PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Suse / Fedora als Domainmember verlangen bei Zugriff ein Passwort


gnoovy
10.04.10, 00:17
hi leutz,

verstehe die Welt nicht mehr. Habe einen Fedora und Suse als Domainmember einer W2k8-R2 Domäne integriert. Bevor ich den Suse-Server integriert hatte, konnte ich problemlos auf fedora mittels Netzwerkumgebung einwandfrei zugreifen. Nur verlangt er jetzt nach Suse-Integration auf einmal ein Benutzername und Kennwort für den Zugriff auf die Linux-Server. Habe aber an den Configs nichts verändert.
Sinn und Zweck der Integration des Suse-Servers war, dass beim fedora-server neu angelegte Accounts in Windows nicht mit setfacl auf Linux Dateien und Ordner berechtigen konnte.
Anbei mal meine Configs vom fedora-server und suse-server.

fedora-server
-------------------
smb.conf

# Samba config file created using SWAT
# from UNKNOWN (192.168.178.1)
# Date: 2010/04/10 01:00:30

[global]
workgroup = WINNET
realm = WINNET.LOCAL
server string =
security = ADS
password server = dc1.winnet.local
log file = /var/log/samba/log.%m
max log size = 50
server signing = auto
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
force directory mode = 07777
cups options = raw

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
browsable = No

[ELO-FT-DEMO]
path = /ELOenterprise/data/ft-DEMO
read only = No
inherit permissions = Yes
inherit acls = Yes
profile acls = Yes
map acl inherit = Yes

[ELO-LOGS]
path = /tomcat6/logs
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
browsable = No


krb5.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = WINNET.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yes

[realms]
WINNET.LOCAL = {
kdc = dc1.winnet.local:88
admin_server = dc1.winnet.local:749
}

[domain_realm]
.winnet.local = WINNET.LOCAL
winnet.local = WINNET.LOCAL


suse-server
---------------------

smb.conf

# Samba config file created using SWAT
# from UNKNOWN (ïª2.16죿)
# Date: 2010/04/08 00:46:19

[global]
workgroup = WINNET
realm = WINNET.LOCAL
server string =
security = ADS
map to guest = Bad User
password server = dc1.winnet.local
server signing = auto
printcap name = cups
logon path =
logon home =
usershare allow guests = Yes
idmap backend = ad
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
valid users = @winnet+domänenbenutzer
cups options = raw

[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No
browsable = No

[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
browsable = No

[Test]
path = /test
read only = No
inherit permissions = Yes
inherit acls = Yes
inherit owner = Yes
profile acls = Yes
map acl inherit = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No
browsable = No


krb5.conf

[libdefaults]
default_realm = WINNET.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_liefetime = 24h
renew_lifetime = 7d
forwardable = yes

[realms]
WINNET.LOCAL = {
kdc = dc1.winnet.local:88
admin_server = dc1.winnet.local:749
}

[domain_realm]
.winnet.local = WINNET.LOCAL
winnet.local = WINNET.LOCAL

[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON