Re: RE : [Samba] Winbind on HPUX11, Totally Stuck, Please Help
Hi Miles, Miles Roper wrote: Hi Drew, No luck. Pretty much done all that, still get all the same problems That site was pretty good though :o) There is one thing missing, however. If you fake winbind NSS to be ldap, exported constructor names in winbind_nss_solaris.c also need to be adjusted: _nss_winbind_passwd_constr -> _nss_ldap_passwd_constr _nss_winbind_group_constr -> _nss_ldap_group_constr Just redirecting the symlink doesn't do. Hmm, this tweaking of winbind NSS constructors is awful, changing from correct to wrong. :( This is what I did: 1. Create a copy of winbind_nss_solaris.c with a descriptive name, like winbind_nss_solaris_fakeldap.c 2. Do constructor replacements descriped above in the copy 3. Build shared library with a descriptive name, like make nsswitch/winbind_nss_solaris_fakeldap.po \ nsswitch/winbind_nss.po nsswitch/wb_common.po ld -b -B symbolic +h libnss_winbind_fakeldap.1 -o nsswitch/libnss_winbind_fakeldap.1 \ nsswitch/winbind_nss_solaris_fakeldap.po nsswitch/winbind_nss.po \ nsswitch/wb_common.po -lc 4. Create symlink in /usr/lib libnss_ldap.1 -> libnss_winbind_fakeldap.1 and leave original libnss_winbind.1 as it is. This way gives a hint to administrators/supporters about what has been tweaked, and it allows to revert the hack easily once the conflict with libpam_unix.1 has been resolved. Does anyone have an idea about the shell logging in? Why do I keep on getting logged out? Does the home directory need to be created, does it need a .profile? What about the permissions? I've tried creating one world writeable but no luck. I did not see any dependeny to the home directory. If it doesn't exist, or is not accessible, the user just gets a warning and is being put to '/'. But the login shell is important ("template shell" parameter). If the shell doesn't exist, or happens to be /usr/bin/false, you will get logged off immediately. Cheers! Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: RE : [Samba] Winbind on HPUX11, Totally Stuck, Please Help
Title: RE : [Samba] Winbind on HPUX11, Totally Stuck, Please Help Hi Drew, No luck. Pretty much done all that, still get all the same problems. That site was pretty good though :o) Does anyone have an idea about the shell logging in? Why do I keep on getting logged out? Does the home directory need to be created, does it need a .profile? What about the permissions? I've tried creating one world writeable but no luck. Cheers Miles -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Tuesday, 28 January 2003 02:35 a.m.To: [EMAIL PROTECTED]; [EMAIL PROTECTED]Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: RE : [Samba] Winbind on HPUX11, Totally Stuck, Please Help Miles, Jennifer I am not currently using Winbind, but I did try testing with it on HPUX 1100 about a year ago. To get it to work I followed the instructions I found at the following web site : www.miratek.com/samba It might have some answers to your problems. Hope this helps. Cheers.
RE : [Samba] Winbind on HPUX11, Totally Stuck, Please Help
Title: RE : [Samba] Winbind on HPUX11, Totally Stuck, Please Help Miles, Jennifer I am not currently using Winbind, but I did try testing with it on HPUX 1100 about a year ago. To get it to work I followed the instructions I found at the following web site : www.miratek.com/samba It might have some answers to your problems. Hope this helps. Cheers.
