[Samba] Samba from Sunfreeware and nss_winbind.so
David Markey
dmarkey at dodds.dmarkey.com
Fri Dec 4 08:03:44 MST 2009
I *think* there'e GPLv3 problems with distributing samba 3.4 with Solaris.
You could be waiting a while.
On Fri, 04 Dec 2009 09:59:06 -0500, Gaiseric Vandal
<gaiseric.vandal at gmail.com> wrote:
> On 12/03/09 17:42, Gaiseric Vandal wrote:
>> Sunfreeware.com has compiled packages of Samba 3.4.2 with kerberos and
>> ldap support included (if you also install the ldap and kerberos
>> packages from sunfreeware.) However it does not include the
>> nss_winbind.so.* or libnss_winbind.so.* files.
>>
>>
>> Solaris does include nss_winbind.so already (since it is included with
>> Samba 3.0.x) or I could compile it from the 3.4.x source code. But
>> then I am not sure if either of these would be compatible with
>> Sunfreeware samba.
>>
>> I am using winbind in /etc/nsswitch.conf for supporting users in a
>> trusted domain. under samba 3.0.x "getent passwd" did return users
>> from a trusted domain. On 3.4 it is not, although "wbinfo -u" is
>> working.
>>
>>
>> Thanks
>>
>>
>>
>
> I copied the nss_winbind.so file I compiled to /usr/local/samba/lib.
> Samba will use that in preference to any files in /usr/lib so I didn't
> need to delete or move Sun provided nss_winbind.so file.
>
>
> I added the following to smb.conf (they had not been required in samba
> 3.0.x.)
>
> idmap uid = 30000-39999
> idmap gid = 30000-39999
>
>
> The following entries already exisited in smb.conf (and had been
sufficient
>
>
> idmap config TRUSTEDWINDOMAIN:backend = ldap
> #idmap config TRUSTEDWINDOMAIN:readonly = no
> idmap config TRUSTEDWINDOMAIN:readonly = yes
> idmap config TRUSTEDWINDOMAIN:default=no
> idmap config TRUSTEDWINDOMAIN:ldap_base_dn =
> ou=administration,ou=idmap,o=domain.com
> idmap config TRUSTEDWINDOMAIN:ldap_user_dn = cn=Directory Manager
> idmap config TRUSTEDWINDOMAIN:ldap_url = ldap://ldapserver1.domain.com
> idmap config TRUSTEDWINDOMAIN:range = 30000-39999
>
>
>
> idmap alloc backend = ldap
> idmap alloc config:ldap_base_dn = ou=alloc,ou=idmap,o=domain.com
> idmap alloc config:ldap_user_dn = cn=Directory Manager
> idmap alloc config:ldap_url = ldap://ldapserver1.domain.com
> idmap alloc config:range = 30000-39999
>
>
>
> I also needed to add the following line to smb.conf
>
> client schannel = no
>
> This resolved "cm_get_ipc_userpass: No auth-user defined " error
> messages in winbindd.log. I suspect this may be need to be set on the
> PDC to resolve some other domain trust issues. The trusted domain is
> Windows 2003 in mixed mode.
>
>
> Ideally Sun will one day provide their own build of Samba 3.4.x.
More information about the samba
mailing list