[Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
I've been trying to find a solution to passwd not working on HPUX 11 with a modified nsswitch.conf. (Interestingly, using the -r files switch works on Solaris, but not HPUX.) The two proposed workarounds I have seen (naming the module ldap and replacing the system one, or creating a wrapper for passwd that fiddles with the nsswitch.conf) aren't acceptable. I'm really hoping that HP has fixed this, but I wasn't able to locate an applicable patch on their site. If anyone knows of one, please point me to it! Thanks, Dan Nuffer MCCALL, DON (HP-USA,ex1) wrote: Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
I think I've figured it out. It doesn't work if nsswitch.conf has got passwd: files nis winbind or passwd: files winbind nis But if it only has two modules listed: passwd: files winbind then passwd -r files works fine. -- Dan Nuffer MCCALL,DON (HP-USA,ex1) wrote: Hello Dan, Can you post the passwd line of your nsswitch.conf file? I am on 11.11, and passwd -r files username Works just fine for me, with winbind added to my passwd line in the /etc/nsswitch.conf file... Don -Original Message- From: Dan Nuffer [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 3:13 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help I've been trying to find a solution to passwd not working on HPUX 11 with a modified nsswitch.conf. (Interestingly, using the -r files switch works on Solaris, but not HPUX.) The two proposed workarounds I have seen (naming the module ldap and replacing the system one, or creating a wrapper for passwd that fiddles with the nsswitch.conf) aren't acceptable. I'm really hoping that HP has fixed this, but I wasn't able to locate an applicable patch on their site. If anyone knows of one, please point me to it! Thanks, Dan Nuffer MCCALL, DON (HP-USA,ex1) wrote: Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
You got it. I had Passwd: compat winbind don > -Original Message- > From: Dan Nuffer [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 06, 2003 11:07 AM > To: MCCALL,DON (HP-USA,ex1) > Cc: [EMAIL PROTECTED] > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > I think I've figured it out. > > It doesn't work if nsswitch.conf has got > > passwd: files nis winbind > or > passwd: files winbind nis > > But if it only has two modules listed: > > passwd: files winbind > > then passwd -r files works fine. > > -- > Dan Nuffer > > MCCALL,DON (HP-USA,ex1) wrote: > > >Hello Dan, > >Can you post the passwd line of your nsswitch.conf file? > >I am on 11.11, and passwd -r files username > >Works just fine for me, with winbind added to my passwd line in the > >/etc/nsswitch.conf file... Don > > > > > > > >>-Original Message- > >>From: Dan Nuffer [mailto:[EMAIL PROTECTED] > >>Sent: Tuesday, August 05, 2003 3:13 PM > >>To: [EMAIL PROTECTED] > >>Cc: [EMAIL PROTECTED] > >>Subject: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > >> > >> > >>I've been trying to find a solution to passwd not working on > >>HPUX 11 with a modified nsswitch.conf. (Interestingly, using > >>the -r files switch works on Solaris, but not HPUX.) > >> > >>The two proposed workarounds I have seen (naming the module > >>ldap and replacing the system one, or creating a wrapper for > >>passwd that fiddles with the nsswitch.conf) aren't acceptable. > >> > >>I'm really hoping that HP has fixed this, but I wasn't able > >>to locate an applicable patch on their site. If anyone knows > >>of one, please point me to it! > >> > >>Thanks, > >>Dan Nuffer > >> > >> > >>MCCALL, DON (HP-USA,ex1) wrote: > >> > >> > >>>Hi Everyone, > >>>This whole problem with the password command not working > >>> > >>> > >>when winbind > >> > >> > >>>is included as a method in the nsswitch.conf can probably be worked > >>>around by simply using the -r files (or -r nis or -r > >>> > >>> > >>nisplus) switch. > >> > >> > >>>Take a look at the man page for passwd on HP-UX 11.x and > >>> > >>> > >>see if this > >> > >> > >>>won't help you out. Hope this helps, > >>>Don > >>> > >>> > >>> > >> > >> > >> > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hello Dan, Can you post the passwd line of your nsswitch.conf file? I am on 11.11, and passwd -r files username Works just fine for me, with winbind added to my passwd line in the /etc/nsswitch.conf file... Don > -Original Message- > From: Dan Nuffer [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 05, 2003 3:13 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > I've been trying to find a solution to passwd not