FW: [Samba] getent not working / winbindd issues
Sean Patrick Ingles
ingless at visionsys.com
Tue Nov 5 20:58:00 GMT 2002
I was looking through all my SaMBa documentation with a fine-tooth comb,
and I noticed there is a line in the HOWTO, Section 12.4.3 "Pluggable
Authentication Modules" in the last paragraph it states:
"PAM is configured by providing control files in the directory
/etc/pam.d/ for each of the services that require authentication. When
an authentication request is made by an application the PAM code in the
C library looks up this control file to determine what modules to load
to do the authentication check and in what order. This interface makes
adding a new authentication service for Winbind very easy, all that
needs to be done is that the pam_winbind.so module is copied to
/lib/security/ and the PAM control files for relevant services are
updated to allow authentication via winbind. See the PAM documentation
for more details."
What exactly are the "relevant services" for SaMBa?
I've only been updating the "/etc/pam.d/login" file.
Below is my original question, which remains un-answered and I can't
seem to find any solution to it :(
Looks like I'll just have to deploy this fileserver with 2 logins, 1 to
the domain and 1 to the fileserver :(
-SP
-----Original Message-----
From: Sean Patrick Ingles
Sent: Tuesday, November 05, 2002 10:55 AM
To: samba at samba.org
Subject: [Samba] getent not working / winbindd issues
I first start smbd -D and nmbd -D
Then I start winbindd
Then I join the domain (smbpasswd -j DOMAIN -r DOMAINCONTROLLER -U
Administrator) It works
Then I check my Secret (wbinfo -t) and it's good
Then I list users and groups (wbinfo -u and wbinfo -g) and it works fine
However I still cannot get "getent passwd" and "getent group" working,
it just lists the local users or groups and hangs...
I verified that the libraries were in the /lib folder and symlinked, and
here is the output from ldconfig:
[root at tux samba]# ldconfig -v | grep winbind
libnss_winbind.so -> libnss_winbind.so
I restarted winbindd and typed "getent passwd" and it just lists my
local passwords and hangs.
Nothing is generated in my log.winbindd when I do this either.
I am also noticing that _occasionally_ the box will not allow anyone to
login until after I kill winbindd and sometimes winbindd locks up most
of the processor until I KILL -9 it.
uname -a:
Linux tux.#########.net 2.4.19 #1 Fri Oct 25 15:39:52 EDT 2002 i686
unknown
Here is my /etc/nsswitch.conf (abbreviated):
passwd: files winbind
shadow: files winbind
group: files winbind
Here is my smb.conf:
[global]
workgroup = vsionline
server string = Samba %v -- TEST --
security = domain
password server = vsi-vsi-albany
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
winbind cache time = 10
winbind enum users = Yes
winbind enum groups = Yes
For reference, here is my /etc/pam.d/login:
[root at tux pam.d]# cat login
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
[root at tux pam.d]#
Any assistance anyone can provide will be much appreciated!
-SP
===========================================================
\ / ____/ / Sean Patrick Ingles
\ / / / Jr. Network Engineer
\ / ___ / /
\ / / / Vision Systems, Inc.
__/ ____/ _/ 142 State Street
Albany, NY 12207
www.visionsys.com Landline: +1 518.434.4300 x1406
ingless at visionsys.com Fax: +1 518.434.4304
==========================================================
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list