Thanks Jan, obviously it's a bit odd because winbind is definitely working, it's just samba doesn't seem to want to talk to it!
James. On 21 Jun 2013, at 10:20, Jan Holzhueter <[email protected]> wrote: > Ok I'm not an ads samba expert but I found this: > > > [global] > security = ads > realm = EXAMPLE.COM > password server = IPADRESSE #IP of Domain Controller dns probably > works too > workgroup = EXAMPLE > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind enum users = yes > winbind enum groups = yes > winbind cache time = 10 > winbind use default domain = yes > template homedir = /home/%U > template shell = /bin/bash > client use spnego = yes > client ntlmv2 auth = yes > encrypt passwords = yes > restrict anonymous = 2 > domain master = no > local master = no > preferred master = no > os level = 0 > > > Which looks more or less like yours. > I might have the time next week to try to get it to work > Greetings > Jan > > Am 21.06.13 11:05, schrieb James Relph: >> Hi Jan, >> >> Basically the second situation there, pam authentication via winbind >> (eg. netatalk or SSH) is working OK. >> >> My smb.conf file is: >> >> [global] >> workgroup = DOMAIN >> realm = DOMAIN.CORP >> security = ads >> idmap uid = 16777216-33554431 >> idmap gid = 16777216-33554431 >> template shell = /usr/bin/bash >> map untrusted to domain = yes >> load printers = no >> server string = server01 >> dns proxy = no >> winbind cache time = 300 >> winbind enum users = Yes >> winbind enum groups = Yes >> winbind use default domain = Yes >> winbind trusted domains only = No >> winbind nested groups = Yes >> winbind expand groups = 5 >> winbind refresh tickets = No >> winbind offline logon = No >> winbind normalize names = No >> password server = server03.domain.corp >> template homedir = /export/home/%U >> log file = /var/samba/samba.log >> log level = 5 >> >> [FileShare] >> path = /shared/FileShare >> comment = FileShare >> read only = No >> >> [STUDIO] >> path = /shared/STUDIO >> comment = STUDIO >> read only = No >> >> >> Thanks very much >> >> James >> >> On 21 Jun 2013, at 09:54, Jan Holzhueter <[email protected] >> <mailto:[email protected]>> wrote: >> >>> >>> Hi, >>> just do make sure what are you trying: >>> >>> login with an AD user as in ssh username@whatever. >>> Or mount a share from the OI sever via smb? >>> >>> For first one please post /etc/pam.conf >>> >>> for the second please post /etc/opt/csw/samba/smb.conf >>> >>> Greetings >>> Jan >>> >>> >>> >>> Am 21.06.13 10:43, schrieb James Relph: >>>> Hi Jan, >>>> >>>> Yes, that's the one I had found, and I already have that link there. I >>>> don't think winbind worked at all until that was in place. It's samba >>>> that doesn't seem to be working with winbind properly. >>>> >>>> James >>>> >>>> On 21 Jun 2013, at 09:00, Jan Holzhueter <[email protected] >>>> <mailto:[email protected]> >>>> <mailto:[email protected]>> wrote: >>>> >>>>> Hi, >>>>> ok I looked up the old bug about that: >>>>> https://www.opencsw.org/mantis/view.php?id=5020 >>>>> >>>>> acroding to this you need this: >>>>> ln -s /opt/csw/lib/libnss_winbind.so.1 /lib/nss_winbind.so.1 >>>>> >>>>> Greetings >>>>> Jan >>>>> >>>>> >>>>> Am 21.06.13 07:30, schrieb James Relph: >>>>>> Thanks for the speedy reply. I think I found where you'd already >>>>>> mentioned that online anyway, I've got: >>>>>> >>>>>> libnss_winbind.so -> /opt/csw/lib/libnss_winbind.so.1 >>>>>> nss_winbind.so.1 -> /opt/csw/lib/libnss_winbind.so.1 >>>>>> >>>>>> In /lib. Winbind itself seems to be working fine, I've got netatalk >>>>>> using that happily, it's the cswsamba version that won't seem to use >>>>>> winbind (it's either not using it properly, or it's using the wrong >>>>>> winbind somehow). Netatalk, using winbind, is fine. >>>>>> >>>>>> Best regards, >>>>>> >>>>>> James. >>>>>> >>>>>> >>>>>> On 21 Jun 2013, at 06:24, Jan Holzhueter <[email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> if you use the auth via pam you must symlink the nss_winbind to a >>>>>>> special place. I'm not sure which one atm. Check the orginal OI samba >>>>>>> package that should put it in the right place. >>>>>>> We can't add this to our package as this would brake install on sparse >>>>>>> zones. >>>>>>> I wanted to write a short notice about it put did not have the >>>>>>> time yet. >>>>>>> It might be that you even need to copy and not symlink the lib. >>>>>>> Not sure >>>>>>> here. >>>>>>> >>>>>>> Greetings >>>>>>> Jan >>>>>>> >>>>>>> >>>>>>> >>>>>>> Am 21.06.13 07:15, schrieb James Relph: >>>>>>>> Hi, >>>>>>>> >>>>>>>> Apologies for cross posting, but I'm not sure if this is an Oi >>>>>>>> issue or >>>>>>>> a cswsamba issue. I've installed cswsamba (3.6.15) and >>>>>>>> cswsamba_winbind >>>>>>>> on an OI box (151a7). I've got it bound to AD fine, and winbind >>>>>>>> itself >>>>>>>> seems to be operating perfectly (I've actually got netatalk happily >>>>>>>> authenticating AD users via winbind). If I run wbinfo -u or getent >>>>>>>> passwd, I get the expected information back. >>>>>>>> >>>>>>>> Oddly though Samba itself isn't authenticating users. If I try and >>>>>>>> login (with a few variations of DOMAIN\username or >>>>>>>> username@DOMAIN) it >>>>>>>> just kicks it back as an unknown user (see below). The only >>>>>>>> thing that >>>>>>>> I can think of is that the cswsamba is actually still calling the >>>>>>>> previously installed (but turned off) winbind that I installed >>>>>>>> with the >>>>>>>> original OI samba install. With that not running though I wouldn't >>>>>>>> have >>>>>>>> thought that would have happened (but if that could be it - how do I >>>>>>>> make sure that cswsamba uses cswsamba_winbind). I have >>>>>>>> symlinked the >>>>>>>> csw nss_winbind libraries into /lib, I just don't know if there's >>>>>>>> anything else that could cause this. >>>>>>>> >>>>>>>> Thanks for any help. >>>>>>>> >>>>>>>> James >>>>>>>> >>>>>>>> Principal Consultant >>>>>>>> >>>>>>>> >>>>>>>> Mapping user [DOMAIN]\[james] from workstation [server03] >>>>>>>> attempting to make a user_info for james (james) >>>>>>>> making strings for james's user_info struct >>>>>>>> making blobs for james's user_info struct >>>>>>>> check_ntlm_password: Checking password for unmapped user >>>>>>>> [DOMAIN]\[james]@[server03] with the new password interface >>>>>>>> check_ntlm_password: mapped user is: [DOMAIN]\[james]@[server03] >>>>>>>> Finding user DOMAIN\james >>>>>>>> Trying _Get_Pwnam(), username as lowercase is DOMAIN\james >>>>>>>> Trying _Get_Pwnam(), username as given is DOMAIN\james >>>>>>>> Checking combinations of 0 uppercase letters in DOMAIN\james >>>>>>>> Get_Pwnam_internals didn't find user [DOMAIN\james]! >>>>>>>> Finding user james >>>>>>>> Trying _Get_Pwnam(), username as lowercase is james >>>>>>>> Checking combinations of 0 uppercase letters in james >>>>>>>> Get_Pwnam_internals didn't find user [james]! >>>>>>>> Failed to find authenticated user DOMAIN\james via getpwnam(), >>>>>>>> denying >>>>>>>> access. >>>>>>>> check_ntlm_password: winbind authentication for user [james] FAILED >>>>>>>> with error NT_STATUS_NO_SUCH_USER >>>>>>>> check_ntlm_password: Authentication for user [james] -> [james] >>>>>>>> FAILED with error NT_STATUS_NO_SUCH_USER >>>>>>>> Got user=[[email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>] >>>>>>>> domain=[DOMAIN] workstation=[server03] len1=24 len2=124 >>>>>>>> Mapping user [DOMAIN]\[[email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>] >>>>>>>> from workstation [server03] >>>>>>>> attempting to make a user_info for [email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> ([email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>) >>>>>>>> making strings for [email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>'s >>>>>>>> user_info struct >>>>>>>> making blobs for [email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>'s >>>>>>>> user_info struct >>>>>>>> check_ntlm_password: Checking password for unmapped user >>>>>>>> [DOMAIN]\[[email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>]@[server03] >>>>>>>> with >>>>>>>> the new password interface >>>>>>>> check_ntlm_password: mapped user is: [DOMAIN]\[[email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]>]@[server03] >>>>>>>> check_ntlm_password: winbind authentication for user >>>>>>>> [[email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>] FAILED with >>>>>>>> error >>>>>>>> NT_STATUS_NO_SUCH_USER >>>>>>>> check_ntlm_password: Authentication for user [[email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]>] -> [[email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]>] FAILED with error NT_STATUS_NO_SUCH_USER >>>>>>>> Got user=[[email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>] >>>>>>>> domain=[DOMAIN] workstation=[server03] len1=24 len2=124 >>>>>>>> Mapping user [DOMAIN]\[[email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>] >>>>>>>> from workstation [server03] >>>>>>>> attempting to make a user_info for [email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> ([email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>) >>>>>>>> making strings for [email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>'s >>>>>>>> user_info struct >>>>>>>> making blobs for [email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>'s >>>>>>>> user_info struct >>>>>>>> check_ntlm_password: Checking password for unmapped user >>>>>>>> [DOMAIN]\[[email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>]@[server03] >>>>>>>> with >>>>>>>> the new password interface >>>>>>>> check_ntlm_password: mapped user is: [DOMAIN]\[[email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]>]@[server03] >>>>>>>> check_ntlm_password: winbind authentication for user >>>>>>>> [[email protected] >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]>] FAILED with >>>>>>>> error >>>>>>>> NT_STATUS_NO_SUCH_USER >>>>>>>> check_ntlm_password: Authentication for user [[email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]>] -> [[email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]>] FAILED with error NT_STATUS_NO_SUCH_USER >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> users mailing list >>>>>>>> [email protected] <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>>> https://lists.opencsw.org/mailman/listinfo/users >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> users mailing list >>>>>>> [email protected] <mailto:[email protected]> >>>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>>> https://lists.opencsw.org/mailman/listinfo/users >>>>>> >>>>> >>>>> _______________________________________________ >>>>> users mailing list >>>>> [email protected] >>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>> https://lists.opencsw.org/mailman/listinfo/users >>>> >>> >>> _______________________________________________ >>> users mailing list >>> [email protected] <mailto:[email protected]> >>> https://lists.opencsw.org/mailman/listinfo/users >> > > _______________________________________________ > users mailing list > [email protected] > https://lists.opencsw.org/mailman/listinfo/users
_______________________________________________ users mailing list [email protected] https://lists.opencsw.org/mailman/listinfo/users