working on > HPUX 11 with a modified nsswitch.conf. (Interestingly, using > the -r files switch works on Solaris, but not HPUX.) > > The two proposed workarounds I have seen (naming the module > ldap and replacing the system one, or creating a wrapper for > passwd that fiddles with the nsswitch.conf) aren't acceptable. > > I'm really hoping that HP has fixed this, but I wasn't able > to locate an applicable patch on their site. If anyone knows > of one, please point me to it! > > Thanks, > Dan Nuffer > > > MCCALL, DON (HP-USA,ex1) wrote: > > Hi Everyone, > > This whole problem with the password command not working > when winbind > > is included as a method in the nsswitch.conf can probably be worked > > around by simply using the -r files (or -r nis or -r > nisplus) switch. > > Take a look at the man page for passwd on HP-UX 11.x and > see if this > > won't help you out. Hope this helps, > > Don > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi All, Thanks for your help, still no luck though. More info for you. with no debug statements in my /etc/pam.conf I get in sys log the following. Feb 2 14:43:02 coastdr pam_winbind[2832]: user 'traininguser' granted acces with debug turned on I get Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user `traininguser' Feb 2 14:47:49 coastdr pam_winbind[2839]: user 'traininguser' granted acces the user is still logging out. incidentlally, when I log in as a unix user, rather than a win2k user I don't get anything in sys log. I've included my pam.conf below. Also, I checked for /etc/shells, no such file, and I have set my smb.conf shell line to template shell = /sbin/sh and also tried template shell = /usr/bin/sh both files exist. # # PAM configuration # # Authentication management # loginauth sufficient/usr/lib/security/libpam_unix.1 debug loginauth sufficient/usr/lib/security/libpam_winbind.1 debug #login auth sufficient/usr/lib/security/libpam_smb.1 nolocal debug su auth required /usr/lib/security/libpam_unix.1 debug dtlogin auth required /usr/lib/security/libpam_unix.1 debug dtaction auth required /usr/lib/security/libpam_unix.1 debug ftp auth required /usr/lib/security/libpam_unix.1 debug OTHERauth required /usr/lib/security/libpam_unix.1 debug # # Account management # loginaccount sufficient /usr/lib/security/libpam_unix.1 debug loginaccount sufficient /usr/lib/security/libpam_winbind.1 debug su account required /usr/lib/security/libpam_unix.1 debug dtlogin account required /usr/lib/security/libpam_unix.1 debug dtaction account required /usr/lib/security/libpam_unix.1 debug ftp account required /usr/lib/security/libpam_unix.1 debug # OTHERaccount required /usr/lib/security/libpam_unix.1 debug # # Session management # loginsession sufficient /usr/lib/security/libpam_unix.1 debug loginsession sufficient /usr/lib/security/libpam_winbind.1 debug dtlogin session required /usr/lib/security/libpam_unix.1 debug dtaction session required /usr/lib/security/libpam_unix.1 debug OTHERsession required /usr/lib/security/libpam_unix.1 debug # # Password management # loginpassword sufficient/usr/lib/security/libpam_unix.1 debug loginpassword sufficient/usr/lib/security/libpam_winbind.1 debug passwd password required /usr/lib/security/libpam_unix.1 debug passwd password required /usr/lib/security/libpam_winbind.1 debug dtlogin password required /usr/lib/security/libpam_unix.1 debug dtaction password required /usr/lib/security/libpam_unix.1 debug OTHERpassword required /usr/lib/security/libpam_unix.1 debug Cheers Miles -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Saturday, 1 February 2003 04:53 a.m. To: 'John H Terpstra'; Miles Roper Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON (HP-USA,ex1); 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Hi, Miles, Actually on HP-UX, you will need to add the word 'debug' at the end of each of the lines in you /etc/pam.conf file, to enable more debugging to go into the /var/adm/syslog/syslog.log file. One thing that I have seen something like this happen on is if the /etc/shells file is corrupt, or if the shell that is defined for the user (since they don't have a /etc/passwd entry, this would be whatever you put in template in the smb.conf) does not exactly match one of the lines in /etc/shells, or the defaults, if this file does not exist. The defaults for 11.0 are: /sbin/sh /usr/bin/sh /usr/bin/rsh /usr/bin/ksh /usr/bin/rksh /usr/bin/csh /usr/bin/keysh Hope this helps, Don > -Original Message- > From: John H Terpstra [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 31, 2003 1:36 > To: Miles Roper > Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'MCCALL,DON > (HP-USA,ex1)'; 'Richard Sharpe' > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > On Fri, 31 Jan 2003, Miles Roper wrote: > > > Hi Everyone, > > > > I'm forgetting about the password one at the moment, thanks > for all your > > input :o) > > > > I still don't have a clue how to solve my main problem. > I'm assuming that > > its not actually winbind related now, as
