I killed nscd and restarted samba and this fixed the problem. David
-----Original Message----- From: David Shapiro Sent: Tuesday, November 05, 2002 9:55 AM To: '[EMAIL PROTECTED]' Subject: PLEASE HELP! samba2.2.6rc2cvs - solaris winbind pam - using user "nobody" instead of domain user (additional info at top of this message) Sorry, I forgot to mention that getent passwd and getent group do work (i.e., winbind answers). Of course, the problem where large groups like "Domain Users" do not return users or even mention of the existence of the group still exists. -----Original Message----- From: David Shapiro Sent: Tuesday, November 05, 2002 9:45 AM To: '[EMAIL PROTECTED]' Subject: PLEASE HELP! samba2.2.6rc2cvs - solaris winbind pam - using user "nobody" instead of domain user Hello, Used /usr/ccs/bin ld, as, make (solaris 8) and 2.95.3 20010315 (release) I installed samba 2.2.6rc2cvs with cd /usr/local/samba/source env CFLAGS="-Wall -m32 -g" ./configure \ --with-winbind \ --with-winbind-auth-challenge \ --with-acl-support \ --with-ssl \ --without-sendfile-support \ --with-included-popt \ --with-pam \ --with-smbwrapper make && make install ln -s /usr/local/samba/source/nsswitch/libnss_winbind.so /usr/lib/libnss_winbind.so.1 ln -s /usr/local/samba/source/nsswitch/libnss_winbind.so /usr/lib/libnss_winbind.so.2 ln -s /usr/local/samba/source/nsswitch/libnss_winbind.so /usr/lib/nss_winbind.so.1 ln -s /usr/local/samba/source/nsswitch/libnss_winbind.so /usr/lib/nss_winbind.so.2 ln -s /usr/local/samba/source/nsswitch/pam_winbind.so /usr/lib/security/pam_winbind.so crle -l /usr/j2se/jre/lib/sparc -i /usr/j2se/lib/sparc -l /usr/lib -i /usr/lib -l /usr/local/lib -i /usr/local/lib -l /usr/local/ssl/lib -i /usr/local/ssl/lib -i /usr/lib/security -s /usr/lib/security -i /usr/lib/secure -s /usr/lib/security crle -64 -l /usr/lib/64 -i /usr/lib/64 -s /usr/lib/64/secure pam.conf: login auth sufficient /usr/lib/security/$ISA/pam_winbind.so login auth required /usr/lib/security/$ISA/pam_unix.so.1 login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 # rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1 rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 # dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 # rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1 other auth required /usr/lib/security/$ISA/pam_unix.so.1 # # Account management # login account sufficient /usr/lib/security/$ISA/pam_winbind.so login account requisite /usr/lib/security/$ISA/pam_roles.so.1 login account required /usr/lib/security/$ISA/pam_projects.so.1 login account required /usr/lib/security/$ISA/pam_unix.so.1 # dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1 dtlogin account required /usr/lib/security/$ISA/pam_projects.so.1 dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 # other account sufficient /usr/lib/security/$ISA/pam_winbind.so other account requisite /usr/lib/security/$ISA/pam_roles.so.1 other account required /usr/lib/security/$ISA/pam_projects.so.1 wbinfo -a INS+DavidSha%password (password was my password) returns: plaintext password authentication succeeded However, smbclient //optimus/samba-lib -UINS+DavidSha%password fails: added interface ip=10.1.1.234 bcast=10.1.1.255 nmask=255.255.255.0 added interface ip=127.0.0.1 bcast=127.0.0.255 nmask=255.255.255.0 Got a positive name query response from 10.1.4.11 ( 10.1.1.234 ) Domain=[INS] OS=[Unix] Server=[Samba 2.2.6rc2cvs] tree connect failed: NT_STATUS_WRONG_PASSWORD log.optimus shows it tryint to log in with the user nobody: er_in_list: checking user nobody in list INS+JamesF INS+DavidSha nobody [2002/11/05 09:39:24, 10] lib/username.c:user_in_list(460) user_in_list: checking user |nobody| against |INS+JamesF| [2002/11/05 09:39:24, 10] lib/username.c:user_in_list(460) user_in_list: checking user |nobody| against |INS+DavidSha| [2002/11/05 09:39:24, 10] lib/username.c:user_in_list(460) user_in_list: checking user |nobody| against |nobody| [2002/11/05 09:39:24, 10] lib/username.c:user_in_list(466) user_in_list: user |nobody| matches |nobody| [2002/11/05 09:39:24, 2] smbd/service.c:make_connection(331) Invalid username/password for samba-lib [nobody] [2002/11/05 09:39:24, 3] smbd/error.c:error_packet(110) error packet at smbd/reply.c(166) cmd=117 (SMBtconX) NT_STATUS_WRONG_PASSWORD The smb.conf: Global parameters [global] coding system = client code page = 850 code page directory = /usr/local/samba/lib/codepages workgroup = INS netbios name = OPTIMUS netbios aliases = netbios scope = server string = Samba %v on (%L) interfaces = 10.1.1.234/24 127.0.0.1/24 bind interfaces only = Yes security = DOMAIN encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = Yes password server = PDC,EXCHANGE_CORP smb passwd file = /usr/local/samba/private/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 10 syslog = 1 syslog only = No log file = /usr/local/samba/var/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.5 announce as = NT max mux = 50 max xmit = 65535 name resolve order = wins lmhosts hosts bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 10000 name cache timeout = 660 read size = 16384 socket options = SO_SNDBUF=65536 SO_RCVBUF=65536 stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = No printcap name = /etc/printcap disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 31 lm announce = Auto lm interval = 60 preferred master = Yes local master = Yes domain master = No browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = No wins server = 10.1.4.11 wins support = No wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /usr/local/samba/var/locks pid directory = /usr/local/samba/var/locks default service = message command = dfree command = valid chars = remote announce = 10.1.4.255/INS remote browse sync = 10.1.1.236 10.1.1.223 10.1.2.20 socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = 'echo %d; sleep 10000' hide local users = No winbind uid = 10000-20000 winbind gid = 10000-20000 template homedir = /export/home/%D/%U template shell = /bin/ksh winbind separator = + winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No comment = path = alternate permissions = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = printer admin = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force unknown acl user = 00 inherit permissions = No inherit acls = No guest only = No guest ok = No only user = No hosts allow = 10. 127. hosts deny = ALL status = Yes nt acl support = Yes profile acls = No block size = 1024 max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No write cache size = 0 max print jobs = 1000 printable = No postscript = No printing = bsd print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lp -i %p-%j -H hold lpresume command = lp -i %p-%j -H resume queuepause command = disable %p queueresume command = enable %p printer name = use client driver = No default devmode = No printer driver = printer driver file = /usr/local/samba/lib/printers.def printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = Yes mangling char = ~ hide dot files = Yes hide unreadable = No delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes csc policy = manual fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = Yes share modes = Yes copy = include = exec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filemode = No dos filetimes = No dos filetime resolution = No fake directory create times = No vfs object = vfs options = [homes] comment = Home Directories invalid users = root bin daemon nobody named sys tty disk mem kmem users read only = No browseable = No [samba-lib] comment = Samba lib path = /usr/local/samba/lib valid users = INS+JamesF INS+DavidSha force group = users read only = No Note: samba-lib was set up just for testing I created a group called users with gid of 10000. The directory /usr/local/samba/lib is chgrp -R users. David