1. Yes, they are time synced.
2. that appears okay
[root@newhou ~]# nslookup fdi-srvr1 (this is the PDC)
Server: 192.168.12.6
Address: 192.168.12.6#53
Name: fdi-srvr1.fdi.com
Address: 192.168.12.6
[root@newhou ~]# nslookup 192.168.12.6
Server: 192.168.12.6
Address: 192.168.12.6#53
6.12.168.192.in-addr.arpa name = fdi-srvr1.fdi.com.
+++++
[root@newhou ~]# nslookup 192.168.12.14
Server: 192.168.12.6
Address: 192.168.12.6#53
14.12.168.192.in-addr.arpa name = newhou.fdi.com.
3. Kinit -yes
[root@newhou ~]# kinit buddyj@xxxxxxx
Password for buddyj@xxxxxxx:
[root@newhou ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: buddyj@xxxxxxx
Valid starting Expires Service principal
11/01/06 08:43:59 11/01/06 18:44:02 krbtgt/FDI.COM@xxxxxxx
renew until 11/02/06 08:43:59
From: Matthijs.Sneijders@xxxxxxxxxxxxxx
Reply-To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>
Subject: Re: ADS authenentication & Samba/Winbind
Date: Wed, 1 Nov 2006 09:02:11 +0100
1. is your time synced correctly?
2. is DNS working correctly forward/reverse?
3. can you get a ticket using kinit?
Matthijs
Matthijs Sneijders
CORUS
Research,
Development
&
Technology
Building
3G16 room
3-312
P.O. Box
10.000
1970 CA
IJMUIDEN
phone +31 (0)251-496400
fax +31 (0)251-470064
mail matthijs.sneijders@xxxxxxxxxxxxxx
|---------+------------------------------>
| | "Buddy Jennings" |
| | <buddyj@xxxxxxx> |
| | Sent by: |
| | redhat-list-bounces|
| | @redhat.com |
| | |
| | |
| | 31-10-2006 23:42 |
| | Please respond to |
| | General Red Hat |
| | Linux discussion |
| | list |
| | |
|---------+------------------------------>
>-------------------------------------------------------------------------------------------------------------------|
|
|
| To: redhat-list@xxxxxxxxxx
|
| cc:
|
| Subject: ADS authenentication & Samba/Winbind
|
>-------------------------------------------------------------------------------------------------------------------|
Sorry for the long post, but any help would be appreciated!
I have two RH AS4 boxes. I have configured both to authenticate against my
windows ADS.
The only difference between the machines is one is a 32-bit build and the
other is a 64-bit build.
Linux 64bit.mydomain.com 2.6.9-42.0.3.ELsmp #1 SMP Mon Sep 25 17:24:31 EDT
2006 x86_64 x86_64 x86_64 GNU/Linux
Linux 32bit.mydomains.com 2.6.9-42.0.3.ELsmp #1 SMP Mon Sep 25 17:28:02 EDT
2006 i686 i686 i386 GNU/Linux
Both machines allow domain users to login to standard services, ssh or ftp
for example.
Home directories are created when they login in on either machine.
ntlm_auth
and getent works on both systems.
My 32-bit machine will allow 3rd part aps (those I've tested) to
authenticate the users, but the same apps fail to authenticate the same
users on the 64-bit machine.
I have compared the following files (they are the same bytes even!)
/etc/pam.d/system-auth
/etc/pam.d/squid
/etc/pam.d/samba
/etc/samba/smb.conf
/etc/hosts
/etc/sysconfig/iptables
/etc/sysconfig/samba
/etc/sysconfig/authconfig
/etc/sysconfig/network
/etc/sysconfig/squid
/etc/sysconfig/saslauthd
/etc/krb5.conf
/etc/nsswitch.conf
/etc/pam_smb.conf
/etc/log.d/conf/services/pam.conf
Both machines are running the same services.
In the /var/log/samba directory:
smbd.log are similiar.
nmbd.log: The 32-bit machine promotes itself as local browser master, the
64-bit machine
doesn't , otherwise all entries are the same.
/var/log/message and /var/log/secure shows the same sequence on login on
either machine.
A 3rd party vendor gave me a utility that calls pam-auth and outputs debug
info call caut.Notice that the module called auth_etc_passwd passes on
32-bit but not on the 64-bit.
32-bit output (passwords x'd out!):
[root@ tmp]# ./caut
Authentication dump
service (eg "su") -
user name - mydomain\buddyj
password (will be echoed) - xxxxxx
auth_auth: debug 1 inline 0
auth_trusted: getspname did not find an entry for User mydomain\buddyj
auth_etc_passswd: getpwnam found entry for User mydomain\buddyj
pw_name: buddyj
pw_passwd: *
auth_check_passwd_crypt: FAILED (Standard crypt) *****
auth_check_passwd_crypt: Salt * passwd * crypt_result **XXXXXXXXXX
Calling pam_start
pam_start succeeded for service , user mydomain\buddyj
Calling pam_authenticate
[GUI]Authentication failure for mydomain\buddyj (PAM Err# 7)
[Result]NOK
Authentication failure for mydomain\buddyj
64-bit output:
root@64bit caut]# ./caut
Authentication dump
service (eg "su") -
user name - mydomain\buddyj
password (will be echoed) - xxxxx
auth_auth: debug 1 inline 0
auth_trusted: getspname did not find an entry for User mydomain\buddyj
auth_etc_passwd: getpwnam did not find an entry for User mydomain\buddyj
Calling pam_start
pam_start succeeded for service , user mydomain\buddyj
Calling pam_authenticate
[GUI]Authentication failure for mydomain\buddyj (PAM Err# 7)
[Result]NOK
Authentication failure for mydomain\buddyj
I can't find any config difference! How else can you determine
configuration differences between two machines? Any suggestions?
I'll post a follow up of the steps I used on both machines.
Thanx!
Buddy
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
**********************************************************************
This transmission is confidential and must not be used or disclosed by
anyone other than the intended recipient. Neither Corus Group Plc nor
any of its subsidiaries can accept any responsibility for any use or
misuse of the transmission by anyone.
**********************************************************************
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