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi, Miles, Actually on HP-UX, you will need to add the word 'debug' at the end of each of the lines in you /etc/pam.conf file, to enable more debugging to go into the /var/adm/syslog/syslog.log file. One thing that I have seen something like this happen on is if the /etc/shells file is corrupt, or if the shell that is defined for the user (since they don't have a /etc/passwd entry, this would be whatever you put in template in the smb.conf) does not exactly match one of the lines in /etc/shells, or the defaults, if this file does not exist. The defaults for 11.0 are: /sbin/sh /usr/bin/sh /usr/bin/rsh /usr/bin/ksh /usr/bin/rksh /usr/bin/csh /usr/bin/keysh Hope this helps, Don > -Original Message- > From: John H Terpstra [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 31, 2003 1:36 > To: Miles Roper > Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'MCCALL,DON > (HP-USA,ex1)'; 'Richard Sharpe' > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > On Fri, 31 Jan 2003, Miles Roper wrote: > > > Hi Everyone, > > > > I'm forgetting about the password one at the moment, thanks > for all your > > input :o) > > > > I still don't have a clue how to solve my main problem. > I'm assuming that > > its not actually winbind related now, as I've recently > tried pam_smb and get > > the same basic problem. > > > > Basically, when I log into the UNIX box, the > username/password of a NT user > > is being authenticated, but doesn't actually log in. It > doesn't get past > > the password line. I know it accepts the password. Its > almost as if it > > can't find the shell. But the template variable is set > within the smb.conf > > file. Permissions are fine. I have exactly the same > problem with the > > pam_smb module. > > So what does PAM report into your /var/log files? > > Have you tried adding to each line in your /etc/pam.d/login > (after the .so > file name) the word 'audit' - this will increase the volume > of debugging > info spit out into /var/log/messages, or wherever PAM send > this on your > distro. > > - John T. > > > > > If there is any further information I can send let me know. > > > > Ideas? > > > > Thanks > > > > Miles > > > > > > -----Original Message- > > From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] > > Sent: Friday, 31 January 2003 07:06 a.m. > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide > > Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; > > '[EMAIL PROTECTED]'; 'Richard Sharpe' > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > Please Help > > > > > > Hi Everyone, > > This whole problem with the password command not working > when winbind > > is included as a method in the nsswitch.conf can probably > be worked around > > by simply using the -r files (or -r nis or -r nisplus) > switch. Take a look > > at the man page for passwd on HP-UX 11.x and see if this > won't help you > > out. > > Hope this helps, > > Don > > > > > -Original Message- > > > From: Michael Steffens [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, January 28, 2003 11:52 > > > To: Ronan Waide > > > Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; > > > '[EMAIL PROTECTED]'; 'Richard Sharpe' > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally > Stuck, Please Help > > > > > > > > > Ronan Waide wrote: > > > > On January 28, [EMAIL PROTECTED] said: > > > > > > > >>I don't have HPUX, so I don't know what to suggest for > > > that. I just know > > > >>getent won't work without winbindd in nsswitch.conf on Linux. > > > > > > > > > > > > I think the point that was being made is that NSS support > > > on HPUX only > > > > supports a few known types, of which one is LDAP. The > discussion was > > > > basically about faking out the system so that what it > thinks is LDAP > > > > is actually winbind. > > > > > > Yep. It's a HP-UX specific workaround. Please ignore it > > > everywhere else. > > > > > > Michael > > > > > > > > > > -- > John H Terpstra > Email: [EMAIL PROTECTED] > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
