Winbind on Samba 2.2.2-pre

jtrostel at snapserver.com jtrostel at snapserver.com
Thu Sep 20 07:13:10 GMT 2001 

On 20-Sep-2001 leif.klepp at starcut.com wrote:
> Hi,
> 
> {
>    Not sure whether this is ntdomain only, or part technical,
>    so please excuse cross-posting
> }
> 
> As the subject says, I'm trying to run Winbind on Samba 2.2.2-pre,
> just dl'ed from CVS.
> 
> Running Win2K on domain servers, one PDC, one BDC.
> 
> Samba 2.2.2-pre compiled with following options:
>    --with-pam
>    --with-acl-support
>    --with-smbmount
>    --with-winbind
>    --enable-shared=no
> 
> Linux server running RedHat 7.1, with custom kernel including
> XFS support, ACLs, and Compaq FibreChannel support (if relevant).
> 
> I could not find samedit, so I used smbpasswd to join the domain.
> No errors (Joined domain).
> 
> "wbinfo -t" claims that the "secret is good"
> "wbinfo -n <username>" resolves to SID
> "wbinfo -u" results in "error looking up domain users"
> "wbinfo -g" results in "error looking up domain groups"

Did you use "winbind -u" or rather "winbind BIG_MACHINE -u" (where BIG_MACHINE
is the Domain PDC)?  You should add in the PDC name in this command.

> "getent passwd" and "getent groups" lists only my Unix-created ones
> 
> libnss_winbind.so.2 copied to /lib
> pam_winbind.so copied to /lib/security

Yup... that looks right.
 
> Tried to fix /etc/pam.d/login .../passwd and .../samba to enable
> domain logins, but does not work correctly yet..
> According to my "messages" log, pam_winbind authorises the user,
> but the user is not known to the underlying authentication arch.
> (I presume this may mean that my pam-settings are screwed up)

I'm looking into this myself today and will write up a HOW-TO for RH systems
with pam_stack.so in the pam.d files for later today (hopefully).  I'll bet
your files are (also) incorrect at the moment

> 
> I have a bunch of .tdb's in the .../locks directory, including:
>  winbindd_idmap.tdb => 8192 bytes
>  winbindd_cache.tdb => 696 bytes

agrees with what I see here also.
 
> If anybody has any clues or opinion as to what may be the problem(s),
> and/or the correct pam settings for domain logons to the linux server
> (both console and samba), I'm more than happy to restart the samba
> deamons (including winbind) with a higher debug level and provide
> the log (or extracts to the list)..

I'll distribute my configs when I get them working ;->

-- 
John M. Trostel
Senior Software Engineer
Quantum / SnapAppliances
jtrostel at snapserver.com

More information about the samba-technical mailing list