Hi Miles,
Miles Roper wrote:
Hi Drew,
No luck.
Pretty much done all that, still get all the same problems
That site was pretty good though :o)
There is one thing missing, however. If you fake winbind NSS to be
ldap, exported constructor names in winbind_nss_solaris.c also need
to be adjusted:
_nss_winbind_passwd_constr -> _nss_ldap_passwd_constr
_nss_winbind_group_constr -> _nss_ldap_group_constr
Just redirecting the symlink doesn't do. Hmm, this tweaking
of winbind NSS constructors is awful, changing from correct to
wrong. :(
This is what I did:
1. Create a copy of winbind_nss_solaris.c with a descriptive
name, like winbind_nss_solaris_fakeldap.c
2. Do constructor replacements descriped above in the copy
3. Build shared library with a descriptive name, like
make nsswitch/winbind_nss_solaris_fakeldap.po \
nsswitch/winbind_nss.po nsswitch/wb_common.po
ld -b -B symbolic +h libnss_winbind_fakeldap.1 -o nsswitch/libnss_winbind_fakeldap.1 \
nsswitch/winbind_nss_solaris_fakeldap.po nsswitch/winbind_nss.po \
nsswitch/wb_common.po -lc
4. Create symlink in /usr/lib
libnss_ldap.1 -> libnss_winbind_fakeldap.1
and leave original libnss_winbind.1 as it is.
This way gives a hint to administrators/supporters about what has
been tweaked, and it allows to revert the hack easily once the
conflict with libpam_unix.1 has been resolved.
Does anyone have an idea about the shell logging in? Why do I keep on
getting logged out? Does the home directory need to be created, does it
need a .profile? What about the permissions? I've tried creating one
world writeable but no luck.
I did not see any dependeny to the home directory. If it doesn't
exist, or is not accessible, the user just gets a warning and is
being put to '/'.
But the login shell is important ("template shell" parameter).
If the shell doesn't exist, or happens to be /usr/bin/false,
you will get logged off immediately.
Cheers!
Michael