On Fri, 31 Jan 2003, Miles Roper wrote: > Hi Everyone, > > I'm forgetting about the password one at the moment, thanks for all your > input :o) > > I still don't have a clue how to solve my main problem. I'm assuming that > its not actually winbind related now, as I've recently tried pam_smb and get > the same basic problem. > > Basically, when I log into the UNIX box, the username/password of a NT user > is being authenticated, but doesn't actually log in. It doesn't get past > the password line. I know it accepts the password. Its almost as if it > can't find the shell. But the template variable is set within the smb.conf > file. Permissions are fine. I have exactly the same problem with the > pam_smb module. So what does PAM report into your /var/log files? Have you tried adding to each line in your /etc/pam.d/login (after the .so file name) the word 'audit' - this will increase the volume of debugging info spit out into /var/log/messages, or wherever PAM send this on your distro. - John T. > > If there is any further information I can send let me know. > > Ideas? > > Thanks > > Miles > > > -Original Message- > From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] > Sent: Friday, 31 January 2003 07:06 a.m. > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide > Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; > '[EMAIL PROTECTED]'; 'Richard Sharpe' > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > Hi Everyone, > This whole problem with the password command not working when winbind > is included as a method in the nsswitch.conf can probably be worked around > by simply using the -r files (or -r nis or -r nisplus) switch. Take a look > at the man page for passwd on HP-UX 11.x and see if this won't help you > out. > Hope this helps, > Don > > > -Original Message- > > From: Michael Steffens [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, January 28, 2003 11:52 > > To: Ronan Waide > > Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; > > '[EMAIL PROTECTED]'; 'Richard Sharpe' > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > > > > Ronan Waide wrote: > > > On January 28, [EMAIL PROTECTED] said: > > > > > >>I don't have HPUX, so I don't know what to suggest for > > that. I just know > > >>getent won't work without winbindd in nsswitch.conf on Linux. > > > > > > > > > I think the point that was being made is that NSS support > > on HPUX only > > > supports a few known types, of which one is LDAP. The discussion was > > > basically about faking out the system so that what it thinks is LDAP > > > is actually winbind. > > > > Yep. It's a HP-UX specific workaround. Please ignore it > > everywhere else. > > > > Michael > > > > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi Everyone, I'm forgetting about the password one at the moment, thanks for all your input :o) I still don't have a clue how to solve my main problem. I'm assuming that its not actually winbind related now, as I've recently tried pam_smb and get the same basic problem. Basically, when I log into the UNIX box, the username/password of a NT user is being authenticated, but doesn't actually log in. It doesn't get past the password line. I know it accepts the password. Its almost as if it can't find the shell. But the template variable is set within the smb.conf file. Permissions are fine. I have exactly the same problem with the pam_smb module. If there is any further information I can send let me know. Ideas? Thanks Miles -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Friday, 31 January 2003 07:06 a.m. To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; '[EMAIL PROTECTED]'; 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don > -Original Message- > From: Michael Steffens [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 28, 2003 11:52 > To: Ronan Waide > Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; > '[EMAIL PROTECTED]'; 'Richard Sharpe' > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > Ronan Waide wrote: > > On January 28, [EMAIL PROTECTED] said: > > > >>I don't have HPUX, so I don't know what to suggest for > that. I just know > >>getent won't work without winbindd in nsswitch.conf on Linux. > > > > > > I think the point that was being made is that NSS support > on HPUX only > > supports a few known types, of which one is LDAP. The discussion was > > basically about faking out the system so that what it thinks is LDAP > > is actually winbind. > > Yep. It's a HP-UX specific workaround. Please ignore it > everywhere else. > > Michael > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don > -Original Message- > From: Michael Steffens [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 28, 2003 11:52 > To: Ronan Waide > Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; > '[EMAIL PROTECTED]'; 'Richard Sharpe' > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > Ronan Waide wrote: > > On January 28, [EMAIL PROTECTED] said: > > > >>I don't have HPUX, so I don't know what to suggest for > that. I just know > >>getent won't work without winbindd in nsswitch.conf on Linux. > > > > > > I think the point that was being made is that NSS support > on HPUX only > > supports a few known types, of which one is LDAP. The discussion was > > basically about faking out the system so that what it thinks is LDAP > > is actually winbind. > > Yep. It's a HP-UX specific workaround. Please ignore it > everywhere else. > > Michael > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi Everyone, Been following this a bit; faking out nsswitch with the ldap stuff seems like a HIGH and complicated price to pay for getting a passwd program that will work to change passwords for standard unix users. One of the other things I have seen is a simple script that moved and replaced the winbind enabled nsswitch.conf with a standard one before executing the passwd command, then moved it back. Or even hack a c program together that 'gets' the username,password from the user BEFORE it exec's the actual passwd program, so you could minimize the amount of time the nsswitch.conf file would be in place WITHOUT the winbind support. Either way, this is an issue both on SUN and HP-UX systems. For the HP-UX customers, I'd like to see them submit enhancement requests through their support channel tochange the behavior of the nsswitch stuff so that we could have a code change in the OS where it belongs to deal with this. It's the squeaky wheel that gets the grease Hope this helps, Don > -Original Message- > From: Michael Steffens [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 28, 2003 11:52 > To: Ronan Waide > Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; > '[EMAIL PROTECTED]'; 'Richard Sharpe' > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > Ronan Waide wrote: > > On January 28, [EMAIL PROTECTED] said: > > > >>I don't have HPUX, so I don't know what to suggest for > that. I just know > >>getent won't work without winbindd in nsswitch.conf on Linux. > > > > > > I think the point that was being made is that NSS support > on HPUX only > > supports a few known types, of which one is LDAP. The discussion was > > basically about faking out the system so that what it thinks is LDAP > > is actually winbind. > > Yep. It's a HP-UX specific workaround. Please ignore it > everywhere else. > > Michael > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Ronan Waide wrote: On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Yep. It's a HP-UX specific workaround. Please ignore it everywhere else. Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
On January 28, [EMAIL PROTECTED] said: > I don't have HPUX, so I don't know what to suggest for that. I just know > getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. "Love wouldn't be blind if the braille wasn't so damned much fun." - Armistead Maupin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Did I miss something? Is LDAP supposed to replace winbindd in nsswitch.conf? If so, then what I've written below is not right, but read it anyway. Perhaps LDAP is not finding winbindd in it's list of things to query. My experience is not with HPUX, but I have been able to use "passwd: files winbindd" in /etc/nsswitch.conf on Linux. Perhaps the "not a supported type" problem is because "/lib/libnss_winbindd.so" hasn't been compiled and installed. (Compile it by doing a "make nsswitch" in the top level of samba source. Install it by copying from source/nsswitch to /lib, and running ldconfig.) Once that library is present in the "ldconfig -p" output, then the winbindd keyword in nsswitch.conf should work. That library provides connectivity from the name system to the winbind services which list Windows users and groups, and their assigned ID numbers. getent should work too. I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I don't see how this would be solved with PAM. PAM uses the same service, but is not the solution to the problem. I did all the PAM/winbindd stuff as directed in a HOWTO, only to find out at the end that I don't need PAM unless I want Windows users to be able to telnet, FTP, or use other Unix