Winbind on HPUX 11, some small progress
MCCALL,DON (HP-USA,ex1)
don_mccall at hp.com
Thu Feb 6 20:49:31 GMT 2003
Hi Miles,
reading further;
change you link to the following:
lrwxr-xr-x 1 root sys 46 Aug 27 11:16
/usr/lib/libnss_winbin
d.1 -> libnss_winbind.so
We (HP-UX) don't know from .so files...
So winbind in nsswitch.conf entries is going to trigger looking for a
libnss_winbind.1
NOT a libnss_winbind.so.1
See if that doesn't help,
Don
> -----Original Message-----
> From: Miles Roper [mailto:mroper at westcoastdhb.org.nz]
> Sent: Thursday, February 06, 2003 15:41
> To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical at lists.samba.org;
> 'samba at lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide';
> michael_steffens at bbn.exch.hp.com; 'Richard Sharpe'; 'John H Terpstra';
> GILCHRIST,KIM (HP-NewZealand,ex1)
> Subject: RE: Winbind on HPUX 11, some small progress
>
>
> had the same problem, I thought compiling it from scratch may fix it,
> although I've only just recently worked out how to get the
> extra debugging
> from pam, but symptoms were exactly the same.
>
> has taken me a long time to work out how to compile it on
> hpux with gcc, had
> to change a include file and the configure script, i've
> included it for you
> interest :o)
>
> in configure find
>
> if test $ac_cv_prog_cc_Ae = yes; then
> BLDSHARED="true"
> SHLD="/usr/bin/ld"
> LDSHFLAGS="-B symbolic -b -z"
> PICFLAG="+z"
> fi
>
> change to
>
> #if test $ac_cv_prog_cc_Ae = yes; then
> BLDSHARED="true"
> SHLD="/usr/bin/ld"
> LDSHFLAGS="-B symbolic -b -z"
> # PICFLAG="+z"
> #fi
>
> find
> /usr/local/lib/gcc-lib/hppa2.0n-hp-hpux11.00/3.1/include/stdio.h
> BEFORE
> extern int snprintf(char *, _hpux_size_t, char *,...);
> AFTER
> extern int snprintf(char *, _hpux_size_t, const char *,...);
>
> ps, that was quick :o)
>
> -----Original Message-----
> From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
> Sent: Friday, 7 February 2003 09:36 a.m.
> To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1);
> samba-technical at lists.samba.org; 'samba at lists.samba.org';
> 'Esh, Andrew';
> 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe';
> 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1)
> Subject: RE: Winbind on HPUX 11, some small progress
>
>
> Hi Miles,
> any reason you are compiling it yourself, instead of pulling
> the depot from
> the samba ftp site?
> That is what I am using successfully.
> Don
>
> > -----Original Message-----
> > From: Miles Roper [mailto:mroper at westcoastdhb.org.nz]
> > Sent: Thursday, February 06, 2003 15:31
> > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical at lists.samba.org;
> > 'samba at lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide';
> > michael_steffens at bbn.exch.hp.com; 'Richard Sharpe'; 'John H
> Terpstra';
> > GILCHRIST,KIM (HP-NewZealand,ex1)
> > Subject: RE: Winbind on HPUX 11, some small progress
> >
> >
> > Hi Don,
> >
> > Michael Steffens a while back sent me a compiled version of
> > getent which I
> > couldn't get to work.
> >
> > I compiled your version and it doesn't seem to produce any
> > result either,
> > seems to return immeditaly without doing anything.
> >
> > ie
> > coastdr: /mnt/1/samba/test> ./getent passwd WESTCOASTDHB+mroper
> > coastdr: /mnt/1/samba/test>
> >
> > If I run it without any parameters I get a core dump :o)
> >
> > Better tell you that I'm compiling winbind with gcc 3.01 on hpux. I
> > compiled the getent program you sent me with.
> >
> > gcc -c -I. -g -O2 getent.c
> > gcc -g getent.o -o getent
> >
> > >From what you have said it would seem like libnss_winbind.so
> > itsn't working.
> > Anyway to get any debug output?
