Re: [Samba] FreeBSD and Winbind
On Saturday 10 February 2007 13:40, Don McCall wrote: Ok, Jay, This is a real long shot, but I did run into a similar problem on SLE9 Suse Linux system. Same sort of symptoms, wbinfo would work but getent, etc would not. Finally determined that the ncsd service was interfering with the operation of winbind - so it had to be turned off: /etc/rc.d/nscd stop chkconfig nscd off After that, it all worked. I'm not familar with FreeBSD, don't even know if there IS an nscd service on it, but it's the last thing I can think of. Don By default it's off, unless you have cached_enable=YES in rc.conf it won't run. You also need to put cache in the nsswitch.conf file, although I've never used it :) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgp6jcLzQokZr.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thu, 8 Feb 2007 ([EMAIL PROTECTED]) wrote I'm hoping this is an easy question, but the way my day has gone I seriously doubt it is going to be. Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 server. I am able to join my domain and get information concerning groups and passwords from the domain controller (Windows 2003) without any problem. Where I have run into a problem is using getent to get a copy of the usernames/passwords and groups moved to the Samba machine. When I run getent, only information from the local passwd and group files is displayed. Which leads me to believe this is an nsswitch problem. I had a similar problem when adding a Samba Domain Server to a network with a Samba PDC... 'wbinfo -u/-g' produced a list of domain user/group names, but getent only produced the local names. AFAICS when winbind is responding via NSS it is filtering according to the valid and invalid user settings in the [GLOBAL] section of the local smb.conf. I have a domain called RHEA. The new Samba Domain Server is AUREUS. The following entry in [GLOBALS] in the smb.conf for AUREUS did the trick: valid users = +RHEA\domain admins +RHEA\domain users \ +RHEA\domain guests Noting that I haven't changed the winbind separator from the default. Chris -- Chris Hall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] FreeBSD and Winbind
Thanks to everyone for the help. I still cannot get getent passwd or getent group to work. This is what I have done since last round of e-mails. If anyone sees anything glaringly obvious, please let me know. 1. Compiled samba from source with --prefix=/usr/local/samba --with-smbtar --with winbind. 2. Modified /etc/nsswitch.conf with passwd: files winbind group: files winbind 3. Copied nss_winbind.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_winbind.so.2. libnss_winbind.so has permissions of 444 and is owned by root:wheel. 4. Copied nss_wins.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_wins.so.2. libness_wins.so has permissions of 444 and is owned by root:wheel. 5. Ran ldconfig -r to reload shared objects. libnss_winbind and libnss_wins are listed. 6. Started winbind. No errors. 7. wbinfo -u and wbinfo -g return the user and group names. 8. getent passwd and getent group only return local groups and users. If anyone sees anything obviously wrong, please let me know. Thanks, Jay Hi Jay, I just went through something similar on the list. If you are able to use wbinfo -u to see the users, but cannot see them with getent, the issue is almost certainly with the libnss_winbind.so library or in your nsswitch.conf configuration. I believe where the libraries need to be located depends on your linux flavor. I can tell you that on Gentoo with 3.024, they are the following: /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.2 - libnss_winbind.so /usr/lib/libnss_wins.so /usr/lib/libnss_wins.so.2 - libnss_wins.so I believe I have seen documentation which locates them in lib/security for Solaris, and I have seen them as both nss_ and libnss_ in various documentation and posts, so you should check the install documentation for FreeBSD. The nsswitch.conf check is quite simple - you need to make sure winbind is listed as an information source. My nsswitch.conf on gentoo needed to have winbind added on the following: passwd: files winbind group: files winbind Depending on what you have installed, you may need compat, db, nis, or other information stores listed at appropriate places in nsswitch.conf or the FreeBSD equivalent. Since I don't run FreeBSD, I don't want to steer you too far off track. Sincerely, Donald -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 07, 2007 7:15 PM To: samba@lists.samba.org Subject: [Samba] FreeBSD and Winbind I'm hoping this is an easy question, but the way my day has gone I seriously doubt it is going to be. Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 server. I am able to join my domain and get information concerning groups and passwords from the domain controller (Windows 2003) without any problem. Where I have run into a problem is using getent to get a copy of the usernames/passwords and groups moved to the Samba machine. When I run getent, only information from the local passwd and group files is displayed. Which leads me to believe this is an nsswitch problem. To be more specific I think I have made a mistake copying the libraries to the proper location. I was not able to find libnss_winbind.so in /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the correct file to copy? And, where should these files be copied to on FreeBSD? From what I have read so far, I am guessing these should be copied to /usr/lib. I have run ldconfig and it shows (using -r) libnss_winbind.so.1 and libnss_winbind.so.2 being listed in the hints file. My nsswitch has the following configuration passwd: files winbind group: files winbind group_compat: nis hosts: files dns networks: files passwd_compat: nis shells: files Any suggestions concerning how to proceed would be greatly appreciated. Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
