Рассмотреть. Решение конфликта Samba и Winbind

Опубликовано jeord -

взято с https://sysadmins.ru/topic181897.html

Мои действия для того чтобы сделать связку debian + winbindd для squid'а
Код:

# aptitude install samba
# aptitude install krb5-config

Правим /etc/krb5.conf
привожу только критичные места
Код:

[libdefaults]
default_realm = MCBFA.LOCAL
[realms]
MCBFA.LOCAL = {
kdc = orb.mcbfa.local
admin_server = orb.mcbfa.local
}

мой smb.conf
Код:

[global]
workgroup = MCBFA
netbios name = proxy
server string = %h server (Samba %v)
dns proxy = no
interfaces = 127.0.0.0/8 eth0
bind interfaces only = true
local master = no
domain master = no
preferred master = no
os level = 0
dos charset = 866
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ads
password server = orb.mcbfa.local
realm = MCBFA.LOCAL
client NTLMv2 auth = Yes
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .

winbind use default domain = no
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes

domain logons = no
socket options = TCP_NODELAY

[homes]
comment = Home Directories
browseable = no
writable = no
create mask = 0700
directory mask = 0700

[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
public = no
writable = no
create mode = 0700

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no

Код:

# aptitude install winbind
# net ads join -U admin

Правим /etc/nsswitch.conf
Код:

passwd: compat winbind
group: compat winbind

Дальше
Код:

# /etc/init.d/winbind start
# wbinfo -p
# wbinfo -t
# wbinfo -u
# wbinfo -g
# wbinfo -D ТВОЙ_ДОМЕН
# net ads info
# wbinfo --authenticate=ТВОЙ_ДОМЕН\\юзер%пароль
# id ТВОЙ_ДОМЕН\\юзер
# wbinfo --set-auth-user=ТВОЙ_ДОМЕН\\юзер%пароль
# wbinfo --get-auth-user

Если после этого всё работает - пишем сюда и будем думать дальше Very Happy