Winbind on HPUX 11, some small progress
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Thu Feb 6 20:37:26 GMT 2003
ps, the fact that get getpwent and getent programs that you are running do
NOT
return any output indicate that the issue is probably with the
libnss_winbind.so
on your system..
Don
> -----Original Message-----
> From: Miles Roper [mailto:mroper at westcoastdhb.org.nz]
> Sent: Thursday, February 06, 2003 15:31
> To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical at lists.samba.org;
> 'samba at lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide';
> michael_steffens at bbn.exch.hp.com; 'Richard Sharpe'; 'John H Terpstra';
> GILCHRIST,KIM (HP-NewZealand,ex1)
> Subject: RE: Winbind on HPUX 11, some small progress
>
>
> Hi Don,
>
> Michael Steffens a while back sent me a compiled version of
> getent which I
> couldn't get to work.
>
> I compiled your version and it doesn't seem to produce any
> result either,
> seems to return immeditaly without doing anything.
>
> ie
> coastdr: /mnt/1/samba/test> ./getent passwd WESTCOASTDHB+mroper
> coastdr: /mnt/1/samba/test>
>
> If I run it without any parameters I get a core dump :o)
>
> Better tell you that I'm compiling winbind with gcc 3.01 on hpux. I
> compiled the getent program you sent me with.
>
> gcc -c -I. -g -O2 getent.c
> gcc -g getent.o -o getent
>
> >From what you have said it would seem like libnss_winbind.so
> itsn't working.
> Anyway to get any debug output?
>
> Here is my /usr/lib/libnss*
>
> -r-xr-xr-x 1 bin bin 28672 Mar 13 2001
> libnss_compat.1
> -r-xr-xr-x 1 bin bin 104536 Nov 6 1997 libnss_dns.1
> -r-xr-xr-x 1 bin bin 40960 Mar 7 2001
> libnss_files.1
> lrwxrwxrwx 1 root sys 17 Jan 27 09:49
> libnss_ldap.1 ->
> libns
> s_winbind.so
> -r-xr-xr-x 1 bin bin 40960 Mar 13 2001 libnss_nis.1
> -r-xr-xr-x 1 bin bin 57344 Mar 13 2001
> libnss_nisplus.1
> -r-xr-xr-x 1 bin bin 28672 Jan 24 15:23
> libnss_winbind.so
> lrwxrwxrwx 1 root sys 17 Jan 27 11:51
> libnss_winbind.so.1 ->
> libnss_winbind.so
> lrwxrwxrwx 1 root sys 17 Oct 15 16:14
> libnss_winbind.so.2 ->
> libnss_winbind.so
>
> Here is my /etc/nsswitch.conf
>
> hosts: dns [NOTFOUND=continue UNAVAIL=continue
> TRYAGAIN=continue] files
> [N
> OTFOUND=return UNAVAIL=continue TRYAGAIN=return]
> passwd: files winbind
> group: files winbind
>
> Here is the compile output from libnss_winbind.so
>
> Compiling nsswitch/winbind_nss.c with -fpic
> nsswitch/winbind_nss.c: In function `fill_pwent':
> nsswitch/winbind_nss.c:600: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:612: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:629: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:641: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:653: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `fill_grent':
> nsswitch/winbind_nss.c:690: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:702: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:728: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:753: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getpwent_r':
> nsswitch/winbind_nss.c:870: warning: passing arg 4 of
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getpwuid_r':
> nsswitch/winbind_nss.c:920: warning: passing arg 4 of
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:933: warning: passing arg 4 of
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getpwnam_r':
> nsswitch/winbind_nss.c:982: warning: passing arg 4 of
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:995: warning: passing arg 4 of
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getgrent_r':
> nsswitch/winbind_nss.c:1119: warning: passing arg 5 of
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getgrnam_r':
> nsswitch/winbind_nss.c:1179: warning: passing arg 5 of
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:1193: warning: passing arg 5 of
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getgrgid_r':
> nsswitch/winbind_nss.c:1242: warning: passing arg 5 of
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:1256: warning: passing arg 5 of
> `fill_grent' from
> incompatible pointer type
> Compiling nsswitch/winbind_nss_solaris.c with -fpic
> Linking nsswitch/libnss_winbind.so
>
> Any idea where to go from here?