Re: [Samba] Winbind on HPUX11, Totally Stuck, Please Help
Hello Jennifer, Jennifer Fountain wrote: Miles, I run samba (winbind) on hpux11 as well. do have this problem: when you type $groups, you only get domain admins and no other groups or if you type groups user1, you get no groups? but when you type ./wbinfo -g jfountain, you get all the groups in the gid format? I am almost ready to give up and install it on linux! :( Just a wild guess: I seems that the groups command is trying to resolve group memberships using the setgrent/getgrent/endgrent combo of libc calls. The getgrent call will fail for all groups, where the result size exceeds the buffer provided by the groups command. Don't know how much this is precisely, but if it is _SC_GETGR_R_SIZE_MAX (2048), and taking into account the usual size of NT usernames including domain names, a group must have quite few members to get displayed. The "wbinfo -g" command does not use setgrent/getgrent/endgrent. I have actually disabled everything involving winbind user or group enumeration, as it exhausts resources very quickly in our environment. But I'm assuming it would do the same under Linux... Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind on HPUX11, Totally Stuck, Please Help
Title: [Samba] Winbind on HPUX11, Totally Stuck, Please Help /usr/local/samba/bin/wbinfo -g I get all the groups /usr/local/samba/bin/wbinfo -r user1 returns the all the guids for user1 /usr/local/samba/bin/wbinfo -g doesn't seem to make any difference, returns all the groups. -Original Message-From: Jennifer Fountain [mailto:[EMAIL PROTECTED]]Sent: Monday, 27 January 2003 02:05 p.m.To: Miles Roper; [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: RE: [Samba] Winbind on HPUX11, Totally Stuck, Please Help Miles, I run samba (winbind) on hpux11 as well. do have this problem: when you type $groups, you only get domain admins and no other groups or if you type groups user1, you get no groups? but when you type ./wbinfo -g jfountain, you get all the groups in the gid format? I am almost ready to give up and install it on linux! :( Jenn -Original Message- From: Miles Roper [mailto:[EMAIL PROTECTED]] Sent: Sun 1/26/2003 7:59 PM To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Cc: Subject: [Samba] Winbind on HPUX11, Totally Stuck, Please Help Hi,I've been trying to get windbind working on HP-UX for several years now, Itry for a while, with the new releases, then after I get stuck I give up.I've tried posting several times on the net to different news groups but hadfew responses.Well, I'm trying again now, with the samba 2.7a release, and after spendingseveral days on it, I'm nearly ready to give up. I've gotton further thistime than ever before but I've pretty much exhausted all options. I'vespent hours looking on the net for any help, and basically I'm totallystuck.I've actually managed to get it to compile, using./configure \--prefix=/usr/local/samba \--localstatedir=/usr/local/samba \--with-msdfs \--with-winbind \--with-pam \--with-winbind-auth-challengemodifing in configureif test $ac_cv_prog_cc_Ae = yes; then BLDSHARED="true" SHLD="/usr/bin/ld" LDSHFLAGS="-B symbolic -b -z" PICFLAG="+z"fichange to#if test $ac_cv_prog_cc_Ae = yes; then BLDSHARED="true" SHLD="/usr/bin/ld" LDSHFLAGS="-B symbolic -b -z"# PICFLAG="+z"#fiand in/usr/local/lib/gcc-lib/hppa2.0n-hp-hpux11.00/3.1/include/stdio.hBEFORE extern int snprintf(char *, _hpux_size_t, char *,...);AFTER extern int snprintf(char *, _hpux_size_t, const char *,...);I can do a wbinfo -u and get the user names, and a wbinfo -g returns thegroups. I had to specify the password to use first withwbinfo -A user%passwordI also joined the domain sucessfully withsmbpasswd -j DOMAIN -r PDC -U AdministratorOk, here are my problems. 1), when I try to change the password of a NT user, using passwd, the OScan't find the user id, iecoastdr: /mnt/1/samba/samba-2.2.7a/source> passwd traininguserChanging password for traininguser(current) NT password:Enter new NT password:Retype new NT password:Invalid login name.If I use a invalid password I get in syslogJan 27 13:43:38 coastdr pam_winbind[3507]: request failed, PAM error was 9,NT error was NT_STATUS_WRONG_PASSWORDJan 27 13:43:38 coastdr pam_winbind[3507]: user `traininguser' denied access(incorrect password)however, if I enter the correct (current) passwordJan 27 13:45:24 coastdr pam_winbind[3513]: user 'traininguser' granted accesJan 27 13:45:28 coastdr pam_winbind[3513]: request failed, PAM error was 9,NT error was NT_STATUS_WRONG_PASSWORDNow, i've set/etc/nsswitch.conf tohosts: dns [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] files[passwd: files ldapgroup: files ldapnotice it is ldap, rather than winbind. The reason for this is, if you setit to winbind you get a error about not being a supported type, ie must benis, ldap or files.i've set a link from symbolic link from /lib/libnss_ldap.1 to/lib/libnss_winbind.12) I can't suwhen I try to su from a comment line to a win 2k user using eitherWESTCOASTDHB+traininguser or traininguserUnknown id: WESTCOASTDHB+traininguserorUnknown id: traininguser3) I can't log into the unix box as a win 2k user. When I try, the best Iget is it seems to accept the password, but doesn't actually log in. Itexits straight back out. If I enter a wrong user name or account it sayslogin incorrect, so it seems to work ok, and I'm getting
