calculate samba # eix -S ‘mit kerberos’
[I] app-crypt/mit-krb5
Доступные версии: 1.20.1^t ~1.20.2^t ~1.21.1^t ~1.21.2^t {doc +keyutils lmdb nls openldap +pkinit selinux test +threads xinetd ABI_MIPS=“n32 n64 o32” ABI_S390=“32 64” ABI_X86=“32 64 x32” CPU_FLAGS_X86=“aes”}
Установленные версии: 1.20.1^t(15:13:52 26.06.2023)(keyutils nls pkinit threads -doc -lmdb -openldap -selinux -test -xinetd ABI_MIPS=“-n32 -n64 -o32” ABI_S390=“-32 -64” ABI_X86=“64 -32 -x32” CPU_FLAGS_X86=“aes”)
Домашняя страница: Kerberos: The Network Authentication Protocol
Описание: MIT Kerberos V

calculate samba # eix samba
[I] net-fs/samba
Доступные версии: 4.18.8^t 4.18.9^t{tbz2} ~4.18.10^t ~4.19.4^t {acl addc ads ceph client cluster cups debug fam glusterfs gpg iprint json ldap llvm-libunwind pam profiling-data python quota +regedit selinux snapper spotlight syslog system-heimdal +system-mitkrb5 systemd test unwind winbind zeroconf ABI_MIPS=“n32 n64 o32” ABI_S390=“32 64” ABI_X86=“32 64 x32” CPU_FLAGS_X86=“aes” PYTHON_SINGLE_TARGET=“python3_10 python3_11”}
Установленные версии: 4.18.9^t{tbz2}(21:07:26 10.02.2024)(acl ads client cups ldap pam python regedit system-mitkrb5 winbind -addc -ceph -cluster -debug -fam -glusterfs -gpg -iprint -json -llvm-libunwind -profiling-data -quota -selinux -snapper -spotlight -syslog -system-heimdal -systemd -test -unwind -zeroconf ABI_MIPS=“-n32 -n64 -o32” ABI_S390=“-32 -64” ABI_X86=“64 -32 -x32” CPU_FLAGS_X86=“aes” PYTHON_SINGLE_TARGET=“python3_11 -python3_10”)
Домашняя страница: https://samba.org/
Описание: Samba Suite Version 4

calculate etc # klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Администратор@EXAMPLE.RU

Valid starting Expires Service principal
14.02.2024 09:22:42 14.02.2024 19:22:42 krbtgt/EXAMPLE.RU@EXAMPLE.RU
renew until 15.02.2024 09:22:33

calculate etc # /etc/init.d/samba start
samba | * samba → start: smbd … [ ok ]
samba | * samba → start: nmbd … [ ok ]
samba | * samba → start: winbind … [ ok ]
calculate etc # /etc/init.d/samba status

