[Samba] Samba from Sunfreeware and nss_winbind.so

David Markey dmarkey at dodds.dmarkey.com
Fri Dec 4 08:03:44 MST 2009 

I *think* there'e GPLv3 problems with distributing samba 3.4 with Solaris.

You could be waiting a while.



On Fri, 04 Dec 2009 09:59:06 -0500, Gaiseric Vandal
<gaiseric.vandal at gmail.com> wrote:
> On 12/03/09 17:42, Gaiseric Vandal wrote:
>> Sunfreeware.com has compiled packages of Samba 3.4.2 with kerberos and 
>> ldap support included (if you also install the ldap and kerberos 
>> packages from sunfreeware.)   However it does not include the 
>> nss_winbind.so.*  or libnss_winbind.so.* files.
>>
>>
>> Solaris does include nss_winbind.so already (since it is included with 
>> Samba 3.0.x) or I could compile it from the 3.4.x source code.   But 
>> then I am not sure if either of these would be compatible with 
>> Sunfreeware samba.
>>
>> I am using winbind in /etc/nsswitch.conf for supporting users in a 
>> trusted domain.    under samba 3.0.x "getent passwd" did return users 
>> from a trusted domain.   On 3.4 it is not, although "wbinfo -u" is 
>> working.
>>
>>
>> Thanks
>>
>>
>>
> 
> I copied the nss_winbind.so  file I compiled to /usr/local/samba/lib.   
> Samba will use that in preference to any files in /usr/lib so I didn't 
> need to delete or move Sun provided nss_winbind.so file.
> 
> 
> I added the following to smb.conf  (they had not been required in samba 
> 3.0.x.)
> 
> idmap uid = 30000-39999
> idmap gid = 30000-39999
> 
> 
> The following entries already exisited in smb.conf (and had been
sufficient
> 
> 
> idmap config TRUSTEDWINDOMAIN:backend = ldap
> #idmap config TRUSTEDWINDOMAIN:readonly = no
> idmap config TRUSTEDWINDOMAIN:readonly = yes
> idmap config TRUSTEDWINDOMAIN:default=no
> idmap config TRUSTEDWINDOMAIN:ldap_base_dn = 
> ou=administration,ou=idmap,o=domain.com
> idmap config TRUSTEDWINDOMAIN:ldap_user_dn = cn=Directory Manager
> idmap config TRUSTEDWINDOMAIN:ldap_url = ldap://ldapserver1.domain.com
> idmap config TRUSTEDWINDOMAIN:range = 30000-39999
> 
> 
> 
> idmap alloc backend = ldap
> idmap alloc config:ldap_base_dn = ou=alloc,ou=idmap,o=domain.com
> idmap alloc config:ldap_user_dn = cn=Directory Manager
> idmap alloc config:ldap_url = ldap://ldapserver1.domain.com
> idmap alloc config:range = 30000-39999
> 
> 
> 
> I also needed to add  the following line to smb.conf
> 
> client schannel = no
> 
> This resolved "cm_get_ipc_userpass: No auth-user defined " error 
> messages in winbindd.log.    I suspect this may be need to be set on the 
> PDC  to resolve some other domain trust issues.  The trusted domain is 
> Windows 2003 in mixed mode.
> 
> 
> Ideally Sun will one day  provide their own build of Samba 3.4.x.

More information about the samba mailing list