[Samba] SAMBA + KERBEROS + AD

ciro samba ciro.samba at gmail.com
Fri Mar 7 18:28:12 GMT 2008 

Oliver, Helio,
i believe this will solve both of you problem.
ldconfig is in fact undoing our manual linking. it links libnss_winbind.so
against the original lib again. the solution is edit /etc/ld.so.conf and add
the following line to the end of the file

/path/to/your/samba/source/nsswitch

i.e in my case as of my last post:
/usr/local/apps/samba-3.0.28/source/nsswitch

erase all /lib/libnss_winb*

and
# ldconfig -v |grep libnss_winb
        libnss_winbind.so.2 -> libnss_winbind.so.2

and then
getent passwd

if you have any more problems let me know
Ciro



On Fri, Mar 7, 2008 at 6:06 AM, Oliver Henriot <Oliver.Henriot at imag.fr>
wrote:

> I forgot to mention, after creating the symlink from libnss_winbind.so.2
> to libnss_winbind.so, copying libnss_winbind.so.2 as libnss_winbind.so
> in /lib, or compiling Samba and copying the compiled libnss_winbind.so
> into /lib, when I run ldconfig -v, I only get :
>
>    # ldconfig -v|grep libnss_winb
>    ldconfig:     libnss_winbind.so.2 -> libnss_winbind.so.2
>
> No mention whatsoever of libnss_winbind.so, that seems strange doesn't
> it? What am I doing wrong?
>
> Cheers,
>
>
> Oliver Henriot a écrit, le 07.03.2008 09:17 :
> > Hi,
> >
> > I have the same problem as Hélio : getent passwd only returns local
> > users when wbinfo -u returns domain users.
> > However, I have installed samba using Debian packages with aptitude.
> > All I have is :
> >
> >    # find / -name libnss_winb*
> >    /lib/libnss_winbind.so.2
> >    # ls -l /lib/libnss_winbind.so*
> >    -rw-r--r-- 1 root root 15700 2007-12-10 12:47
> /lib/libnss_winbind.so.2
> >
> > I have tried changing permissions on libnss_winbind.so.2 to 775 and
> > adding a /lib/libnss_winbind.so symlink to /lib/libnss_winbind.so.2,
> > all to no avail.
> > The .deb archive in the current stable Debian does not contain
> > libnss_winbind.so, only libnss_winbind.so.2.
> >
> > I have tried compiling Samba from sources and copying the resulting
> > libnss_winbind.so to /lib but I still only get local accounts when I
> > run getent passwd and getent group.
> >
> > Is the solution to install the version compiled from sources? Is there
> > no way to get the version packaged for the distribution to work?
> >
> > Cheers,
> >
> > P.S. I hope my intrusion in Hélio's thread will help both of us to
> > progress
> >
> > Dans sa grande sagesse, ciro samba a écrit, le 07.03.2008 03:51 :
> >> Helio,
> >> have you tested nsswitch with
> >> `getent passwd`
> >> should return
> >>
> >> root:x:0:0::/root:/bin/bash
> >> bin:x:1:1:bin:/bin:/bin/false
> >> daemon:x:2:2:daemon:/sbin:/bin/false
> >> adm:x:3:4:adm:/var/log:/bin/false
> >> lp:x:4:7:lp:/var/spool/lpd:/bin/false
> >> sync:x:5:0:sync:/sbin:/bin/sync
> >> ... etc
> >> gdm:x:42:42:GDM:/var/state/gdm:/bin/bash
> >> apache:x:80:80:User for Apache:/srv/httpd:/bin/false
> >> messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false
> >> haldaemon:x:82:82:User for HAL:/var/run/hald:/bin/false
> >> pop:x:90:90:POP:/:/bin/false
> >> nobody:x:99:99:nobody:/:/bin/false
> >>
> EDITORA\administrator:*:10000:10000:Administrator:/home/EDITORA/administrator:/bin/false
> >>
> >> EDITORA\guest:*:10001:10001:Guest:/home/EDITORA/guest:/bin/false
> >> etc..;
> >> your domain users must be mapped to linux users, with "winbind uid",
> >> which
> >> you have in your smb.conf
> >> if getent does not return domain users at all but wbinfo -u does, the
> >> problems is with libnss_winbind.so
> >>
> >> i download source code into /lib/usr/apps/whatsappname so my samba is
> in
> >> /usr/local/apps/samba-3.0.28/ and the correct libnss_winbind.so is
> >> /usr/local/apps/samba-3.0.28/source/nsswitch/libnss_winbind.so. copy
> >> this
> >> file over /lib/libnss_winbind.so and
> >> $ cd /lib
> >> $ ln -s libnss_winbind.so libnss_winbind.so.2
> >>
> >> and then getent passwd again, this sould do the trick
> >>
> >> tks
> >> Ciro
> >>
> >>
> >> On Wed, Mar 5, 2008 at 4:05 PM, Helio Calaça Filho
> >> <helio.calaca at gmail.com>
> >> wrote:
> >>
> >>
> >>> But i have to try with the "+"symbol, just like this exemple?
> >>>
> >>> SAMBA+Administrator
> >>> or
> >>> i have to try like this way
> >>>
> >>> SAMBAAdminitrator
> >>>
> >>> ???
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Atte,
> >>> Hélio Calaça Filho
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  https://lists.samba.org/mailman/listinfo/samba
> >>>
> >>>
> >
>
> --
> Oliver Henriot, UMS MI2S, http://mi2s.imag.fr/
> Moyens Informatiques et Multimédia
> Domaine universitaire BP53 / 38041 Grenoble cedex 9 / France
> tel.: +33 4 76 51 43 48      fax: +33 4 76 51 47 15
>
> Trust in CNRS's certificates
> http://igc.services.cnrs.fr/Doc/General/trust.html
>
>
>

More information about the samba mailing list