Winbind on Samba 2.2.2-pre
jtrostel at snapserver.com
jtrostel at snapserver.com
Thu Sep 20 07:13:10 GMT 2001
On 20-Sep-2001 leif.klepp at starcut.com wrote:
> Hi,
>
> {
> Not sure whether this is ntdomain only, or part technical,
> so please excuse cross-posting
> }
>
> As the subject says, I'm trying to run Winbind on Samba 2.2.2-pre,
> just dl'ed from CVS.
>
> Running Win2K on domain servers, one PDC, one BDC.
>
> Samba 2.2.2-pre compiled with following options:
> --with-pam
> --with-acl-support
> --with-smbmount
> --with-winbind
> --enable-shared=no
>
> Linux server running RedHat 7.1, with custom kernel including
> XFS support, ACLs, and Compaq FibreChannel support (if relevant).
>
> I could not find samedit, so I used smbpasswd to join the domain.
> No errors (Joined domain).
>
> "wbinfo -t" claims that the "secret is good"
> "wbinfo -n <username>" resolves to SID
> "wbinfo -u" results in "error looking up domain users"
> "wbinfo -g" results in "error looking up domain groups"
Did you use "winbind -u" or rather "winbind BIG_MACHINE -u" (where BIG_MACHINE
is the Domain PDC)? You should add in the PDC name in this command.
> "getent passwd" and "getent groups" lists only my Unix-created ones
>
> libnss_winbind.so.2 copied to /lib
> pam_winbind.so copied to /lib/security
Yup... that looks right.
> Tried to fix /etc/pam.d/login .../passwd and .../samba to enable
> domain logins, but does not work correctly yet..
> According to my "messages" log, pam_winbind authorises the user,
> but the user is not known to the underlying authentication arch.
> (I presume this may mean that my pam-settings are screwed up)
I'm looking into this myself today and will write up a HOW-TO for RH systems
with pam_stack.so in the pam.d files for later today (hopefully). I'll bet
your files are (also) incorrect at the moment
>
> I have a bunch of .tdb's in the .../locks directory, including:
> winbindd_idmap.tdb => 8192 bytes
> winbindd_cache.tdb => 696 bytes
agrees with what I see here also.
> If anybody has any clues or opinion as to what may be the problem(s),
> and/or the correct pam settings for domain logons to the linux server
> (both console and samba), I'm more than happy to restart the samba
> deamons (including winbind) with a higher debug level and provide
> the log (or extracts to the list)..
I'll distribute my configs when I get them working ;->
--
John M. Trostel
Senior Software Engineer
Quantum / SnapAppliances
jtrostel at snapserver.com
More information about the samba-technical
mailing list