====== Windows-tunnukset Linuxiin ====== eduwww2:~# cat /etc/samba/smb.conf [global] workgroup = EDU server string = %h server include = /etc/samba/dhcp.conf dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = ADS realm = EDU.LOCAL password server = edusrv1.edu.local encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes invalid users = root socket options = TCP_NODELAY idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind separator = + winbind enum groups = yes winbind enum users = yes template homedir = /home/EDU/&y winbind use default domain = yes browseable = yes aptitude install krb5-config eduwww2:/etc# cat krb5.conf [libdefaults] default_realm = EDU.LOCAL # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] EDU.LOCAL = { kdc = EDUSRV1 kdc = EDUSRV admin_server = EDUSRV1 } ATHENA.MIT.EDU = { kdc = kerberos.mit.edu:88 kdc = kerberos-1.mit.edu:88 kdc = kerberos-2.mit.edu:88 admin_server = kerberos.mit.edu default_domain = mit.edu } MEDIA-LAB.MIT.EDU = { kdc = kerberos.media.mit.edu admin_server = kerberos.media.mit.edu } ZONE.MIT.EDU = { kdc = casio.mit.edu kdc = seiko.mit.edu admin_server = casio.mit.edu } MOOF.MIT.EDU = { kdc = three-headed-dogcow.mit.edu:88 kdc = three-headed-dogcow-1.mit.edu:88 admin_server = three-headed-dogcow.mit.edu } CSAIL.MIT.EDU = { kdc = kerberos-1.csail.mit.edu kdc = kerberos-2.csail.mit.edu admin_server = kerberos.csail.mit.edu default_domain = csail.mit.edu krb524_server = krb524.csail.mit.edu } IHTFP.ORG = { kdc = kerberos.ihtfp.org admin_server = kerberos.ihtfp.org } GNU.ORG = { kdc = kerberos.gnu.org kdc = kerberos-2.gnu.org kdc = kerberos-3.gnu.org admin_server = kerberos.gnu.org } 1TS.ORG = { kdc = kerberos.1ts.org admin_server = kerberos.1ts.org } GRATUITOUS.ORG = { kdc = kerberos.gratuitous.org admin_server = kerberos.gratuitous.org } DOOMCOM.ORG = { kdc = kerberos.doomcom.org admin_server = kerberos.doomcom.org } ANDREW.CMU.EDU = { kdc = vice28.fs.andrew.cmu.edu kdc = vice2.fs.andrew.cmu.edu kdc = vice11.fs.andrew.cmu.edu kdc = vice12.fs.andrew.cmu.edu admin_server = vice28.fs.andrew.cmu.edu default_domain = andrew.cmu.edu } CS.CMU.EDU = { kdc = kerberos.cs.cmu.edu kdc = kerberos-2.srv.cs.cmu.edu admin_server = kerberos.cs.cmu.edu } DEMENTIA.ORG = { kdc = kerberos.dementia.org kdc = kerberos2.dementia.org admin_server = kerberos.dementia.org } stanford.edu = { kdc = krb5auth1.stanford.edu kdc = krb5auth2.stanford.edu kdc = krb5auth3.stanford.edu admin_server = krb5-admin.stanford.edu default_domain = stanford.edu } [domain_realm] .mit.edu = ATHENA.MIT.EDU mit.edu = ATHENA.MIT.EDU .media.mit.edu = MEDIA-LAB.MIT.EDU media.mit.edu = MEDIA-LAB.MIT.EDU .csail.mit.edu = CSAIL.MIT.EDU csail.mit.edu = CSAIL.MIT.EDU .whoi.edu = ATHENA.MIT.EDU whoi.edu = ATHENA.MIT.EDU .stanford.edu = stanford.edu [login] krb4_convert = true krb4_get_tickets = false testparm eduwww2:/etc# net ads join -U administrator administrator's password: [2007/06/11 03:58:32, 0] libsmb/cliconnect.c:cli_session_setup_spnego(785) Kinit failed: Clock skew too great Failed to join domain! eduwww2:/etc# net time set ma 19.11.2007 10:49:59 +0200 eduwww2:/etc# date ma 19.11.2007 10:50:01 +0200 eduwww2:/etc# net ads join -U administrator administrator's password: Using short domain name -- EDU Joined 'EDUWWW2' to realm 'EDU.LOCAL' eduwww2:/etc# cat nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files winbind db group: files winbind db shadow: files winbind db wbinfo -u getent passwd eduwww2:/etc/default# cat /etc/default/winbind # Defaults for winbind initscript # sourced by /etc/init.d/winbind # # # This is a POSIX shell fragment # # Winbind configuration WINBINDD_OPTS="-n" eduwww2:/etc/default# mail markus.oversti Subject: testi Testiviesti . Cc: eduwww2:/etc/default# cat /var/log/mail.log Nov 19 11:01:08 eduwww2 postfix/pickup[10167]: 47D86BF8C: uid=0 from= Nov 19 11:01:08 eduwww2 postfix/cleanup[10230]: 47D86BF8C: message-id=<20071119090108.47D86BF8C@eduwww2.edu.local> Nov 19 11:01:08 eduwww2 postfix/qmgr[7024]: 47D86BF8C: from=, size=314, nrcpt=1 (queue active) Nov 19 11:01:08 eduwww2 postfix/local[10232]: 47D86BF8C: to=, orig_to=, relay=local, delay=0.07, delays=0.03/0.01/0/0.04, dsn=2.0.0, status=sent (delivered to mailbox) Nov 19 11:01:08 eduwww2 postfix/qmgr[7024]: 47D86BF8C: removed