Winbind on Samba 2.2.2-pre

[leif.klepp at starcut.com]

Hi again,

> > Tried to fix /etc/pam.d/login .../passwd and .../samba to enable
> > domain logins, but does not work correctly yet..
> > According to my "messages" log, pam_winbind authorises the user,
> > but the user is not known to the underlying authentication arch.
> > (I presume this may mean that my pam-settings are screwed up)
>
> You don't need to change anything in /etc/pam.d if you won't have domain
> accounts logging into the samba box. Getent passwd should return the
domain
> users without any changes in the pam files.

Well, domain account login would be nice as I will have some Win2K
users which occasionally have to check out how web pages look using
the browsers available of linux, etc., but it is a secondary objective.

First I need to get the domain users listed I guess :)

> Have you added the 'winbind' entry in /etc/nsswitch.conf? Should be:
>
> passwd:       files winbind
> group:        files winbind

Done, checked, and double-checked. Even ran strace on "getent passwd"
as somebody recommended for a similar (same?) problem. Retrieves everything
from /etc/passwd, loads the winbind libraries, makes a connection, and
(as far as I could decode it, first time looking at strace) received a
bunch of zero-data back (and some timeouts..)

>
> If you still have problems, change the 'name resolution order' entry in
> smb.conf to 'bcast' (of course your samba server and nt pdc/bdc must be
on
> the sabe subnet for this to work).

I don't see how the name resolution can be the problem, as it manages
to connect to the PDC, retrieve the dc for both the server and the
domain, as well as authenticate users.

Anyway, did follow your advice, and it didn't help either I'm afraid :(

Running winbindd under debuglevel 5, it generates a lot of messages,
related to cli_pipe.c and rpc_parse/parse_rps.c.

Still baffled..

BR,
/Leif