Ok, Jay, This is a real long shot, but I did run into a similar problem on SLE9 Suse Linux system. Same sort of symptoms, wbinfo would work but getent, etc would not. Finally determined that the ncsd service was interfering with the operation of winbind - so it had to be turned off: /etc/rc.d/nscd stop chkconfig nscd off After that, it all worked. I'm not familar with FreeBSD, don't even know if there IS an nscd service on it, but it's the last thing I can think of. Don - Original Message From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Friday, February 9, 2007 8:36:07 PM Subject: RE: [Samba] FreeBSD and Winbind Thanks to everyone for the help. I still cannot get getent passwd or getent group to work. This is what I have done since last round of e-mails. If anyone sees anything glaringly obvious, please let me know. 1. Compiled samba from source with --prefix=/usr/local/samba --with-smbtar --with winbind. 2. Modified /etc/nsswitch.conf with passwd: files winbind group: files winbind 3. Copied nss_winbind.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_winbind.so.2. libnss_winbind.so has permissions of 444 and is owned by root:wheel. 4. Copied nss_wins.so to /usr/lib/libnss_winbind.so and created a symbolic link to the file for libnss_wins.so.2. libness_wins.so has permissions of 444 and is owned by root:wheel. 5. Ran ldconfig -r to reload shared objects. libnss_winbind and libnss_wins are listed. 6. Started winbind. No errors. 7. wbinfo -u and wbinfo -g return the user and group names. 8. getent passwd and getent group only return local groups and users. If anyone sees anything obviously wrong, please let me know. Thanks, Jay Hi Jay, I just went through something similar on the list. If you are able to use wbinfo -u to see the users, but cannot see them with getent, the issue is almost certainly with the libnss_winbind.so library or in your nsswitch.conf configuration. I believe where the libraries need to be located depends on your linux flavor. I can tell you that on Gentoo with 3.024, they are the following: /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.2 - libnss_winbind.so /usr/lib/libnss_wins.so /usr/lib/libnss_wins.so.2 - libnss_wins.so I believe I have seen documentation which locates them in lib/security for Solaris, and I have seen them as both nss_ and libnss_ in various documentation and posts, so you should check the install documentation for FreeBSD. The nsswitch.conf check is quite simple - you need to make sure winbind is listed as an information source. My nsswitch.conf on gentoo needed to have winbind added on the following: passwd: files winbind group: files winbind Depending on what you have installed, you may need compat, db, nis, or other information stores listed at appropriate places in nsswitch.conf or the FreeBSD equivalent. Since I don't run FreeBSD, I don't want to steer you too far off track. Sincerely, Donald -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, February 07, 2007 7:15 PM To: samba@lists.samba.org Subject: [Samba] FreeBSD and Winbind I'm hoping this is an easy question, but the way my day has gone I seriously doubt it is going to be. Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 server. I am able to join my domain and get information concerning groups and passwords from the domain controller (Windows 2003) without any problem. Where I have run into a problem is using getent to get a copy of the usernames/passwords and groups moved to the Samba machine. When I run getent, only information from the local passwd and group files is displayed. Which leads me to believe this is an nsswitch problem. To be more specific I think I have made a mistake copying the libraries to the proper location. I was not able to find libnss_winbind.so in /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the correct file to copy? And, where should these files be copied to on FreeBSD? From what I have read so far, I am guessing these should be copied to /usr/lib. I have run ldconfig and it shows (using -r) libnss_winbind.so.1 and libnss_winbind.so.2 being listed in the hints file. My nsswitch has the following configuration passwd: files winbind group: files winbind group_compat: nis hosts: files dns networks: files passwd_compat: nis shells: files Any suggestions concerning how to proceed would be greatly appreciated. Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman
Re: [Samba] FreeBSD and Winbind
