乌本图:12.04 x64
PBIS:Linux 2.4/2.6 内核 64 位 DEB(来自 BeyondTrust 网站)
桑巴:3.6.3(来自 Ubuntu 仓库)
我们在将 Samba 与 PowerBroker(又名 PBIS/LikeWise-Open)集成时遇到了问题。我们遵循了以下说明:
https://help.ubuntu.com/12.04/serverguide/samba-ad-integration.html
PBIS 正在运行。用户可以通过 SSH 和 TELNET 进入机器并使用 AD 凭据登录。但是,我们无法让 SAMBA 针对 AD 进行身份验证。以下是日志输出:
[2013/05/31 09:36:38.385857, 0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)
get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'
[2013/05/31 09:36:38.386170, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)
cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.
[2013/05/31 09:36:38.386228, 0] auth/auth_domain.c:193(connect_to_domain_password_server)
connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
[2013/05/31 09:36:38.388088, 0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)
get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'
[2013/05/31 09:36:38.388378, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)
cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.
[2013/05/31 09:36:38.388435, 0] auth/auth_domain.c:193(connect_to_domain_password_server)
connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
[2013/05/31 09:36:38.390201, 0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)
get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'
[2013/05/31 09:36:38.390491, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)
cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.
[2013/05/31 09:36:38.390549, 0] auth/auth_domain.c:193(connect_to_domain_password_server)
connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
[2013/05/31 09:36:38.390831, 0] auth/auth_domain.c:292(domain_client_validate)
domain_client_validate:域密码服务器不可用。
有人知道从哪里开始吗?
答案1
在这里找到: http://wiki.samba.org/index.php/Samba_&_Active_Directory
Ubuntu 说明: https://help.ubuntu.com/12.04/serverguide/samba-ad-integration.html
缺少最后一步:
net -U <username> ads join
一旦您成功加入域/ADS,它就可以正常工作!
答案2
使用
net -U <username> ads join
将要休息PowerBrokers 连接到 AD。例如,您可能会发现您的 AD 帐户可能不再能够 SUDO。
通过 PowerBroker 将 SAMBA 链接到 AD 的正确方法是:
samba-interop-install --install