> >
> > Here is my /usr/lib/libnss*
> >
> > -r-xr-xr-x 1 bin bin 28672 Mar 13 2001
> > libnss_compat.1
> > -r-xr-xr-x 1 bin bin 104536 Nov 6 1997
> libnss_dns.1
> > -r-xr-xr-x 1 bin bin 40960 Mar 7 2001
> > libnss_files.1
> > lrwxrwxrwx 1 root sys 17 Jan 27 09:49
> > libnss_ldap.1 ->
> > libns
> > s_winbind.so
> > -r-xr-xr-x 1 bin bin 40960 Mar 13 2001
> libnss_nis.1
> > -r-xr-xr-x 1 bin bin 57344 Mar 13 2001
> > libnss_nisplus.1
> > -r-xr-xr-x 1 bin bin 28672 Jan 24 15:23
> > libnss_winbind.so
> > lrwxrwxrwx 1 root sys 17 Jan 27 11:51
> > libnss_winbind.so.1 ->
> > libnss_winbind.so
> > lrwxrwxrwx 1 root sys 17 Oct 15 16:14
> > libnss_winbind.so.2 ->
> > libnss_winbind.so
> >
> > Here is my /etc/nsswitch.conf
> >
> > hosts: dns [NOTFOUND=continue UNAVAIL=continue
> > TRYAGAIN=continue] files
> > [N
> > OTFOUND=return UNAVAIL=continue TRYAGAIN=return]
> > passwd: files winbind
> > group: files winbind
> >
> > Here is the compile output from libnss_winbind.so
> >
> > Compiling nsswitch/winbind_nss.c with -fpic
> > nsswitch/winbind_nss.c: In function `fill_pwent':
> > nsswitch/winbind_nss.c:600: warning: passing arg 2 of
> > `get_static' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c:612: warning: passing arg 2 of
> > `get_static' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c:629: warning: passing arg 2 of
> > `get_static' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c:641: warning: passing arg 2 of
> > `get_static' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c:653: warning: passing arg 2 of
> > `get_static' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c: In function `fill_grent':
> > nsswitch/winbind_nss.c:690: warning: passing arg 2 of
> > `get_static' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c:702: warning: passing arg 2 of
> > `get_static' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c:728: warning: passing arg 2 of
> > `get_static' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c:753: warning: passing arg 2 of
> > `get_static' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwent_r':
> > nsswitch/winbind_nss.c:870: warning: passing arg 4 of
> > `fill_pwent' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwuid_r':
> > nsswitch/winbind_nss.c:920: warning: passing arg 4 of
> > `fill_pwent' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c:933: warning: passing arg 4 of
> > `fill_pwent' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwnam_r':
> > nsswitch/winbind_nss.c:982: warning: passing arg 4 of
> > `fill_pwent' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c:995: warning: passing arg 4 of
> > `fill_pwent' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrent_r':
> > nsswitch/winbind_nss.c:1119: warning: passing arg 5 of
> > `fill_grent' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrnam_r':
> > nsswitch/winbind_nss.c:1179: warning: passing arg 5 of
> > `fill_grent' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c:1193: warning: passing arg 5 of
> > `fill_grent' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrgid_r':
> > nsswitch/winbind_nss.c:1242: warning: passing arg 5 of
> > `fill_grent' from
> > incompatible pointer type
> > nsswitch/winbind_nss.c:1256: warning: passing arg 5 of
> > `fill_grent' from
> > incompatible pointer type
> > Compiling nsswitch/winbind_nss_solaris.c with -fpic
> > Linking nsswitch/libnss_winbind.so
> >
> > Any idea where to go from here?
> >
> > Cheers
> >
> > Miles
> >
> > -----Original Message-----
> > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
> > Sent: Thursday, 6 February 2003 05:53 a.m.
> > To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1);
> > samba-technical at lists.samba.org; 'samba at lists.samba.org';
> > 'Esh, Andrew';
> > 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe';
> > 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1)
> > Subject: RE: Winbind on HPUX 11, some small progress
> >
> >
> > Hi Miles,
> > This sounds like a
> > PAM_USER_UNKNOWN 13
> > error. Which would indicate that winbind daemon did it's job
> > (ie passed the
> > username and
> > password to the password server ,and got validation back that
> > the user is
> > authenticated,
> > but then when it went thru the nsswitch stuff to 'look up'
> > the user, that
> > failed.
