RH 7.0 and Winbind in an NT4.0 domain

Patrick Spinler spinler.patrick at mayo.edu
Mon Feb 26 16:38:57 GMT 2001 

Shaun:

I'm trying to get a very similar configuration working (rh 6.2 instead
of 7.0, though).  

First, it sounds like you may have a basic samba configuration issue. 
smbd and nmbd not starting is the first thing I'd look into.  Do you
have samba installed where the init.d/smb script expects ?  It sounds
like that script isn't finding smbd/nmbd.

Second, I don't think that your domain membership for these machines is
going to do you any good.  Specifically, the dual boot is going to muck
you up.  Both half's of the machine can't be members in the nt domain
under the same machine account unless you have a magic way for both
sides to share the same machine password entry (in winnt registry and
linux /etc/.../DOMAIN.MACHINE.mac file)

Third, it looks like your getent command is hanging on input from
winbindd.  To help debug what's going on with winbindd, check out
running winbindd interactively with "-i" and the debug option "-d100".  

Someone suggested to me that I dump the precompiled winbindd and
recompile from the APPLIANCE_TNG cvs branch.  I'm going to give that a
try today or tomorrow.

-- Pat

Shaun Cloherty wrote:
> 
> Forgive me if this is not the appropriate list - please direct me to a
> more appropriate forum.
> 
> I have a number of client machines running Linux (RH7.0) which I need to
> make available to existing users of our NT4.0 domain. Winbind seem to be
> the ticket I am looking for, so I downloaded and installed the
> samba-appliance-0.5-1 rpm. I have been following the directions in the
> winbindd man page, but havn't managed to get it working.
> 
> I have made the suggested changes to /etc/nsswitch.conf, but havn't yet
> tackled the PAM issues. There are existing accounts on the NT server for
> these machines - they dual boot Win2k - which I have confirmed using
> samedit included in the samba-appliance rpm.
> 
> I have created a /etc/samba/smb.conf file based on the winbindd man
> page.
> 
> When I start the smbd and nmbd daemons (via /etc/rc.d/init.d/smb start)
> I see this;
> 
> Starting SMB services: execvp: No such file or directory    [FAILED]
> 
> Starting NMB services: execvp: No such file or directory    [FAILED]
> 
> I don't think this is a Samba issue, since I can start the daemons by
> hand (smbd -D; nmbd -D) without any problem... but if anyone has any
> suggestions on how to fix it, please let me know.
> 
> I'm not sure how I am supposed to start the winbind daemon, but simply
> typing 'winbindd' at the prompt seems to do it... let me know if there
> is more to it than that.
> 
> Now, when I run 'getent passwd' as suggested in the man page, I see only
> the users listed in the /etc/passwd file... no NT domain users. Am I
> correct in assuming that at this point, if all is well, I should be
> seeing a list of NT domain users in addition to the local unix users
> (from /etc/passwd)?  It is my understanding that simply listing the
> users via 'getent passwd' is a name service issue, so I expected it to
> work even though I have not dealt with the PAM configuration yet.... am
> I wrong?  If so, which services under /etc/pam.d do I have to tweak to
> make 'getent passwd' to work?
> 
> An 'strace' of 'getent passwd' indicates that it reads
> /etc/nsswitch.conf (as expected), then reads the /etc/passwd file,
> echoing the entries to stdout, then goes looking for
> libnss_winbind.so.2, presumably to do the winbind  magic so as to list
> the NT domain users.  The winbindd man page said to put
> libnss_winbind.so.2 in /lib, yet no libnss_switch.so.2 came in the
> samba-appliance rpm, it installs /lib/libnss_winbind.so.  Simply
> renaming libnss_winbind.so to libnss_winbind.so.2 seems ok, in that an
> strace indicates that it finds the library, does its thing, but times
> out writing/reading from /tmp/.winbindd/pipe. I don't know how to
> proceed from here?
> 
> Any assistance would be greatly appreciated,
> 
> Shaun
>  --
> Shaun Cloherty
> Graduate School of Biomedical Engineering
> University of New South Wales

-- 
      This message does not represent the policies or positions
	     of the Mayo Foundation or its subsidiaries.
  Patrick Spinler			email:	Spinler.Patrick at Mayo.EDU
  Mayo Foundation			phone:	507/284-9485

More information about the samba-ntdom mailing list