>
> Cheers
>
> Miles
>
> -----Original Message-----
> From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
> Sent: Thursday, 6 February 2003 05:53 a.m.
> To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1);
> samba-technical at lists.samba.org; 'samba at lists.samba.org';
> 'Esh, Andrew';
> 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe';
> 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1)
> Subject: RE: Winbind on HPUX 11, some small progress
>
>
> Hi Miles,
> This sounds like a
> PAM_USER_UNKNOWN 13
> error. Which would indicate that winbind daemon did it's job
> (ie passed the
> username and
> password to the password server ,and got validation back that
> the user is
> authenticated,
> but then when it went thru the nsswitch stuff to 'look up'
> the user, that
> failed.
> Kinda wierd. I don't have your original post, but I'm
> assuming that you
> have
> passwd: files winbind
> group: files winbind
>
> in your /etc/nsswitch.conf file
> and that you have working links to the winbind nss code
> (look something
> like this):
>
> 46 Aug 27 11:16 /usr/lib/libnss_winbind.1 ->
> /usr/local/samba/lib/winbind/libnss_winbind.so
>
>
> To verify that your nsswitch code is working compile the
> getent.c program I
> have attached to this message, and then verify that you can get an
> appropriate uid/gid back for a user
> defined on your NT password server in the following manner;
>
> getent passwd <domainname><domainseparator><username>
> (for instance on my system, I use '+' as winbind domain
> separator, and my
> domain is atl-wtec,
> so: getent passwd atl-wtec+administrator returns me the
> 'passwd' entry
> faked up from the
> NT domain controller I am a member of.
>
> Just a thought,
> Don
>
> > -----Original Message-----
> > From: Miles Roper [mailto:mroper at westcoastdhb.org.nz]
> > Sent: Tuesday, February 04, 2003 21:28
> > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical at lists.samba.org;
> > 'samba at lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide';
> > michael_steffens at bbn.exch.hp.com; 'Richard Sharpe'; 'John H
> Terpstra';
> > Kim (E-mail)
> > Subject: Winbind on HPUX 11, some small progress
> >
> >
> > Hi All,
> >
> > Well, i've managed to enable some debugging in syslog, I
> had to put in
> > /etc/syslog.conf
> >
> > ;*.debug
> >
> > on the syslog line.
> >
> > So at least I have an error which is being returned into syslog from
> > winbind.
> >
> > This is what I get from winbind
> >
> > Feb 4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie'
> > Feb 4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie'
> > granted acces
> > Feb 4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting
> > with return code
> > 13
> >
> > This is what I get from pamsmb (ignore the dates, they are a
> > bit funny for
> > some reason)
> >
> > Feb 5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user
> > unix:trainingus
> > er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC:
> > Feb 5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry
> > Feb 4 20:53:55 coastdr : pamsmbd: Got something back... 0
> > Feb 4 20:53:55 coastdr : pam_smb: got back 0 username traininguser
> > Feb 4 20:53:55 coastdr : LOGIN: exiting with return code 13
> >
> > So the error with pamsmb and winbind is the same. I've done
> > a man on login
> > and can only find a description of errors, not the error
> > codes. What is
> > error code 13? If I can find that out it will make looking
> > for it a bit
> > easier. I thought it might be that the shell doens't exist,
> > but I tried
> > making a user with a invalid shell and get back error code 1,
> > so its not
> > that.
> >
> > Ideas?
> >
> > Cheers
> >
> > Miles
> >
> >
> > -----Original Message-----
> > From: Miles Roper
> > Sent: Monday, 3 February 2003 08:54 a.m.
> > To: 'MCCALL,DON (HP-USA,ex1)'
> > Cc: 'samba-technical at lists.samba.org'; 'samba at lists.samba.org'; Esh,
> > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard
> > Sharpe'; 'John H Terpstra'
> > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> Please Help
> >
> >
> > Thanks for your help, still no luck though. More info for you.
> >
> > with no debug statements in my /etc/pam.conf I get in sys log
> > the following.
