[Samba] getent not working correctly
Noel Kelly
nkelly at citrusnetworks.net
Mon Nov 4 20:09:00 GMT 2002
Ah - just noticed you say that 'getent passwd' doesn't terminate but hangs.
So clearly the trigger is working but the mechanism is failing somewhere.
How long do you leave it for? If you have a very large NT user base it
could take a while to list it. Have a look at 'top' when it hangs and see
if winbind is gobbling up some processor time.
Otherwise, I would recompile new binaries and libraries afresh - I'm out of
ideas, sorry. Maybe someone else has a suggestion?
Noel
-----Original Message-----
From: Sean Patrick Ingles [mailto:ingless at visionsys.com]
Sent: 04 November 2002 15:57
To: Noel Kelly; Hall, Ken (ECSS); samba at samba.org
Subject: RE: [Samba] getent not working correctly
I verified that the libraries were in the /lib folder and symlinked, and
here is the output from ldconfig:
[root at tux samba]# ldconfig -v | grep winbind
libnss_winbind.so -> libnss_winbind.so
I restarted winbindd and typed "getent passwd" and it just lists my local
passwords and hangs.
Nothing is generated in my log.winbindd when I do this either.
I am also noticing that _occasionally_ the box will not allow anyone to
login until after I kill winbindd...
For reference, here is my /etc/pam.d/login:
[root at tux pam.d]# cat login
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
[root at tux pam.d]#
Here is what I have for my smb.conf as well:
[root at tux pam.d]# cat /usr/local/samba/lib/smb.conf
[global]
workgroup = VSIONLINE
server string = Samba %v -- TEST --
security = domain
password server = vsi-vsi-albany
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind cache time = 10
winbind enum users = Yes
winbind enum groups = Yes
[root at tux pam.d]#
-SP
-----Original Message-----
From: Noel Kelly [mailto:nkelly at citrusnetworks.net]
Sent: Monday, November 04, 2002 10:39 AM
To: Sean Patrick Ingles; Hall, Ken (ECSS); samba at samba.org
Subject: RE: [Samba] getent not working correctly
Have you copied libnss_winbind.so from the nsswitch directory to /lib ? Also
make a soft link to /lib/libnss_winbind.so.2 and then run 'ldconfig -v
| grep winbind' to make sure the libraries are picked up.
Restart winbind and watch your log.winbindd for messages as you run getent.
HTH
Noel
-----Original Message-----
From: Sean Patrick Ingles [mailto:ingless at visionsys.com]
Sent: 04 November 2002 15:19
To: Hall, Ken (ECSS); samba at samba.org
Subject: RE: [Samba] getent not working correctly
Here is my /etc/nsswitch.conf (abbreviated):
passwd: files winbind
shadow: files winbind
group: files winbind
I first start smbd -D and nmbd -D
Then I start winbindd
Then I join the domain (smbpasswd -j DOMAIN -r DOMAINCONTROLLER -U
Administrator) It works
Then I check my Secret (wbinfo -t) and it's good
Then I list users and groups (wbinfo -u and wbinfo -g) and it works fine
However I still cannot get "getent passwd" and "getent group" working.
I am 100% stumped
-SP
-----Original Message-----
From: Hall, Ken (ECSS) [mailto:KeHall at exchange.ml.com]
Sent: Friday, November 01, 2002 12:55 PM
To: samba at samba.org
Subject: RE: [Samba] getent not working correctly
Did you reboot after starting winbindd?
Either do that, or try looking for the nameserver cache daemons (nscd), and
kill them all. (Don't worry, they'll restart.)
I had the same problem with nss_ldap, and it drove me NUTS till I found out
about the cache mechanism.
> -----Original Message-----
> From: Noel Kelly [mailto:nkelly at citrusnetworks.net]
> Sent: Friday, November 01, 2002 12:46 PM
> To: 'Sean Patrick Ingles'; samba at samba.org
> Subject: RE: [Samba] getent not working correctly
>
>
> You need getent to work. This is really how Unix actually does the
> authenticating - winbind is just the conduit to the M$ database.
>
> Have you edited your /etc/nsswitch.conf correctly? You need:
>
> passwd: files winbind nisplus
> shadow: files winbind nisplus
> group: files winbind nisplus
>
> This will make Unix call winbind when looking for users/groups (this
> the mechanism that getent passwd/group runs).
>
> HTH,
> Noel
>
>
> -----Original Message-----
> From: Sean Patrick Ingles [mailto:ingless at visionsys.com]
> Sent: 01 November 2002 15:41
> To: samba at samba.org
> Subject: [Samba] getent not working correctly
>
>
> Hello again!
>
> Ok, I've gotten wbinfo -u and wbinfo -g working great
>
> Now I try to run getent passwd and getent group I get my local
> users/groups but not the ones on the Windows 2k Server Domain
> Controller and it just
> hangs after listing the local ones.
>
> I also tried authenticating a user and it worked I'm assuming
>
> wbinfo -a DOMAIN+ingless at DOMAIN%"password" (The usernames here have
> user at domain due to some M$ Active-Directory thing...) plaintext
> password authentication succeeded challenge/response password
> authentication failed
> Could not authenticate user DOMAIN+ingless at DOMAIN%"password" with
> challenge/response
>
> Do I need getent working, or is it safe to assume everything is
> functioning normally now?
>
> Thanks!
>
> -SP
>
> ===========================================================
>
> \ / ____/ / Sean Patrick Ingles
> \ / / / Jr. Network Engineer
> \ / ___ / /
> \ / / / Vision Systems, Inc.
> __/ ____/ _/ 142 State Street
> Albany, NY 12207
> www.visionsys.com Landline: +1 518.434.4300 x1406
> ingless at visionsys.com Fax: +1 518.434.4304
>
> ==========================================================
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.408 / Virus Database: 230 - Release Date: 24/10/2002
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
More information about the samba
mailing list