Samba+PowerBroker(又名 LikeWise-Open)集成不起作用

Samba+PowerBroker(又名 LikeWise-Open)集成不起作用

乌本图:12.04 x64
PBIS:Linux 2.4/2.6 内核 64 位 DEB(来自 BeyondTrust 网站)
桑巴:3.6.3(来自 Ubuntu 仓库)

我们在将 Samba 与 PowerBroker(又名 PBIS/LikeWise-Open)集成时遇到了问题。我们遵循了以下说明:

https://help.ubuntu.com/12.04/serverguide/samba-ad-integration.html

PBIS 正在运行。用户可以通过 SSH 和 TELNET 进入机器并使用 AD 凭据登录。但是,我们无法让 SAMBA 针对 AD 进行身份验证。以下是日志输出:

[2013/05/31 09:36:38.385857,  0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)
  get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'
[2013/05/31 09:36:38.386170,  0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)
  cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.
[2013/05/31 09:36:38.386228,  0] auth/auth_domain.c:193(connect_to_domain_password_server)
  connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
[2013/05/31 09:36:38.388088,  0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)
  get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'
[2013/05/31 09:36:38.388378,  0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)
  cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.
[2013/05/31 09:36:38.388435,  0] auth/auth_domain.c:193(connect_to_domain_password_server)
  connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
[2013/05/31 09:36:38.390201,  0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)
  get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'
[2013/05/31 09:36:38.390491,  0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)
  cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.
[2013/05/31 09:36:38.390549,  0] auth/auth_domain.c:193(connect_to_domain_password_server)
  connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.
[2013/05/31 09:36:38.390831,  0] auth/auth_domain.c:292(domain_client_validate)

domain_client_validate:域密码服务器不可用。

有人知道从哪里开始吗?

答案1

在这里找到: http://wiki.samba.org/index.php/Samba_&_Active_Directory

Ubuntu 说明: https://help.ubuntu.com/12.04/serverguide/samba-ad-integration.html

缺少最后一步:

net -U <username> ads join

一旦您成功加入域/ADS,它就可以正常工作!

答案2

使用

net -U <username> ads join

将要休息PowerBrokers 连接到 AD。例如,您可能会发现您的 AD 帐户可能不再能够 SUDO。

通过 PowerBroker 将 SAMBA 链接到 AD 的正确方法是:

samba-interop-install --install

相关内容