On Saturday 10 February 2007 12:06, [EMAIL PROTECTED] wrote: [snip] I've only used smb/nss_ldap and I didn't need to copy it into /usr/lib. Can you try recompiling nss_winbind with -DDEBUG_NSS? It should print stuff to stderr (of the calling application). Note that this can produce interesting results in some programs because there is extra stuff coming out of stderr :) If you run winbindd with debugging do you see it print debugging messages when you run getent/id/etc..? -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpMXpDy9Y2vM.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 07:30, [EMAIL PROTECTED] wrote: When I use wbinfo -u or wbinfo -g, I can see a request to the DC and information being retrieved. However, when I use getent passwd or getent group, nothing is logged by winbindd. Does this mean the request is not getting to winbindd? Why do you stuck with getent? For getting user and group information you can use wbinfo -u and wbinfo -g respectively. For getting group list, which belonged some user for, use wbinfo -r username. Or wbinfo --user-domgroups SID to getting list, filled with SID's. For getting user information use wbinfo -i -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton OOO ACK telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 19:15, Rashid N. Achilov wrote: Why do you stuck with getent? For getting user and group information you can use wbinfo -u and wbinfo -g respectively. For getting group list, which belonged some user for, use wbinfo -r username. Or wbinfo --user-domgroups SID to getting list, filled with SID's. For getting user information use wbinfo -i wbinfo talks to winbindd, getent uses the same calls as a normal program to fetch the DB so you can isolate where the problem lies. (ie both are useful) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpBTK1oxj48b.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re[2]: [Samba] FreeBSD and Winbind
It was part of the FreeBSD 6.2 install. Jay Where did you find the genent? I installed from the port but I didn't find the genent in my FreeBSD system. Thanks ALex On Thu, 8 Feb 2007 01:30:36 - (GMT) [EMAIL PROTECTED] wrote: On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: To be more specific I think I have made a mistake copying the libraries to the proper location. I was not able to find libnss_winbind.so in /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the correct file to copy? And, where should these files be copied to on FreeBSD? From what I have read so far, I am guessing these should be copied to /usr/lib. Why aren't you using the port? It should Just Work(tm). You can keep the nss shared object in /usr/local/lib because FreeBSD will mount the disks very early on. My nsswitch has the following configuration passwd: files winbind group: files winbind group_compat: nis hosts: files dns networks: files passwd_compat: nis shells: files Try removing the _compat entries. For LDAP I have this.. group: files ldap hosts: files dns networks: files passwd: files ldap shells: files And getent works fine. You could try cranking up debugging in Winbindd too (not that I've ever used it) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C Unfortunately, some things came up and I going to be here for a while. So, I changed the debug level on winbindd to 5. Wow, there is a lot logged! When I use wbinfo -u or wbinfo -g, I can see a request to the DC and information being retrieved. However, when I use getent passwd or getent group, nothing is logged by winbindd. Does this mean the request is not getting to winbindd? Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] FreeBSD and Winbind
I'm hoping this is an easy question, but the way my day has gone I seriously doubt it is going to be. Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 server. I am able to join my domain and get information concerning groups and passwords from the domain controller (Windows 2003) without any problem. Where I have run into a problem is using getent to get a copy of the usernames/passwords and groups moved to the Samba machine. When I run getent, only information from the local passwd and group files is displayed. Which leads me to believe this is an nsswitch problem. To be more specific I think I have made a mistake copying the libraries to the proper location. I was not able to find libnss_winbind.so in /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the correct file to copy? And, where should these files be copied to on FreeBSD? From what I have read so far, I am guessing these should be copied to /usr/lib. I have run ldconfig and it shows (using -r) libnss_winbind.so.1 and libnss_winbind.so.2 being listed in the hints file. My nsswitch has the following configuration passwd: files winbind group: files winbind group_compat: nis hosts: files dns networks: files passwd_compat: nis shells: files Any suggestions concerning how to proceed would be greatly appreciated. Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: To be more specific I think I have made a mistake copying the libraries to the proper location. I was not able to find libnss_winbind.so in /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the correct file to copy? And, where should these files be copied to on FreeBSD? From what I have read so far, I am guessing these should be copied to /usr/lib. Why aren't you using the port? It should Just Work(tm). You can keep the nss shared object in /usr/local/lib because FreeBSD will mount the disks very early on. My nsswitch has the following configuration passwd: files winbind group: files winbind group_compat: nis hosts: files dns networks: files passwd_compat: nis shells: files Try removing the _compat entries. For LDAP I have this.. group: files ldap hosts: files dns networks: files passwd: files ldap shells: files And getent works fine. You could try cranking up debugging in Winbindd too (not that I've ever used it) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpgbTRELUUEI.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: To be more specific I think I have made a mistake copying the libraries to the proper location. I was not able to find libnss_winbind.so in /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the correct file to copy? And, where should these files be copied to on FreeBSD? From what I have read so far, I am guessing these should be copied to /usr/lib. Why aren't you using the port? It should Just Work(tm). You can keep the nss shared object in /usr/local/lib because FreeBSD will mount the disks very early on. My nsswitch has the following configuration passwd: files winbind group: files winbind group_compat: nis hosts: files dns networks: files passwd_compat: nis shells: files Try removing the _compat entries. For LDAP I have this.. group: files ldap hosts: files dns networks: files passwd: files ldap shells: files And getent works fine. You could try cranking up debugging in Winbindd too (not that I've ever used it) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C I removed the compat entires with the same result. I am installing the port now to see if that fixes my problem. When I have some more time tomorrow, I will use the debugging on winbind and see what I can find. Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: To be more specific I think I have made a mistake copying the libraries to the proper location. I was not able to find libnss_winbind.so in /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the correct file to copy? And, where should these files be copied to on FreeBSD? From what I have read so far, I am guessing these should be copied to /usr/lib. Why aren't you using the port? It should Just Work(tm). You can keep the nss shared object in /usr/local/lib because FreeBSD will mount the disks very early on. My nsswitch has the following configuration passwd: files winbind group: files winbind group_compat: nis hosts: files dns networks: files passwd_compat: nis shells: files Try removing the _compat entries. For LDAP I have this.. group: files ldap hosts: files dns networks: files passwd: files ldap shells: files And getent works fine. You could try cranking up debugging in Winbindd too (not that I've ever used it) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C Unfortunately, some things came up and I going to be here for a while. So, I changed the debug level on winbindd to 5. Wow, there is a lot logged! When I use wbinfo -u or wbinfo -g, I can see a request to the DC and information being retrieved. However, when I use getent passwd or getent group, nothing is logged by winbindd. Does this mean the request is not getting to winbindd? Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] FreeBSD and Winbind
Where did you find the genent? I installed from the port but I didn't find the genent in my FreeBSD system. Thanks ALex On Thu, 8 Feb 2007 01:30:36 - (GMT) [EMAIL PROTECTED] wrote: On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: To be more specific I think I have made a mistake copying the libraries to the proper location. I was not able to find libnss_winbind.so in /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the correct file to copy? And, where should these files be copied to on FreeBSD? From what I have read so far, I am guessing these should be copied to /usr/lib. Why aren't you using the port? It should Just Work(tm). You can keep the nss shared object in /usr/local/lib because FreeBSD will mount the disks very early on. My nsswitch has the following configuration passwd: files winbind group: files winbind group_compat: nis hosts: files dns networks: files passwd_compat: nis shells: files Try removing the _compat entries. For LDAP I have this.. group: files ldap hosts: files dns networks: files passwd: files ldap shells: files And getent works fine. You could try cranking up debugging in Winbindd too (not that I've ever used it) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C Unfortunately, some things came up and I going to be here for a while. So, I changed the debug level on winbindd to 5. Wow, there is a lot logged! When I use wbinfo -u or wbinfo -g, I can see a request to the DC and information being retrieved. However, when I use getent passwd or getent group, nothing is logged by winbindd. Does this mean the request is not getting to winbindd? Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 12:00, [EMAIL PROTECTED] wrote: Unfortunately, some things came up and I going to be here for a while. So, I changed the debug level on winbindd to 5. Wow, there is a lot logged! When I use wbinfo -u or wbinfo -g, I can see a request to the DC and information being retrieved. However, when I use getent passwd or getent group, nothing is logged by winbindd. Does this mean the request is not getting to winbindd? Sure looks that way. Try runnniing winbindd with -i -n Try enabling debug logging in syslog (ie touch /var/log/debug.log and uncomment the debug line in syslog.conf and restart it) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpRt3UoteN1N.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 12:26, Alex Wang wrote: Where did you find the genent? I installed from the port but I didn't find the genent in my FreeBSD system. It's in 6.2 (and -current) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgp34LEEtzfEn.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] FreeBSD 6.1 - winbind - ssh pam problem