> >
> > Feb 2 14:43:02 coastdr pam_winbind[2832]: user
> > 'traininguser' granted acces
> >
> > with debug turned on I get
> >
> > Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user
> `traininguser'
> > Feb 2 14:47:49 coastdr pam_winbind[2839]: user
> > 'traininguser' granted acces
> >
> > the user is still logging out.
> >
> > incidentlally, when I log in as a unix user, rather than a
> > win2k user I
> > don't get anything in sys log. I've included my pam.conf below.
> >
> > Also, I checked for /etc/shells, no such file, and I have set
> > my smb.conf
> > shell line to
> >
> > template shell = /sbin/sh
> >
> > and also tried
> >
> > template shell = /usr/bin/sh
> >
> > both files exist.
> >
> > #
> > # PAM configuration
> > #
> > # Authentication management
> > #
> > login auth sufficient
> /usr/lib/security/libpam_unix.1 debug
> > login auth sufficient /usr/lib/security/libpam_winbind.1
> > debug
> > #login auth sufficient
> /usr/lib/security/libpam_smb.1 nolocal
> > debug
> > su auth required /usr/lib/security/libpam_unix.1 debug
> > dtlogin auth required /usr/lib/security/libpam_unix.1 debug
> > dtaction auth required /usr/lib/security/libpam_unix.1 debug
> > ftp auth required /usr/lib/security/libpam_unix.1 debug
> > OTHER auth required /usr/lib/security/libpam_unix.1 debug
> > #
> > # Account management
> > #
> > login account sufficient
> /usr/lib/security/libpam_unix.1 debug
> > login account sufficient /usr/lib/security/libpam_winbind.1
> > debug
> > su account required
> /usr/lib/security/libpam_unix.1 debug
> > dtlogin account required
> /usr/lib/security/libpam_unix.1 debug
> > dtaction account required
> /usr/lib/security/libpam_unix.1 debug
> > ftp account required
> /usr/lib/security/libpam_unix.1 debug
> > #
> > OTHER account required
> /usr/lib/security/libpam_unix.1 debug
> > #
> > # Session management
> > #
> > login session sufficient
> /usr/lib/security/libpam_unix.1 debug
> > login session sufficient /usr/lib/security/libpam_winbind.1
> > debug
> > dtlogin session required
> /usr/lib/security/libpam_unix.1 debug
> > dtaction session required
> /usr/lib/security/libpam_unix.1 debug
> > OTHER session required
> /usr/lib/security/libpam_unix.1 debug
> > #
> > # Password management
> > #
> > login password sufficient
> /usr/lib/security/libpam_unix.1 debug
> > login password sufficient /usr/lib/security/libpam_winbind.1
> > debug
> > passwd password required
> /usr/lib/security/libpam_unix.1 debug
> > passwd password required /usr/lib/security/libpam_winbind.1
> > debug
> > dtlogin password required
> /usr/lib/security/libpam_unix.1 debug
> > dtaction password required
> /usr/lib/security/libpam_unix.1 debug
> > OTHER password required
> /usr/lib/security/libpam_unix.1 debug
> >
> > Cheers
> >
> > Miles
> >
> > -----Original Message-----
> > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
> > Sent: Saturday, 1 February 2003 04:53 a.m.
> > To: 'John H Terpstra'; Miles Roper
> > Cc: 'samba-technical at lists.samba.org'; 'samba at lists.samba.org'; Esh,
> > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON
> > (HP-USA,ex1); 'Richard Sharpe'
> > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> Please Help
> >
> >
> > Hi, Miles,
> > Actually on HP-UX, you will need to add the word 'debug' at
> > the end of each
> > of
> > the lines in you /etc/pam.conf file, to enable more debugging
> > to go into the
> >
> > /var/adm/syslog/syslog.log file.
> >
> > One thing that I have seen something like this happen on is if the
> > /etc/shells file is corrupt, or if the shell that is defined
> > for the user
> > (since they don't have a /etc/passwd entry, this would be
> > whatever you put
> > in
> > template in the smb.conf) does not exactly match one of the lines in
> > /etc/shells,
> > or the defaults, if this file does not exist.
