Winbind on Samba 2.2.2-pre
leif.klepp at starcut.com
leif.klepp at starcut.com
Thu Sep 20 03:39:01 GMT 2001
Hi,
{
Not sure whether this is ntdomain only, or part technical,
so please excuse cross-posting
}
As the subject says, I'm trying to run Winbind on Samba 2.2.2-pre,
just dl'ed from CVS.
Running Win2K on domain servers, one PDC, one BDC.
Samba 2.2.2-pre compiled with following options:
--with-pam
--with-acl-support
--with-smbmount
--with-winbind
--enable-shared=no
Linux server running RedHat 7.1, with custom kernel including
XFS support, ACLs, and Compaq FibreChannel support (if relevant).
I could not find samedit, so I used smbpasswd to join the domain.
No errors (Joined domain).
"wbinfo -t" claims that the "secret is good"
"wbinfo -n <username>" resolves to SID
"wbinfo -u" results in "error looking up domain users"
"wbinfo -g" results in "error looking up domain groups"
"getent passwd" and "getent groups" lists only my Unix-created ones
libnss_winbind.so.2 copied to /lib
pam_winbind.so copied to /lib/security
Tried to fix /etc/pam.d/login .../passwd and .../samba to enable
domain logins, but does not work correctly yet..
According to my "messages" log, pam_winbind authorises the user,
but the user is not known to the underlying authentication arch.
(I presume this may mean that my pam-settings are screwed up)
I have a bunch of .tdb's in the .../locks directory, including:
winbindd_idmap.tdb => 8192 bytes
winbindd_cache.tdb => 696 bytes
When I was running winbindd with a higher debug-level, I did
see some error messages which claimed access denied (possibly
NT_STATUS_ACCESS_DENIED?)..
If anybody has any clues or opinion as to what may be the problem(s),
and/or the correct pam settings for domain logons to the linux server
(both console and samba), I'm more than happy to restart the samba
deamons (including winbind) with a higher debug level and provide
the log (or extracts to the list)..
Thanks in advance,
/Leif K.
More information about the samba-technical
mailing list