> > Kinda wierd. I don't have your original post, but I'm
> > assuming that you
> > have
> > passwd: files winbind
> > group: files winbind
> >
> > in your /etc/nsswitch.conf file
> > and that you have working links to the winbind nss code
> > (look something
> > like this):
> >
> > 46 Aug 27 11:16 /usr/lib/libnss_winbind.1 ->
> > /usr/local/samba/lib/winbind/libnss_winbind.so
> >
> >
> > To verify that your nsswitch code is working compile the
> > getent.c program I
> > have attached to this message, and then verify that you can get an
> > appropriate uid/gid back for a user
> > defined on your NT password server in the following manner;
> >
> > getent passwd <domainname><domainseparator><username>
> > (for instance on my system, I use '+' as winbind domain
> > separator, and my
> > domain is atl-wtec,
> > so: getent passwd atl-wtec+administrator returns me the
> > 'passwd' entry
> > faked up from the
> > NT domain controller I am a member of.
> >
> > Just a thought,
> > Don
> >
> > > -----Original Message-----
> > > From: Miles Roper [mailto:mroper at westcoastdhb.org.nz]
> > > Sent: Tuesday, February 04, 2003 21:28
> > > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical at lists.samba.org;
> > > 'samba at lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide';
> > > michael_steffens at bbn.exch.hp.com; 'Richard Sharpe'; 'John H
> > Terpstra';
> > > Kim (E-mail)
> > > Subject: Winbind on HPUX 11, some small progress
> > >
> > >
> > > Hi All,
> > >
> > > Well, i've managed to enable some debugging in syslog, I
> > had to put in
> > > /etc/syslog.conf
> > >
> > > ;*.debug
> > >
> > > on the syslog line.
> > >
> > > So at least I have an error which is being returned into
> syslog from
> > > winbind.
> > >
> > > This is what I get from winbind
> > >
> > > Feb 4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie'
> > > Feb 4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie'
> > > granted acces
> > > Feb 4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting
> > > with return code
> > > 13
> > >
> > > This is what I get from pamsmb (ignore the dates, they are a
> > > bit funny for
> > > some reason)
> > >
> > > Feb 5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user
> > > unix:trainingus
> > > er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC:
> > > Feb 5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry
> > > Feb 4 20:53:55 coastdr : pamsmbd: Got something back... 0
> > > Feb 4 20:53:55 coastdr : pam_smb: got back 0 username
> traininguser
> > > Feb 4 20:53:55 coastdr : LOGIN: exiting with return code 13
> > >
> > > So the error with pamsmb and winbind is the same. I've done
> > > a man on login
> > > and can only find a description of errors, not the error
> > > codes. What is
> > > error code 13? If I can find that out it will make looking
> > > for it a bit
> > > easier. I thought it might be that the shell doens't exist,
> > > but I tried
> > > making a user with a invalid shell and get back error code 1,
> > > so its not
> > > that.
> > >
> > > Ideas?
> > >
> > > Cheers
> > >
> > > Miles
> > >
> > >
> > > -----Original Message-----
> > > From: Miles Roper
> > > Sent: Monday, 3 February 2003 08:54 a.m.
> > > To: 'MCCALL,DON (HP-USA,ex1)'
> > > Cc: 'samba-technical at lists.samba.org';
> 'samba at lists.samba.org'; Esh,
> > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard
> > > Sharpe'; 'John H Terpstra'
> > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> > Please Help
> > >
> > >
> > > Thanks for your help, still no luck though. More info for you.
> > >
> > > with no debug statements in my /etc/pam.conf I get in sys log
> > > the following.
> > >
> > > Feb 2 14:43:02 coastdr pam_winbind[2832]: user
> > > 'traininguser' granted acces
> > >
> > > with debug turned on I get
> > >
> > > Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user
> > `traininguser'
> > > Feb 2 14:47:49 coastdr pam_winbind[2839]: user
> > > 'traininguser' granted acces
> > >
> > > the user is still logging out.
> > >
> > > incidentlally, when I log in as a unix user, rather than a
> > > win2k user I
> > > don't get anything in sys log. I've included my pam.conf below.