• status: crashed

calculate samba # cat log.winbindd
[2024/02/14 14:03:28.984935, 0, pid=7666, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd.c:1441(main)
winbindd version 4.18.9 started.
Copyright Andrew Tridgell and the Samba Team 1992-2023
[2024/02/14 14:03:28.989491, 10, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_cache.c:4115(winbindd_validate_cache)
winbindd_validate_cache: replacing panic function
[2024/02/14 14:03:28.991090, 10, pid=7669, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_cache.c:3935(validate_cache_version)
validate_cache_version: WINBINDD_CACHE_VERSION ok
[2024/02/14 14:03:28.991180, 10, pid=7669, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_cache.c:3894(validate_trustdomcache)
validate_trustdomcache: TRUSTDOMCACHE/EXAMPLE ok
Don’t trust me, I am a DUMMY!
[2024/02/14 14:03:28.997188, 10, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_cache.c:4172(winbindd_validate_cache)
winbindd_validate_cache: restoring panic function
[2024/02/14 14:03:28.997472, 10, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_cache.c:4533(wcache_tdc_add_domain)
wcache_tdc_add_domain: Adding domain BUILTIN ((null)), SID S-1-5-32, flags = 0x0, attributes = 0x0, type = 0x1
[2024/02/14 14:03:28.997497, 10, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_cache.c:4338(pack_tdc_domains)
pack_tdc_domains: Packing 1 trusted domains
[2024/02/14 14:03:28.997519, 10, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_cache.c:4357(pack_tdc_domains)
pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
[2024/02/14 14:03:28.997548, 3, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_util.c:291(add_trusted_domain)
add_trusted_domain: Added domain [BUILTIN] [(null)] [S-1-5-32]
[2024/02/14 14:03:28.997565, 10, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_cache.c:4533(wcache_tdc_add_domain)
wcache_tdc_add_domain: Adding domain CALCULATE ((null)), SID S-1-5-21-2962830923-17605092-977086261, flags = 0x2, attributes = 0x0, type = 0x1
[2024/02/14 14:03:28.997587, 10, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_cache.c:4338(pack_tdc_domains)
pack_tdc_domains: Packing 2 trusted domains
[2024/02/14 14:03:28.997600, 10, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_cache.c:4357(pack_tdc_domains)
pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
[2024/02/14 14:03:28.997610, 10, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_cache.c:4357(pack_tdc_domains)
pack_tdc_domains: Packing domain CALCULATE (UNKNOWN)
[2024/02/14 14:03:28.997631, 3, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_util.c:291(add_trusted_domain)
add_trusted_domain: Added domain [CALCULATE] [(null)] [S-1-5-21-2962830923-17605092-977086261]
[2024/02/14 14:03:28.997661, 0, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd_util.c:1235(init_domain_list)
Could not fetch our SID - did we join?
[2024/02/14 14:03:28.997678, 0, pid=7668, effective(0, 0), real(0, 0), class=winbind] …/…/source3/winbindd/winbindd.c:1178(winbindd_register_handlers)
unable to initialize domain list

calculate samba # testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)

Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

[global]
client min protocol = NT1
disable spoolss = Yes
dns proxy = No
domain master = No
dos charset = CP866
load printers = No
local master = No
map to guest = Bad User
max log size = 20480
os level = 0
pam password change = Yes
passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully .
passwd program = /usr/bin/passwd %u
preferred master = No
printcap name = /dev/null
realm = EXAMPLE.RU
security = ADS
server role = standalone server
server string = backup srv #1
show add printer wizard = No
template shell = /bin/bash
unix charset = UTF8
unix password sync = Yes
usershare allow guests = Yes
winbind cache time = 1440
winbind enum groups = Yes
winbind enum users = Yes
winbind nss info = rfc2307
winbind offline logon = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = EXAMPLE
idmap config example.ru : backend = rid
idmap config example.ru : range = 10000-299999
idmap config * : range = 3000-7999
idmap config * : backend = tdb

calculate etc # cat /etc/hosts
#------------------------------------------------------------------------------

Modified Calculate Utilities 3.7.5.4

Processed template files:

/var/db/repos/calculate/profiles/templates/3_ac_install_live/1-merge/sys-apps/baselayout/hosts

To modify this file, create a /etc/hosts.clt template.

#------------------------------------------------------------------------------
192.168.1.182 calculate.example.ru
127.0.0.1 localhost

#------------------------------------------------------------------------------

Modified Calculate Utilities 3.7.5.4

Processed template files:

/var/db/repos/calculate/profiles/templates/2_ac_install_merge/net-fs/samba/samba

To modify this file, create a /run/calculate/mount/install/etc/conf.d/samba.clt template.

#------------------------------------------------------------------------------

Add “winbind” to the daemon_list if you also want winbind to start.

Replace “smbd nmbd” by “samba4” if you want the active directory domain controller part or the ntvfs

file server part or the rpc proxy to start.

