LINUX.ORG.RU

Избранные сообщения mifi

Вывалилась машина из домена

Форум — Admin

Возникла такая проблема.. Машина входит в домен, была авторизация через доменного пользователя и вдруг неожиданно машина выпала из домена.

wdinfo -u нормально показывает доменных пользователей.

getent passwd показывает только локальных пользователей.

конфиг smb.conf на домене 

cat /etc/samba/smb.conf
[global]


workgroup = SMARKET
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd

interfaces = lo eth0
passdb backend = tdbsam

local master = yes
domain master = yes
preferred master = yes
domain logons = yes
logon path =\\%L\Profiles\%U
admin users = admin Administrator root
wins support = yes
name resolve order = wins lmhosts bcast
add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -m %u
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind cache time = 10
template homedir = /home/%D/%U
template shell = /bin/bash

#guest account = samp
# -------------------------------------
[netlogon]

comment = Network Login Service
path = /var/samba/netlogon
writable = no
guest ok = yes
write list = admin, administrator, root
#--------------------------------------
[homes]
comment=Home Directories
browsable = no
writable = yes


#--------------------------------------
[Profiles]

path = /var/samba/profiles
browseable = no
create mask = 0600
directory mask = 0700

конфиг smb.conf на хосте 

cat /etc/samba/smb.conf

[global]
   workgroup = SMARKET
   encrypt passwords = yes
   security = domain
   idmap config * : range = 10000-20000
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false

	server string = Samba Server Version %v
	netbios name = snab

# --------------------------- Logging Options -----------------------------

	log file = /var/log/samba/log.%m
	max log size = 50
	passdb backend = tdbsam
	map to guest = bad user
	winbind enum users = yes
	winbind enum groups =yes
	domain master = no
	domain logons = no
	local master = no
	preferred master = no
	wins server = smarket

# --------------------------- Printing Options -----------------------------

	load printers = yes
	cups options = raw

#============================ Share Definitions ==============================

[homes]
	comment = Home Directories
	browseable = no
	writable = yes

[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = no
	writable = no
	printable = yes

конфиг был скопирован с хоста у которого нет такой проблемы с авторизацией.

systemctl status winbind выдает следующее: 

● winbind.service - Samba Winbind Daemon
   Loaded: loaded (/usr/lib/systemd/system/winbind.service; enabled; vendor preset: disabled)
   Active: active (running) since Ср 2019-06-19 09:09:55 MSK; 6min ago
     Docs: man:winbindd(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 8922 (winbindd)
   Status: "winbindd: ready to serve connections..."
    Tasks: 5
   CGroup: /system.slice/winbind.service
           ├─8922 /usr/sbin/winbindd --foreground --no-process-group
           ├─8927 /usr/sbin/winbindd --foreground --no-process-group
           ├─8928 /usr/sbin/winbindd --foreground --no-process-group
           ├─8929 /usr/sbin/winbindd --foreground --no-process-group
           └─8960 /usr/sbin/winbindd --foreground --no-process-group

июн 19 09:09:54 sysadmin systemd[1]: Starting Samba Winbind Daemon...
июн 19 09:09:54 sysadmin winbindd[8922]: [2019/06/19 09:09:54.997356,  0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
июн 19 09:09:54 sysadmin winbindd[8922]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2
июн 19 09:09:55 sysadmin winbindd[8922]: [2019/06/19 09:09:55.001549,  0] ../lib/util/become_daemon.c:138(daemon_ready)
июн 19 09:09:55 sysadmin winbindd[8922]:   daemon_ready: STATUS=daemon 'winbindd' finished starting up and ready to serve connections
июн 19 09:09:55 sysadmin systemd[1]: Started Samba Winbind Daemon.
июн 19 09:09:55 sysadmin winbindd[8927]: [2019/06/19 09:09:55.102522,  0] ../source3/libsmb/namequery.c:76(saf_store)
июн 19 09:09:55 sysadmin winbindd[8927]:   saf_store: refusing to store 0 length domain or servername!
июн 19 09:10:00 sysadmin winbindd[8929]: [2019/06/19 09:10:00.105242,  0] ../source3/libsmb/namequery.c:76(saf_store)
июн 19 09:10:00 sysadmin winbindd[8929]:   saf_store: refusing to store 0 length domain or servername!

не могу понять что случилось..