> > >
> > > Also, I checked for /etc/shells, no such file, and I have set
> > > my smb.conf
> > > shell line to
> > >
> > > template shell = /sbin/sh
> > >
> > > and also tried
> > >
> > > template shell = /usr/bin/sh
> > >
> > > both files exist.
> > >
> > > #
> > > # PAM configuration
> > > #
> > > # Authentication management
> > > #
> > > login auth sufficient
> > /usr/lib/security/libpam_unix.1 debug
> > > login auth sufficient /usr/lib/security/libpam_winbind.1
> > > debug
> > > #login auth sufficient
> > /usr/lib/security/libpam_smb.1 nolocal
> > > debug
> > > su auth required /usr/lib/security/libpam_unix.1 debug
> > > dtlogin auth required /usr/lib/security/libpam_unix.1 debug
> > > dtaction auth required /usr/lib/security/libpam_unix.1 debug
> > > ftp auth required /usr/lib/security/libpam_unix.1 debug
> > > OTHER auth required /usr/lib/security/libpam_unix.1 debug
> > > #
> > > # Account management
> > > #
> > > login account sufficient
> > /usr/lib/security/libpam_unix.1 debug
> > > login account sufficient /usr/lib/security/libpam_winbind.1
> > > debug
> > > su account required
> > /usr/lib/security/libpam_unix.1 debug
> > > dtlogin account required
> > /usr/lib/security/libpam_unix.1 debug
> > > dtaction account required
> > /usr/lib/security/libpam_unix.1 debug
> > > ftp account required
> > /usr/lib/security/libpam_unix.1 debug
> > > #
> > > OTHER account required
> > /usr/lib/security/libpam_unix.1 debug
> > > #
> > > # Session management
> > > #
> > > login session sufficient
> > /usr/lib/security/libpam_unix.1 debug
> > > login session sufficient /usr/lib/security/libpam_winbind.1
> > > debug
> > > dtlogin session required
> > /usr/lib/security/libpam_unix.1 debug
> > > dtaction session required
> > /usr/lib/security/libpam_unix.1 debug
> > > OTHER session required
> > /usr/lib/security/libpam_unix.1 debug
> > > #
> > > # Password management
> > > #
> > > login password sufficient
> > /usr/lib/security/libpam_unix.1 debug
> > > login password sufficient /usr/lib/security/libpam_winbind.1
> > > debug
> > > passwd password required
> > /usr/lib/security/libpam_unix.1 debug
> > > passwd password required /usr/lib/security/libpam_winbind.1
> > > debug
> > > dtlogin password required
> > /usr/lib/security/libpam_unix.1 debug
> > > dtaction password required
> > /usr/lib/security/libpam_unix.1 debug
> > > OTHER password required
> > /usr/lib/security/libpam_unix.1 debug
> > >
> > > Cheers
> > >
> > > Miles
> > >
> > > -----Original Message-----
> > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
> > > Sent: Saturday, 1 February 2003 04:53 a.m.
> > > To: 'John H Terpstra'; Miles Roper
> > > Cc: 'samba-technical at lists.samba.org';
> 'samba at lists.samba.org'; Esh,
> > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON
> > > (HP-USA,ex1); 'Richard Sharpe'
> > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> > Please Help
> > >
> > >
> > > Hi, Miles,
> > > Actually on HP-UX, you will need to add the word 'debug' at
> > > the end of each
> > > of
> > > the lines in you /etc/pam.conf file, to enable more debugging
> > > to go into the
> > >
> > > /var/adm/syslog/syslog.log file.
> > >
> > > One thing that I have seen something like this happen on
> is if the
> > > /etc/shells file is corrupt, or if the shell that is defined
> > > for the user
> > > (since they don't have a /etc/passwd entry, this would be
> > > whatever you put
> > > in
> > > template in the smb.conf) does not exactly match one of
> the lines in
> > > /etc/shells,
> > > or the defaults, if this file does not exist.