services which require authentication. Assignment of user IDs is not done through PAM. Obligatory link fest: http://us3.samba.org/samba/ftp/docs/textdocs/Solaris-Winbind-HOWTO.txt http://archives.neohapsis.com/archives/pam-list/2001-10/0038.html http://nic-ks.greatplains.net/samba/winbind.html http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html#WINBIND > -Original Message- > From: Richard Sharpe [mailto:[EMAIL PROTECTED]] > Sent: Sunday, January 26, 2003 8:05 PM > To: Miles Roper > Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' > Subject: Re: Winbind on HPUX11, Totally Stuck, Please Help > > > On Mon, 27 Jan 2003, Miles Roper wrote: > > Let me first say that I am no expert on HP-UX, maybe Tim > Potter can help, > now that he works for them. > > > I can do a wbinfo -u and get the user names, and a wbinfo > -g returns the > > groups. I had to specify the password to use first with > > > > wbinfo -A user%password > > > > I also joined the domain sucessfully with > > OK, this looks like winbindd is sort of works ... > > > /etc/nsswitch.conf to > > > > hosts: dns [NOTFOUND=continue UNAVAIL=continue > TRYAGAIN=continue] files > > [ > > passwd: files ldap > > group: files ldap > > > > notice it is ldap, rather than winbind. The reason for > this is, if you set > > it to winbind you get a error about not being a supported > type, ie must be > > nis, ldap or files. > > I think this is where your problem is. ldap is not winbindd. > > It looks like PAM on your version of HP-UX does not handle > arbritrary NSS > shared library stuff. > > Regards > - > Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, > sharpe[at]ethereal.com, http://www.richardsharpe.com > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
this is a email I was sent by a michael at hp on 23/1/2002, which is basically what I done. In the meanwhile I got an additional hint about how to work around the libpam_unix.1 issue, which is not tolerating unknown nsswitch backends to be configured in /etc/nsswitch.conf when doing password management. This makes /usr/bin/passwd stop working. In case LDAP is not being used, one might move /usr/lib/libnss_ldap.1 aside (if present) and create a symbolic link from /usr/lib/libnss_ldap.1 to /usr/lib/libnss_winbind.1. Consequently, ldap should then be configured instead of winbind in /etc/nsswitch.conf. It's kind of ugly hack, but the only workaround available right now... -Original Message- From: Richard Sharpe [mailto:[EMAIL PROTECTED]] Sent: Monday, 27 January 2003 03:05 p.m. To: Miles Roper Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: Re: Winbind on HPUX11, Totally Stuck, Please Help On Mon, 27 Jan 2003, Miles Roper wrote: Let me first say that I am no expert on HP-UX, maybe Tim Potter can help, now that he works for them. > I can do a wbinfo -u and get the user names, and a wbinfo -g returns the > groups. I had to specify the password to use first with > > wbinfo -A user%password > > I also joined the domain sucessfully with OK, this looks like winbindd is sort of works ... > /etc/nsswitch.conf to > > hosts: dns [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] files > [ > passwd: files ldap > group: files ldap > > notice it is ldap, rather than winbind. The reason for this is, if you set > it to winbind you get a error about not being a supported type, ie must be > nis, ldap or files. I think this is where your problem is. ldap is not winbindd. It looks like PAM on your version of HP-UX does not handle arbritrary NSS shared library stuff. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winbind on HPUX11, Totally Stuck, Please Help
On Mon, 27 Jan 2003, Miles Roper wrote: Let me first say that I am no expert on HP-UX, maybe Tim Potter can help, now that he works for them. > I can do a wbinfo -u and get the user names, and a wbinfo -g returns the > groups. I had to specify the password to use first with > > wbinfo -A user%password > > I also joined the domain sucessfully with OK, this looks like winbindd is sort of works ... > /etc/nsswitch.conf to > > hosts: dns [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] files > [ > passwd: files ldap > group: files ldap > > notice it is ldap, rather than winbind. The reason for this is, if you set > it to winbind you get a error about not being a supported type, ie must be > nis, ldap or files. I think this is where your problem is. ldap is not winbindd. It looks like PAM on your version of HP-UX does not handle arbritrary NSS shared library stuff. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba