Не могу включить в качестве клиента в контроллер домена на windows 2000 для этого в active directory я создал пользователя sergei
Эту конфигурацию я взял из книги Стахнов Linux-сервер в windows окружении
вот smb.conf
workgroup = objectservice
server string = adminserver
security = domain
log file = /var/log/samba/log.otl
null passwords = yes
encrypt passwords = yes
winbind use default domain = yes
winbind uid = 10000-20000
winbind gid = 1000-20000
case sensitive = no
password server = pdc
realm = objectservice
dos charset = 866
unix charset = UTF-8
auth methods = winbind
winbind separator =\ \
local master = no
preferred master = no
winbind enum users = yes
winbind enum groups = yes
display charset = UTF-8
realm = objectservice
#### Networking ####
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
security = share
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n
socket options = TCP_NODELAY
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
создал файл /etc/samba/lmhosts
вот его содержание
127.0.0.1 localhost
192.168.0.2 pdc
вот содержание файла (после правки) /etc/nsswitch.conf
passwd: files windbind
group: files windbind
shadow: files windbind
hosts: files nisplus nis dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
services: files
rpc: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus
aliases: files nisplus
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
вот содержание файла (после правки) /etc/pam.d/samba
@include common-auth
@include common-account
@include common-session
auth required pam_winbind.so
auth required pam_nologin.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
auth required pam_stack.so service=system-auth
account sufficient pam_winbind.so
password required pam_winbind.so
создал файл /etc/pam.d/system-auth-winbind
с таким содержанием
auth required pam_env.so
auth sufficient pam_winbind.so
auth sufficient pam_unix.so likeauth nullok use_first_pass
auth required pam_deny.so
account sufficient pam_winbind.so
account required pam_unix.so
password required pam_craclib.so retry=3
password sufficient pam_unix.so nollok ude_authtok md5 shadow
password required pam_deny.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_limits.so
session required pam_unix.so
вот что выводит testparam
Load smb config files from /etc/samba/smb.conf
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
ERROR: the 'winbind separator' parameter must be a single character.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
Пробую подключится net join -U sergei
выводится
Host is not configured as a member server.
Invalid configuration. Exiting....
Failed to join domain: Invalid domain role
ADS join did not work, falling back to RPC...
cannot join as standalone machine
Проверяю при помощи wibinfo
Ввожу wbinfo --all-domains
выводится SERGEI-ADMIN
Ввожу wbinfo -u sergei
Выводится Error looking up domain users
ввожу wbinfo -p
выводится Ping to winbindd succeeded on fd 3
ввожу wbinfo -u
выводится Error looking up domain users
Мой компютер с других компов виден (в сетевом окружении), зайти на него конечно нельзя - требует пароль.
Где я ошибся ????