 , , , ,

mifi
()
18 комментариев

маршрутизатор на гостевой системе на KVM

Форум — Admin

Схема сети: роутер подключенный к интернет -> kvm (2 сетевые платы) -> гостевая ОС (centos7) -> остальные гостевые ос + рабочие станции.

Конфигурация KVM и гостевой системы после всех манипуляций здесь

Роутер вещает в 192.168.0.0/24

на KVM один интерфейс 192.168.0.2

второй интерфейс 192.168.1.1

маршрутизатор 2 сетевых 192.168.0.254 192.168.1.254

настраиваю Quagga по гайдам но проблема что отказывается работать..

firewalld и Selinux отключаю во время настройки

Листинги zebra.conf и ospfd.conf 

[root@router quagga]# cat zebra.conf
!
! Zebra configuration saved from vty
!   2019/05/23 15:51:57
!
hostname router
password zebra
enable password zebra
log file /var/log/quagga/quagga.log
!
interface ens3
 description LAN
 ip address 192.168.0.254/24
 multicast
 ipv6 nd suppress-ra
!
interface ens9
 description LAN
 ip address 192.168.1.254/24
 multicast
 ipv6 nd suppress-ra
!
interface lo
!
interface sit0
 ipv6 nd suppress-ra
!
ip route 0.0.0.0/24 192.168.0.1
!
ip forwarding
!
!
line vty
!

[root@router quagga]# cat ospfd.conf
!
! Zebra configuration saved from vty
!   2019/05/23 15:51:57
!
hostname router
password zebra
log file /var/log/quagga/quagga.log
log stdout
!
!
!
interface ens3
 description LAN
!
interface ens9
 description LAN
!
interface lo
!
interface sit0
!
router ospf
 ospf router-id 192.168.1.254
 network 192.168.0.0/24 area 0.0.0.0
 network 192.168.1.0/24 area 0.0.0.0
 default-information originate
!
line vty
!
Вывод команды ip addr 
[root@router ~]# ip -c a
ip -c a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:2a:a7:83 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.254/24 brd 192.168.0.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe2a:a783/64 scope link 
       valid_lft forever preferred_lft forever
3: ens9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:83:ab:08 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.254/24 brd 192.168.1.255 scope global ens9
       valid_lft forever preferred_lft forever

Вывод команды ip route 

[root@router quagga]# ip route
0.0.0.0/24 via 192.168.0.1 dev ens3 proto zebra 
default via 192.168.0.1 dev ens3 
169.254.0.0/16 dev ens3 scope link metric 1002 
169.254.0.0/16 dev ens9 scope link metric 1003 
192.168.0.0/24 dev ens3 proto kernel scope link src 192.168.0.254 
192.168.1.0/24 dev ens9 proto kernel scope link src 192.168.1.254

настройки интерфейсов 

[root@router network-scripts]# cat ifcfg-ens3
HWADDR=52:54:00:2A:A7:83
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=192.168.0.254
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV4_DNS_PRIORITY=100
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
IPV6_DNS_PRIORITY=100
NAME=ens3
UUID=7197f4a9-e54e-4c6a-aa00-df772ee26377
DEVICE=ens3
ONBOOT=yes
GATEWAY=192.168.0.1

[root@router network-scripts]# cat ifcfg-ens9
HWADDR=52:54:00:83:AB:08
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=192.168.1.254
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV4_DNS_PRIORITY=100
IPV6INIT=no
NAME=ens9
UUID=e88b6945-0aef-4390-9caa-656987fdf833
DEVICE=ens9
ONBOOT=yes

Настройки сети на квм такие 

[~@KVM ~]$ ip -c a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether d8:50:e6:49:6b:84 brd ff:ff:ff:ff:ff:ff
3: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UNKNOWN group default qlen 1000
    link/ether e8:de:27:03:44:1a brd ff:ff:ff:ff:ff:ff
4: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e8:de:27:03:44:1a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::f06f:1aff:fe28:78a3/64 scope link 
       valid_lft forever preferred_lft forever
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d8:50:e6:49:6b:84 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.250/24 brd 192.168.0.255 scope global noprefixroute br0
       valid_lft forever preferred_lft forever
    inet6 fe80::da50:e6ff:fe49:6b84/64 scope link 
       valid_lft forever preferred_lft forever

с маршрутизатора пинги идут в любую сеть без проблем, до любого интерфейса маршрутизатора пинг доходит но из одной сети в другую пинг не проходит. в какую сторону копать?

 , , , ,

mifi
()
32 комментария