> > > The defaults for 11.0 are:
> > >
> > >
> > >
> > > /sbin/sh
> > > /usr/bin/sh
> > > /usr/bin/rsh
> > > /usr/bin/ksh
> > > /usr/bin/rksh
> > > /usr/bin/csh
> > > /usr/bin/keysh
> > >
> > > Hope this helps,
> > > Don
> > > > -----Original Message-----
> > > > From: John H Terpstra [mailto:jht at samba.org]
> > > > Sent: Friday, January 31, 2003 1:36
> > > > To: Miles Roper
> > > > Cc: 'samba-technical at lists.samba.org';
> > 'samba at lists.samba.org'; Esh,
> > > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1);
> > 'MCCALL,DON
> > > > (HP-USA,ex1)'; 'Richard Sharpe'
> > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> > > Please Help
> > > >
> > > >
> > > > On Fri, 31 Jan 2003, Miles Roper wrote:
> > > >
> > > > > Hi Everyone,
> > > > >
> > > > > I'm forgetting about the password one at the moment, thanks
> > > > for all your
> > > > > input :o)
> > > > >
> > > > > I still don't have a clue how to solve my main problem.
> > > > I'm assuming that
> > > > > its not actually winbind related now, as I've recently
> > > > tried pam_smb and get
> > > > > the same basic problem.
> > > > >
> > > > > Basically, when I log into the UNIX box, the
> > > > username/password of a NT user
> > > > > is being authenticated, but doesn't actually log in. It
> > > > doesn't get past
> > > > > the password line. I know it accepts the password. Its
> > > > almost as if it
> > > > > can't find the shell. But the template variable is set
> > > > within the smb.conf
> > > > > file. Permissions are fine. I have exactly the same
> > > > problem with the
> > > > > pam_smb module.
> > > >
> > > > So what does PAM report into your /var/log files?
> > > >
> > > > Have you tried adding to each line in your /etc/pam.d/login
> > > > (after the .so
> > > > file name) the word 'audit' - this will increase the volume
> > > > of debugging
> > > > info spit out into /var/log/messages, or wherever PAM send
> > > > this on your
> > > > distro.
> > > >
> > > > - John T.
> > > >
> > > > >
> > > > > If there is any further information I can send let me know.
> > > > >
> > > > > Ideas?
> > > > >
> > > > > Thanks
> > > > >
> > > > > Miles
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
> > > > > Sent: Friday, 31 January 2003 07:06 a.m.
> > > > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide
> > > > > Cc: 'samba at lists.samba.org'; Esh, Andrew; Miles Roper;
> > > > > 'samba-technical at lists.samba.org'; 'Richard Sharpe'
> > > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> > > > Please Help
> > > > >
> > > > >
> > > > > Hi Everyone,
> > > > > This whole problem with the password command not working
> > > > when winbind
> > > > > is included as a method in the nsswitch.conf can probably
> > > > be worked around
> > > > > by simply using the -r files (or -r nis or -r nisplus)
> > > > switch. Take a look
> > > > > at the man page for passwd on HP-UX 11.x and see if this
> > > > won't help you
> > > > > out.
> > > > > Hope this helps,
> > > > > Don
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Michael Steffens [mailto:michael.steffens at hp.com]
> > > > > > Sent: Tuesday, January 28, 2003 11:52
> > > > > > To: Ronan Waide
> > > > > > Cc: 'samba at lists.samba.org'; Esh, Andrew; Miles Roper;
> > > > > > 'samba-technical at lists.samba.org'; 'Richard Sharpe'
> > > > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally
> > > > Stuck, Please Help
> > > > > >
> > > > > >
> > > > > > Ronan Waide wrote:
> > > > > > > On January 28, Andrew_Esh at adaptec.com said:
> > > > > > >
> > > > > > >>I don't have HPUX, so I don't know what to suggest for
> > > > > > that. I just know
> > > > > > >>getent won't work without winbindd in nsswitch.conf
> > on Linux.
> > > > > > >
> > > > > > >
> > > > > > > I think the point that was being made is that NSS support
> > > > > > on HPUX only
> > > > > > > supports a few known types, of which one is LDAP. The
> > > > discussion was
> > > > > > > basically about faking out the system so that what it
> > > > thinks is LDAP
> > > > > > > is actually winbind.
> > > > > >
> > > > > > Yep. It's a HP-UX specific workaround. Please ignore it
> > > > > > everywhere else.
> > > > > >
> > > > > > Michael
> > > > > >
> > > > > >
> > > > >
> > > >
> > > > --
> > > > John H Terpstra
> > > > Email: jht at samba.org
> > > >
> > >
> >
>
More information about the samba-technical
mailing list