RE: [Samba] Winbind on HPUX11, Totally Stuck, Please Help
Title: [Samba] Winbind on HPUX11, Totally Stuck, Please Help Miles, I run samba (winbind) on hpux11 as well. do have this problem: when you type $groups, you only get domain admins and no other groups or if you type groups user1, you get no groups? but when you type ./wbinfo -g jfountain, you get all the groups in the gid format? I am almost ready to give up and install it on linux! :( Jenn -Original Message- From: Miles Roper [mailto:[EMAIL PROTECTED]] Sent: Sun 1/26/2003 7:59 PM To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Cc: Subject: [Samba] Winbind on HPUX11, Totally Stuck, Please Help Hi,I've been trying to get windbind working on HP-UX for several years now, Itry for a while, with the new releases, then after I get stuck I give up.I've tried posting several times on the net to different news groups but hadfew responses.Well, I'm trying again now, with the samba 2.7a release, and after spendingseveral days on it, I'm nearly ready to give up. I've gotton further thistime than ever before but I've pretty much exhausted all options. I'vespent hours looking on the net for any help, and basically I'm totallystuck.I've actually managed to get it to compile, using./configure \--prefix=/usr/local/samba \--localstatedir=/usr/local/samba \--with-msdfs \--with-winbind \--with-pam \--with-winbind-auth-challengemodifing in configureif test $ac_cv_prog_cc_Ae = yes; then BLDSHARED="true" SHLD="/usr/bin/ld" LDSHFLAGS="-B symbolic -b -z" PICFLAG="+z"fichange to#if test $ac_cv_prog_cc_Ae = yes; then BLDSHARED="true" SHLD="/usr/bin/ld" LDSHFLAGS="-B symbolic -b -z"# PICFLAG="+z"#fiand in/usr/local/lib/gcc-lib/hppa2.0n-hp-hpux11.00/3.1/include/stdio.hBEFORE extern int snprintf(char *, _hpux_size_t, char *,...);AFTER extern int snprintf(char *, _hpux_size_t, const char *,...);I can do a wbinfo -u and get the user names, and a wbinfo -g returns thegroups. I had to specify the password to use first withwbinfo -A user%passwordI also joined the domain sucessfully withsmbpasswd -j DOMAIN -r PDC -U AdministratorOk, here are my problems. 1), when I try to change the password of a NT user, using passwd, the OScan't find the user id, iecoastdr: /mnt/1/samba/samba-2.2.7a/source> passwd traininguserChanging password for traininguser(current) NT password:Enter new NT password:Retype new NT password:Invalid login name.If I use a invalid password I get in syslogJan 27 13:43:38 coastdr pam_winbind[3507]: request failed, PAM error was 9,NT error was NT_STATUS_WRONG_PASSWORDJan 27 13:43:38 coastdr pam_winbind[3507]: user `traininguser' denied access(incorrect password)however, if I enter the correct (current) passwordJan 27 13:45:24 coastdr pam_winbind[3513]: user 'traininguser' granted accesJan 27 13:45:28 coastdr pam_winbind[3513]: request failed, PAM error was 9,NT error was NT_STATUS_WRONG_PASSWORDNow, i've set/etc/nsswitch.conf tohosts: dns [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] files[passwd: files ldapgroup: files ldapnotice it is ldap, rather than winbind. The reason for this is, if you setit to winbind you get a error about not being a supported type, ie must benis, ldap or files.i've set a link from symbolic link from /lib/libnss_ldap.1 to/lib/libnss_winbind.12) I can't suwhen I try to su from a comment line to a win 2k user using eitherWESTCOASTDHB+traininguser or traininguserUnknown id: WESTCOASTDHB+traininguserorUnknown id: traininguser3) I can't log into the unix box as a win 2k user. When I try, the best Iget is it seems to accept the password, but doesn't actually log in. Itexits straight back out. If I enter a wrong user name or account it sayslogin incorrect, so it seems to work ok, and I'm getting this in syslog.Jan 26 19:30:49 coastdr pam_winbind[3414]: Verify user `traininguser'Jan 26 19:30:49 coastdr pam_winbind[3414]: user 'traininguser' granted accesCould it be because the home directory doesn't exist? I've actually triedsetting it to a valid template homedir but still get the same problem. Doesthe home directory need to be created each time with a PAM module, I've seenone for Linux but had a brief attempt getting this to compile under hpux,didn't work though. But I've seen no documentation about this so thoughtyou must not need to.my smb.conf file is as follows.[global] workgroup = WESTCOASTDHB server string = Samba Server log file = /usr/local/samba/log.%m max log size = 1000 security = domain password server = coastdb encrypt passwords = yes socket options = T