[Discuss] Help with samba3x and libwbclient.so.0
Tom McLaughlin
tmclaugh at gmail.com
Sat Feb 25 16:56:26 EST 2012
Sorry, didn't see a response in my inbox...
On 2/11/12 2:03 PM, Scott Ehrlich wrote:
> On Sat, Feb 11, 2012 at 1:51 PM, Tom McLaughlin <tmclaugh at gmail.com> wrote:
>>
>>
>> On 2/7/12 6:05 AM, Scott Ehrlich wrote:
>>> Revisiting a recent posting of mine -
>>>
>>> So I have an isolated network consisting of a Win 2008 R2 w/SP1 domain
>>> controller and an unpatched (i.e. out of box) 64-bit RHEL 5.7
>>> workstation.
>>>
>>> The goal is to get the RHEL workstation to join the domain controller
>>> for authentication.
>>>
>>> I was recently reminded, when doing this before, that the stock samba
>>> on the RHEL box does not work, that, on my CentOS box, and other
>>> CentOS systems I've recently built, I've had to remove the native
>>> samba packages and replace them with samba3x.
>>>
>>
>> Our CentOS 5.7 builds at work work just fine against our Windows 2008
>> DCs. What exactly are you trying to achieve? I take it you want user
>> info from AD via nss_ldap? How do you want to do authentication?
>> pam_krb5 or pam_ldap?
>>
>> You do not need to join a host to AD in order to do that. Our older
>> build did not join hosts to AD. Our new one does and it works fine for
>> us. Using '-d' with the `net` command will display debug info about the
>> join attempt.
>
> What is your Linux setup to allow you to have users authenticate to AD
> without joining?
>
> What kerberos, samba, pam updates, etc, do you do to permit this?
>
Below is our standard krb5.conf:
------
# $Id: krb5.conf 143 2011-12-29 21:03:39Z tm707 $
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = true
dns_lookup_kdc = true
# XXX: Match AD domain default
ticket_lifetime = 10h
forwardable = yes
[realms]
# XXX: Not necessary due to DNS lookups enabled above.
# EXAMPLE.COM = {
# admin_server = ldap.example.com:749
# }
[domain_realm]
example.com = EXAMPLE.COM
.example.com = EXAMPLE.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
------
And the following lines were added in the system-auth pam.d file.
------
auth sufficient pam_krb5.so use_first_pass
account [default=bad success=ok user_unknown=ignore] pam_krb5.so
password sufficient pam_krb5.so use_authtok
session optional pam_krb5.so
------
Additionally, make sure no /etc/krb5.keytab file exists. Typically our
hosts are joined to AD but I just removed my test box from the domain
and it still works fine once I also removed the keytab file.
tom
> Thanks.
>
> Scott
>
>>
>>> So two questions -
>>>
>>> 1) What exactly is samba3x - from where does it originate? No amount
>>> of googling reveals an answer, other than available patches.
>>> samba.org doesn't seem to say anything about it.
>>>
>>> 2) An attempted rpm install of the latest version of samba3x, obtained
>>> from the CentOS site (didn't have immediate access to the RHEL repo) ,
>>> hit some snags:
>>>
>>> rpm -Uvh samba3x-<package> hit some unmet library dependencies. I
>>> resolve two of the three, but libwbclient.so.0 is refusing to be
>>> acknowledged.
>>>
>>> It lives in /usr/local/samba/...
>>>
>>> I've placed it in /lib64 and tried ldconfig and a reboot. It refuses
>>> to be picked up.
>>>
>>> What am I missing?
>>>
>>> Thanks.
>>>
>>> Scott
>>> _______________________________________________
>>> Discuss mailing list
>>> Discuss at blu.org
>>> http://lists.blu.org/mailman/listinfo/discuss
>>>
>>
>> --
>> | tmclaugh at gmail.com tmclaugh at FreeBSD.org |
>> | FreeBSD http://www.FreeBSD.org |
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
--
| tmclaugh at gmail.com tmclaugh at FreeBSD.org |
| FreeBSD http://www.FreeBSD.org |
More information about the Discuss
mailing list