> > The defaults for 11.0 are:
> >
> >
> >
> > /sbin/sh
> > /usr/bin/sh
> > /usr/bin/rsh
> > /usr/bin/ksh
> > /usr/bin/rksh
> > /usr/bin/csh
> > /usr/bin/keysh
> >
> > Hope this helps,
> > Don
> > > -----Original Message-----
> > > From: John H Terpstra [mailto:jht at samba.org]
> > > Sent: Friday, January 31, 2003 1:36
> > > To: Miles Roper
> > > Cc: 'samba-technical at lists.samba.org';
> 'samba at lists.samba.org'; Esh,
> > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1);
> 'MCCALL,DON
> > > (HP-USA,ex1)'; 'Richard Sharpe'
> > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> > Please Help
> > >
> > >
> > > On Fri, 31 Jan 2003, Miles Roper wrote:
> > >
> > > > Hi Everyone,
> > > >
> > > > I'm forgetting about the password one at the moment, thanks
> > > for all your
> > > > input :o)
> > > >
> > > > I still don't have a clue how to solve my main problem.
> > > I'm assuming that
> > > > its not actually winbind related now, as I've recently
> > > tried pam_smb and get
> > > > the same basic problem.
> > > >
> > > > Basically, when I log into the UNIX box, the
> > > username/password of a NT user
> > > > is being authenticated, but doesn't actually log in. It
> > > doesn't get past
> > > > the password line. I know it accepts the password. Its
> > > almost as if it
> > > > can't find the shell. But the template variable is set
> > > within the smb.conf
> > > > file. Permissions are fine. I have exactly the same
> > > problem with the
> > > > pam_smb module.
> > >
> > > So what does PAM report into your /var/log files?
> > >
> > > Have you tried adding to each line in your /etc/pam.d/login
> > > (after the .so
> > > file name) the word 'audit' - this will increase the volume
> > > of debugging
> > > info spit out into /var/log/messages, or wherever PAM send
> > > this on your
> > > distro.
> > >
> > > - John T.
> > >
> > > >
> > > > If there is any further information I can send let me know.
> > > >
> > > > Ideas?
> > > >
> > > > Thanks
> > > >
> > > > Miles
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
> > > > Sent: Friday, 31 January 2003 07:06 a.m.
> > > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide
> > > > Cc: 'samba at lists.samba.org'; Esh, Andrew; Miles Roper;
> > > > 'samba-technical at lists.samba.org'; 'Richard Sharpe'
> > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> > > Please Help
> > > >
> > > >
> > > > Hi Everyone,
> > > > This whole problem with the password command not working
> > > when winbind
> > > > is included as a method in the nsswitch.conf can probably
> > > be worked around
> > > > by simply using the -r files (or -r nis or -r nisplus)
> > > switch. Take a look
> > > > at the man page for passwd on HP-UX 11.x and see if this
> > > won't help you
> > > > out.
> > > > Hope this helps,
> > > > Don
> > > >
> > > > > -----Original Message-----
> > > > > From: Michael Steffens [mailto:michael.steffens at hp.com]
> > > > > Sent: Tuesday, January 28, 2003 11:52
> > > > > To: Ronan Waide
> > > > > Cc: 'samba at lists.samba.org'; Esh, Andrew; Miles Roper;
> > > > > 'samba-technical at lists.samba.org'; 'Richard Sharpe'
> > > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally
> > > Stuck, Please Help
> > > > >
> > > > >
> > > > > Ronan Waide wrote:
> > > > > > On January 28, Andrew_Esh at adaptec.com said:
> > > > > >
> > > > > >>I don't have HPUX, so I don't know what to suggest for
> > > > > that. I just know
> > > > > >>getent won't work without winbindd in nsswitch.conf
> on Linux.
> > > > > >
> > > > > >
> > > > > > I think the point that was being made is that NSS support
> > > > > on HPUX only
> > > > > > supports a few known types, of which one is LDAP. The
> > > discussion was
> > > > > > basically about faking out the system so that what it
> > > thinks is LDAP
> > > > > > is actually winbind.
> > > > >
> > > > > Yep. It's a HP-UX specific workaround. Please ignore it
> > > > > everywhere else.
> > > > >
> > > > > Michael
> > > > >
> > > > >
> > > >
> > >
> > > --
> > > John H Terpstra
> > > Email: jht at samba.org
> > >
> >
>
More information about the samba-technical
mailing list