL = {
kdc = dc1.winnet.local:88
admin_server = dc1.winnet.local:749
}
[domain_realm]
.winnet.local = WINNET.LOCAL
winnet.local = WINNET.LOCAL
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON