[Samba] Samba 3.0.1pre1 winbind / getent problems

Thomas SILLARD thomas.sillard at free.fr
Fri Nov 7 16:16:44 GMT 2003 

Selon Buchan Milne <bgmilne at cae.co.za>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> > Date: Wed, 5 Nov 2003 21:48:18 +0100
> > From: Thomas Sillard <thomas.sillard at free.fr>
> > Subject: [Samba] Samba 3.0.1pre1 winbind / getent problems
> > To: samba at lists.samba.org
> > Message-ID: <200311052148.18113.thomas.sillard at free.fr>
> > Content-Type: text/plain;  charset="us-ascii"
> >
> > Hi,
> >
> > I've got some problems with winbind and ADS Domain Membership stuff.
> > I've joined the domain without problems with "kinit admin at MY.DOMAIN" and
> > "net ads join", i can see the machine account in AD with ldapbrowser.
> > Klist give me three tickets, as say in the documentation, OK.
> > I created the idmap entry in my openldap (with samba3 schema), OK.
> > I've set the ldap admin password in the secrets.tdb, OK (ldap idmap).
> > Starting service smb3, OK.
> > Starting service winbind3, OK.
> > wbinfo -u and wbinfo - g give me the list of users and groups correctly,
> > wbinfo -a user%passord works fine, OK.
> >
> > BUT
> >
> > When i try a "getent passwd" or "getent group", i don't have the windows
> > users. I can't see or connect to the shares on the linux box with
> windows file
> > explorer (it prompts me a user/password). It works fine with samba
> 2.2.7a.
> > I've installed the samba3 mandrake package, wich suffixes all libs and
> > executables with the samba version's number (eg. for libnss_winbind.so ->
> > libnss_winbind3.so, smbpasswd -> smbpasswd3).
> 
> Only the default packages. Since you're running on 9.1, you either are
> running cooker packages on 9.1 (not suggested, since cooker/9.2 have
> openldap-2.1.x and kerberos 1.3.x) or you rebuilt the SRPM.
> 

I'm running 9.1 with openldap-2.0.27 and kerberos-1.2.7. Will it be better with
openldap-2.1.x and kerberos-1.3.x ?

> If you rebuilt the SRPM, you might as well add the '--with system'
> switch when you build it, and you will get 'samba-3.0.1' packages
> without suffixes.
> 

Ok, great, i'll try to rebuild with "--with system" to replace the 2.2.7
packages with the 3.0.1pre1.

> >
> > What's the problem ? Where is my error ? Is the mdk version suffixing
> > can be the source of the problem ?
> 
> I am quite sure I tested this, and that it worked, but that was quite a
> while ago, and I didn't have much time availble to test it then. If it
> doesn't work for you, I can introduce alternatives for the winbind files
> (as we have on 9.2 for the client binaries).
> 

It works now with a ln -s /lib/libnss_winbind3.so /lib/libnss_winbind.so.2 and a
ldconfig after. "ldap idmap backend" works fine also and i can share the ldap
idmap database with my two samba servers (same ids on the two boxes, a RH7.3 and
MDK 9.1).

The only problem now is that my log files (with log level = 1 in smb.conf) are
full of lines like these :

nov  7 15:27:24 smb1 winbindd[17179]: [2003/11/07 15:27:24, 0]
nsswitch/winbindd.c:process_loop(715)
nov  7 15:27:24 smb1 winbindd[17179]:   process_loop: Invalid request size from
pid 17533: 1304 bytes sent, should be 1568

What's this ?

> Unfortunately I don't have a production AD network to test on, so any
> feedback on improvements to the Mandrake packages with regard to winbind
> would be appreciated (and any other aspects, but I have two samba+ldap
> networks, one currently running 2.2.8a and one running 3.0.1pre1).
> 
> Regards,
> Buchan
> 
> - --
> |--------------Another happy Mandrake Club member--------------|
> Buchan Milne                Mechanical Engineer, Network Manager
> Cellphone * Work            +27 82 472 2231 * +27 21 8828820x202
> Stellenbosch Automotive Engineering         http://www.cae.co.za
> GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
> 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQE/q7iSrJK6UGDSBKcRAo/iAKCX3vLJUzKqvk/+PoqjSNV/dGbygwCeITy0
> 5D6rU06FJbb4ZtaxEsZhdMU=
> =mz26
> -----END PGP SIGNATURE-----
> 
> 


--

More information about the samba mailing list