Linux Squid WIN AD autentifikacija – deo3 greške

Moguće greške :

Joining a Microsoft AD domain using samba-winbind (komanda : # net ads join -U Administrator) fails with the error “Failed to join domain: failed to set machine spn: Constraint violation”
a. You may run into this error when attempting to join using a user account that does not have permissions to add a machine account to the AD. Ensure that the user has sufficient privileges on the AD, or specify the administrator when joining.
b. You should also ensure that all required ports (including ephemeral source ports) are open between the client and the server. For a list of Samba’s required ports, see the following link :

# net ads dns register -P
DNS Update for proxy-2013.moj.domen failed: ERROR_DNS_UPDATE_FAILED
DNS update failed!

When the client joins AD, samba initiates DDNS update to register
itself on DNS server. IF your DNS server is not configured to update
dynamic updates, you will receive this error.
As long as you have right forward/reverse entries on your DNS server,
you need not to worry about this error.
It means that your primary DNS server does not support dynamic updates.

# tail -f log.smbd
[2014/07/25 09:43:03.845251, 0] ../source3/printing/print_cups.c:528(cups_async_callback)
failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
Da bi se ovo rešilo mora se EKSPLICITNO dodati u /etc/samba/smb.conf da nećete štampače :
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

# wbinfo -i moj.domenski.nalog
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user mojdomenski.nalog

# tail -f log.nmbd
[2014/07/25 13:44:04, 0] ../source3/nmbd/nmbd_namequery.c:245(query_name)
query_name: Failed to send packet trying to query name moja.radna.grupa
[2014/07/25 13:47:04, 0] ../source3/libsmb/nmblib.c:872(send_udp)
Packet send failed to ERRNO=Operation not permitted

# tail -f krb5kdc.log
krb5kdc: No such file or directory – while initializing database for realm moj.unutrašnji.domen
# kdb5_util create -r moj.unutrašnji.domen
Loading random data
Initializing database ‘/var/kerberos/krb5kdc/principal’ for realm ‘moj.unutrašnji.domen’,
master key name ‘K/M@MOJ.UNUTRAŠNJI.DOMEN’
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:

# net ads testjoin
kerberos_kinit_password PROXY-2013$@MOJ.UNUTRAŠNJI.DOMEN failed: Client not found in Kerberos database
kerberos_kinit_password PROXY-2013$@MOJ.UNUTRAŠNJI.DOMEN failed: Client not found in Kerberos database
Join to domain is not valid: Improperly formed account name

# tail -f /var/log/messages
Aug 1 08:36:17 proxy-2013 nslcd[5392]: [edfe3a] failed to bind to LDAP server ldap://adwin.moj.unutrašnji.domen: Can’t contact LDAP
server: Connection timed out

Aug 1 08:36:17 proxy-2013 nslcd[5392]: [edfe3a] no available LDAP server found
Ova vrlo čudna greška se javlja ako nije adwin.moj.unutrašnj.domen stavljen kao jedini NTP server za Linux mašinu.

# tail -f /var/log/messages
Aug 1 12:35:09 proxy-2013 nscd: 3267 cannot stat() file `/etc/netgroup’: No such file or directory

Rešenje je napraviti taj fajl :
# touch /etc/netgroup

Link za neke Kerberos greške.

This entry was posted in Linux and tagged , , , , . Bookmark the permalink.

Comments are closed.