Hello All: I am trying to authenticate against an Active Directory using winbind in my /etc/pam.d/sshd configuration (below). If the user is in the local password file, I can authenticate successfully using that user's Active Directory credentials. However, if the user is not in the local password file, I get the following errors. Nov 3 10:07:48 mailnat pam_winbind[29805]: request failed: Wrong Password, PAM error was system error (4), NT error was NT_STATUS_WRONG_PASSWORD Nov 3 10:07:48 mailnat pam_winbind[29805]: internal module error (retval = 4, user = `mksmithadmin') Nov 3 10:07:48 mailnat sshd[29805]: in _openpam_check_error_code(): pam_sm_authenticate(): unexpected return value 4 Nov 3 10:07:48 mailnat sshd[29803]: error: PAM: error in service module for illegal user mksmithadmin from 216.211.143.98 The password for the user is valid in the Active Directory, but the user 'mksmithadmin' is not in the local password file. The user shows up correctly when issuing a wbinfo -u. Here are some relevent (I hope) configurations. Any help would be greatly appreciated. Regards, Mike # /etc/pam.d/sshd authsufficient /usr/local/samba/lib/security/pam_winbind.so authsufficient pam_nologin.so no_warn authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local authsufficient pam_unix.so no_warn try_first_pass account sufficient /usr/local/samba/lib/security/pam_winbind.so account requiredpam_unix.so session requiredpam_permit.so passwordrequiredpam_unix.so no_warn try_first_pass # /etc/nsswitch.conf group: files winbind group_compat: nis hosts: files dns networks: files passwd: files winbind passwd_compat: nis shells: files # smb.conf [global] workgroup = ADHOST server string = Samba Server security = ADS hosts allow = 10.142.0. 10.211.128. 127. load printers = no printing = bsd log file = /usr/local/samba/var/%m.log log level = 3 max log size = 500 password server = ad-pdc01 realm = ADHOST.LAN passdb backend = tdbsam interfaces = lots of addresses local master = no domain master = no preferred master = no domain logons = no wins support = no dns proxy = no idmap uid = 600-2 idmap gid = 600-2 template shell = /bin/tcsh template homedir = /home/%U winbind use default domain = Yes winbind separator = + winbind nested groups = Yes winbind enum users = Yes winbind enum groups = Yes syslog only = Yes ldap ssl = No encrypt passwords = Yes # ./configure parameters $ ./configure CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib --with-winbind --with-ads --with-ldap --with-msdfs --enable-socket-wrapper --disable-cups --disable-iprint --with-pam --with-pam_smbpass --with-exp-modules -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] FreeBSD + samba + winbind
People I'm trying to make a file server that authenticate on Primary Domain Controller NT 4.0. I've read that samba can do it, yes i could see. Unhappy i've observed that is need to create an account for each user that i want autenticate in the Samba. Searching for a solution for these, i've found that winbind can do it, ok, but i'm having some troubles running winbind to authenticate it transparently. Anyone can help me, or send-me some documentation as how to configure winbind on the FreeBSD server. I'm trying to configure pam.d and nsswitch but i dont know how to... Some Informations About My Systems: Windows NT 4.0 SP6a as Primary Domain Controller FreeBSD 5.2.1 Release Samba 3.0.2 from ports (19/03/2004) with Winbind, LDAP, krb5 ( as Heimdal ) thanks for all ¨Unix is user friendly. It's just selective about who its friends are¨ __ Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - É grátis! http://antipopup.uol.com.br/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] freebsd and winbind
I've been working for a couple days to get NSSwitch to work under FREEBSD, and what I'm noticing from the winbind debug info is that when it trys to create the user map, it passes the username but not the group. I believe this is why it is failing. Can someone tell me is this is a bug, or config issue? [32589]: request interface version [32589]: request location of privileged pipe [32589]: ping [32589]: pam auth crap domain: TECH user: acollins Connected to LDAP server 140.198.45.130 got ldap server name [EMAIL PROTECTED], using bind path: dc=TECH,dc=GC,dc=MARICOPA,dc=EDU IPC$ connections done by user TECH\testuser Connecting to host=GARGOYLE Connecting to 140.198.45.130 at port 445 Doing spnego session setup (blob length=118) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got [EMAIL PROTECTED] Doing kerberos session setup [32589]: create_user: user=(acollins), group=() -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba