Re: [Samba] FreeBSD and Winbind
On Thu, 8 Feb 2007 ([EMAIL PROTECTED]) wrote I'm hoping this is an easy question, but the way my day has gone I seriously doubt it is going to be. Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 server. I am able to join my domain and get information concerning groups and passwords from the domain controller (Windows 2003) without any problem. Where I have run into a problem is using getent to get a copy of the usernames/passwords and groups moved to the Samba machine. When I run getent, only information from the local passwd and group files is displayed. Which leads me to believe this is an nsswitch problem. I had a similar problem when adding a Samba Domain Server to a network with a Samba PDC... 'wbinfo -u/-g' produced a list of domain user/group names, but getent only produced the local names. AFAICS when winbind is responding via NSS it is filtering according to the valid and invalid user settings in the [GLOBAL] section of the local smb.conf. I have a domain called RHEA. The new Samba Domain Server is AUREUS. The following entry in [GLOBALS] in the smb.conf for AUREUS did the trick: valid users = "+RHEA\domain admins" "+RHEA\domain users" \ "+RHEA\domain guests" Noting that I haven't changed the "winbind separator" from the default. Chris -- Chris Hall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Saturday 10 February 2007 13:40, Don McCall wrote: > Ok, Jay, > This is a real long shot, but I did run into a similar problem on SLE9 Suse > Linux system. Same sort of symptoms, wbinfo would work but getent, etc > would not. Finally determined that the ncsd service was interfering with > the operation of winbind - so it had to be turned off: > > /etc/rc.d/nscd stop > chkconfig nscd off > > After that, it all worked. > I'm not familar with FreeBSD, don't even know if there IS an nscd service > on it, but it's the last thing I can think of. Don By default it's off, unless you have cached_enable="YES" in rc.conf it won't run. You also need to put cache in the nsswitch.conf file, although I've never used it :) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgp6jcLzQokZr.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Saturday 10 February 2007 12:06, [EMAIL PROTECTED] wrote: [snip] I've only used smb/nss_ldap and I didn't need to copy it into /usr/lib. Can you try recompiling nss_winbind with -DDEBUG_NSS? It should print stuff to stderr (of the calling application). Note that this can produce "interesting" results in some programs because there is extra stuff coming out of stderr :) If you run winbindd with debugging do you see it print debugging messages when you run getent/id/etc..? -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpMXpDy9Y2vM.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
Ok, Jay, This is a real long shot, but I did run into a similar problem on SLE9 Suse Linux system. Same sort of symptoms, wbinfo would work but getent, etc would not. Finally determined that the ncsd service was interfering with the operation of winbind - so it had to be turned off: /etc/rc.d/nscd stop chkconfig nscd off After that, it all worked. I'm not familar with FreeBSD, don't even know if there IS an nscd service on it, but it's the last thing I can think of. Don - Original Message From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Friday, February 9, 2007 8:36:07 PM Subject: RE: [Samba] FreeBSD and Winbind Thanks to everyone for the help. I still cannot get getent passwd or getent group to work. This is what I have done since last round of e-mails. If anyone sees anything glaringly obvious, please let me know. 1. Compiled samba from source with --prefix=/usr/local/samba --with-smbtar --with winbind. 2. Modified /etc/nsswitch.conf with passwd: files winbind group: files winbind 3. Copied nss_winbind.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_winbind.so.2. libnss_winbind.so has permissions of 444 and is owned by root:wheel. 4. Copied nss_wins.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_wins.so.2. libness_wins.so has permissions of 444 and is owned by root:wheel. 5. Ran ldconfig -r to reload shared objects. libnss_winbind and libnss_wins are listed. 6. Started winbind. No errors. 7. wbinfo -u and wbinfo -g return the user and group names. 8. getent passwd and getent group only return local groups and users. If anyone sees anything obviously wrong, please let me know. Thanks, Jay > Hi Jay, > > I just went through something similar on the list. If you are able to > use > wbinfo -u to see the users, but cannot see them with getent, the issue is > almost certainly with the libnss_winbind.so library or in your > nsswitch.conf > configuration. > > I believe where the libraries need to be located depends on your linux > flavor. I can tell you that on Gentoo with 3.024, they are the following: > > /usr/lib/libnss_winbind.so > /usr/lib/libnss_winbind.so.2 -> libnss_winbind.so > /usr/lib/libnss_wins.so > /usr/lib/libnss_wins.so.2 -> libnss_wins.so > > I believe I have seen documentation which locates them in lib/security > for > Solaris, and I have seen them as both nss_ and libnss_ in various > documentation and posts, so you should check the install documentation for > FreeBSD. > > The nsswitch.conf check is quite simple - you need to make sure winbind > is > listed as an information source. My nsswitch.conf on gentoo needed to > have > winbind added on the following: > > passwd: files winbind > group: files winbind > > Depending on what you have installed, you may need compat, db, nis, or > other information stores listed at appropriate places in nsswitch.conf or > the FreeBSD equivalent. Since I don't run FreeBSD, I don't want to steer > you too far off track. > > Sincerely, > Donald > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, February 07, 2007 7:15 PM > To: samba@lists.samba.org > Subject: [Samba] FreeBSD and Winbind > > I'm hoping this is an easy question, but the way my day has gone I > seriously doubt it is going to be. > > Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 > server. I am able to join my domain and get information concerning groups > and passwords from the domain controller (Windows 2003) without any > problem. > > Where I have run into a problem is using getent to get a copy of the > usernames/passwords and groups moved to the Samba machine. When I run > getent, only information from the local passwd and group files is > displayed. Which leads me to believe this is an nsswitch problem. > > To be more specific I think I have made a mistake copying the libraries to > the proper location. I was not able to find libnss_winbind.so in > /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the > correct file to copy? And, where should these files be copied to on > FreeBSD? From what I have read so far, I am guessing these should be > copied to /usr/lib. > > I have run ldconfig and it shows (using -r) libnss_winbind.so.1 and > libnss_winbind.so.2 being listed in the hints file. > > My nsswitch has the following configuration > passwd: files winbind > group: files winbind > group_compat: nis > hosts: files dns > networks: files > passwd_compat: nis >
RE: [Samba] FreeBSD and Winbind
Thanks to everyone for the help. I still cannot get getent passwd or getent group to work. This is what I have done since last round of e-mails. If anyone sees anything glaringly obvious, please let me know. 1. Compiled samba from source with --prefix=/usr/local/samba --with-smbtar --with winbind. 2. Modified /etc/nsswitch.conf with passwd: files winbind group: files winbind 3. Copied nss_winbind.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_winbind.so.2. libnss_winbind.so has permissions of 444 and is owned by root:wheel. 4. Copied nss_wins.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_wins.so.2. libness_wins.so has permissions of 444 and is owned by root:wheel. 5. Ran ldconfig -r to reload shared objects. libnss_winbind and libnss_wins are listed. 6. Started winbind. No errors. 7. wbinfo -u and wbinfo -g return the user and group names. 8. getent passwd and getent group only return local groups and users. If anyone sees anything obviously wrong, please let me know. Thanks, Jay > Hi Jay, > > I just went through something similar on the list. If you are able to > use > wbinfo -u to see the users, but cannot see them with getent, the issue is > almost certainly with the libnss_winbind.so library or in your > nsswitch.conf > configuration. > > I believe where the libraries need to be located depends on your linux > flavor. I can tell you that on Gentoo with 3.024, they are the following: > > /usr/lib/libnss_winbind.so > /usr/lib/libnss_winbind.so.2 -> libnss_winbind.so > /usr/lib/libnss_wins.so > /usr/lib/libnss_wins.so.2 -> libnss_wins.so > > I believe I have seen documentation which locates them in lib/security > for > Solaris, and I have seen them as both nss_ and libnss_ in various > documentation and posts, so you should check the install documentation for > FreeBSD. > > The nsswitch.conf check is quite simple - you need to make sure winbind > is > listed as an information source. My nsswitch.conf on gentoo needed to > have > winbind added on the following: > > passwd: files winbind > group: files winbind > > Depending on what you have installed, you may need compat, db, nis, or > other information stores listed at appropriate places in nsswitch.conf or > the FreeBSD equivalent. Since I don't run FreeBSD, I don't want to steer > you too far off track. > > Sincerely, > Donald > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, February 07, 2007 7:15 PM > To: samba@lists.samba.org > Subject: [Samba] FreeBSD and Winbind > > I'm hoping this is an easy question, but the way my day has gone I > seriously doubt it is going to be. > > Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 > server. I am able to join my domain and get information concerning groups > and passwords from the domain controller (Windows 2003) without any > problem. > > Where I have run into a problem is using getent to get a copy of the > usernames/passwords and groups moved to the Samba machine. When I run > getent, only information from the local passwd and group files is > displayed. Which leads me to believe this is an nsswitch problem. > > To be more specific I think I have made a mistake copying the libraries to > the proper location. I was not able to find libnss_winbind.so in > /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the > correct file to copy? And, where should these files be copied to on > FreeBSD? From what I have read so far, I am guessing these should be > copied to /usr/lib. > > I have run ldconfig and it shows (using -r) libnss_winbind.so.1 and > libnss_winbind.so.2 being listed in the hints file. > > My nsswitch has the following configuration > passwd: files winbind > group: files winbind > group_compat: nis > hosts: files dns > networks: files > passwd_compat: nis > shells: files > > Any suggestions concerning how to proceed would be greatly appreciated. > > Thanks, > > > Jay > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 19:15, Rashid N. Achilov wrote: > Why do you stuck with getent? For getting user and group information you > can use wbinfo -u and wbinfo -g respectively. For getting group list, which > belonged some user for, use wbinfo -r . Or wbinfo > --user-domgroups to getting list, filled with SID's. For getting user > information use wbinfo -i wbinfo talks to winbindd, getent uses the same calls as a normal program to fetch the DB so you can isolate where the problem lies. (ie both are useful) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpBTK1oxj48b.