Note that samba4 controls ‘smbd’ by itself, thus it can’t be started manually. You can, however,

tweak the behaviour of a samba4-controlled smbd by modifying your ‘/etc/samba/smb.conf’ file

accordingly.

daemon_list=“smbd nmbd winbind”

piddir=“/run/samba”

#----------------------------------------------------------------------------

Daemons calls: <daemon_name>_<command_option>

#----------------------------------------------------------------------------
my_service_name=“samba”
my_service_PRE=“unset TMP TMPDIR”
my_service_POST=“”

#----------------------------------------------------------------------------

Daemons calls: <daemon_name>_<command_option>

#----------------------------------------------------------------------------
smbd_start_options=“-D”
smbd_command=“/usr/sbin/smbd”
smbd_start=“start-stop-daemon --start --exec ${smbd_command} – ${smbd_start_options}”
smbd_stop=“start-stop-daemon --stop --exec ${smbd_command}”
smbd_reload=“killall -HUP smbd”

nmbd_start_options=“-D”
nmbd_command=“/usr/sbin/nmbd”
nmbd_start=“start-stop-daemon --start --exec ${nmbd_command} – ${nmbd_start_options}”
nmbd_stop=“start-stop-daemon --stop --exec ${nmbd_command}”
nmbd_reload=“killall -HUP nmbd”

samba4_start_options=“”
samba4_command=“/usr/sbin/samba”
samba4_pidfile=“${piddir}/samba.pid”
samba4_start=“start-stop-daemon --start --exec ${samba4_command} --pidfile ${samba4_pidfile} – ${samba4_start_options}”
samba4_stop=“start-stop-daemon --stop --exec ${samba4_command} --pidfile ${samba4_pidfile}”
samba4_reload=“killall -HUP samba”

winbind_start_options=“”
winbind_command=“/usr/sbin/winbindd”
winbind_start=“start-stop-daemon --start --exec ${winbind_command} – ${winbind_start_options}”
winbind_stop=“start-stop-daemon --stop --exec ${winbind_command}”
winbind_reload=“killall -HUP winbindd”

calculate samba # cat /etc/samba/smb.conf
[global]
log level = 0 passdb:3 auth:3 winbind:10
max log size = 20480
client min protocol = NT1
server string = backup srv #1
usershare allow guests = Yes
map to guest = Bad User
guest ok = no
obey pam restrictions = no
pam password change = Yes
passwd chat = Enter\snew\s\spassword:* %n\n Retype\snew\s\spassword:* %n\n password\supdated\ssuccessfully .
passwd program = /usr/bin/passwd %u
server role = standalone server
unix password sync = Yes
workgroup = EXAMPLE
realm = EXAMPLE.RU
security = ads
nt acl support = yes

acl compatibility = auto

encrypt passwords = true

dns proxy = no
socket options = TCP_NODELAY
domain master = no
local master = no
preferred master = no
os level = 0

domain logons = no

load printers = no
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes
idmap config * : range = 3000-7999
idmap config * : backend = tdb
idmap config EXAMPLE.RU : range = 10000-299999
idmap config EXAMPLE.RU : backend = rid
winbind nss info = rfc2307
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
winbind refresh tickets = yes
winbind offline logon = yes
winbind cache time = 1440
winbind refresh tickets = true
unix charset = UTF8
dos charset = CP866

/etc/security/limits.conf

End of file

• • nofile 65536
    root - nofile 65536

calculate etc # cat krb5.conf
[libdefaults]
default_realm = EXAMPLE.RU
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
default_tgs_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES3-CBC-SHA1 DES-CBC-MD5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES3-CBC-SHA1 DES-CBC-MD5
preferred_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES3-CBC-SHA1 DES-CBC-MD5
fcc-mit-ticketflags = true
dns_lookup_realm = false
dns_lookup_kdc = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}

[realms]
EXAMPLE.RU = {
admin_server = SERVER.EXAMPLE.RU
default_domain = EXAMPLE.RU
}

[domain_realm]
.example.ru = EXAMPLE.RU
example.ru = EXAMPLE.RU
[login]
krb4_convert = false
krb4_get_tickets = false

calculate samba # cat /etc/nsswitch.conf

passwd: files ldap winbind
shadow: files ldap winbind
group: files ldap winbind
hosts: files dns
networks: files dns
services: files ldap
protocols: files ldap
rpc: db files
ethers: db files
netmasks: files
netgroup: files ldap
bootparams: files
automount: files ldap
aliases: files