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 07:30, [EMAIL PROTECTED] wrote: > > When I use wbinfo -u or wbinfo -g, I can see a request to the DC and > information being retrieved. However, when I use getent passwd or getent > group, nothing is logged by winbindd. Does this mean the request is not > getting to winbindd? Why do you stuck with getent? For getting user and group information you can use wbinfo -u and wbinfo -g respectively. For getting group list, which belonged some user for, use wbinfo -r . Or wbinfo --user-domgroups to getting list, filled with SID's. For getting user information use wbinfo -i -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton OOO "ACK" telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 12:26, Alex Wang wrote: > Where did you find the genent? I installed from the port but I didn't > find the genent in my FreeBSD system. It's in 6.2 (and -current) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgp34LEEtzfEn.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 12:00, [EMAIL PROTECTED] wrote: > Unfortunately, some things came up and I going to be here for a while. > So, I changed the debug level on winbindd to 5. Wow, there is a lot > logged! > > When I use wbinfo -u or wbinfo -g, I can see a request to the DC and > information being retrieved. However, when I use getent passwd or getent > group, nothing is logged by winbindd. Does this mean the request is not > getting to winbindd? Sure looks that way. Try runnniing winbindd with -i -n Try enabling debug logging in syslog (ie touch /var/log/debug.log and uncomment the debug line in syslog.conf and restart it) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpRt3UoteN1N.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
> On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: >> To be more specific I think I have made a mistake copying the libraries >> to >> the proper location. I was not able to find libnss_winbind.so in >> /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this >> the >> correct file to copy? And, where should these files be copied to on >> FreeBSD? From what I have read so far, I am guessing these should be >> copied to /usr/lib. > > Why aren't you using the port? It should Just Work(tm). > > You can keep the nss shared object in /usr/local/lib because FreeBSD will > mount the disks very early on. > >> My nsswitch has the following configuration >> passwd: files winbind >> group: files winbind >> group_compat: nis >> hosts: files dns >> networks: files >> passwd_compat: nis >> shells: files > > Try removing the _compat entries. > For LDAP I have this.. > group: files ldap > hosts: files dns > networks: files > passwd: files ldap > shells: files > > And getent works fine. You could try cranking up debugging in Winbindd too > (not that I've ever used it) > > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > Unfortunately, some things came up and I going to be here for a while. So, I changed the debug level on winbindd to 5. Wow, there is a lot logged! When I use wbinfo -u or wbinfo -g, I can see a request to the DC and information being retrieved. However, when I use getent passwd or getent group, nothing is logged by winbindd. Does this mean the request is not getting to winbindd? Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
> On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: >> To be more specific I think I have made a mistake copying the libraries >> to >> the proper location. I was not able to find libnss_winbind.so in >> /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this >> the >> correct file to copy? And, where should these files be copied to on >> FreeBSD? From what I have read so far, I am guessing these should be >> copied to /usr/lib. > > Why aren't you using the port? It should Just Work(tm). > > You can keep the nss shared object in /usr/local/lib because FreeBSD will > mount the disks very early on. > >> My nsswitch has the following configuration >> passwd: files winbind >> group: files winbind >> group_compat: nis >> hosts: files dns >> networks: files >> passwd_compat: nis >> shells: files > > Try removing the _compat entries. > For LDAP I have this.. > group: files ldap > hosts: files dns > networks: files > passwd: files ldap > shells: files > > And getent works fine. You could try cranking up debugging in Winbindd too > (not that I've ever used it) > > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > I removed the compat entires with the same result. I am installing the port now to see if that fixes my problem. When I have some more time tomorrow, I will use the debugging on winbind and see what I can find. Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: > To be more specific I think I have made a mistake copying the libraries to > the proper location. I was not able to find libnss_winbind.so in > /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the > correct file to copy? And, where should these files be copied to on > FreeBSD? From what I have read so far, I am guessing these should be > copied to /usr/lib. Why aren't you using the port? It should Just Work(tm). You can keep the nss shared object in /usr/local/lib because FreeBSD will mount the disks very early on. > My nsswitch has the following configuration > passwd: files winbind > group: files winbind > group_compat: nis > hosts: files dns > networks: files > passwd_compat: nis > shells: files Try removing the _compat entries. For LDAP I have this.. group: files ldap hosts: files dns networks: files passwd: files ldap shells: files And getent works fine. You could try cranking up debugging in Winbindd too (not that I've ever used it) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpgbTRELUUEI.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
