[Samba] Winbind on HPUX11, Totally Stuck, Please Help

Michael Steffens michael.steffens at hp.com
Tue Jan 28 08:34:16 GMT 2003

Hi Miles,

Miles Roper wrote:
> Hi Drew,
> No luck.
> Pretty much done all that, still get all the same problems
> That site was pretty good though :o)

There is one thing missing, however. If you fake winbind NSS to be
ldap, exported constructor names in winbind_nss_solaris.c also need
to be adjusted:

   _nss_winbind_passwd_constr  ->  _nss_ldap_passwd_constr
   _nss_winbind_group_constr  ->  _nss_ldap_group_constr

Just redirecting the symlink doesn't do.  Hmm, this tweaking
of winbind NSS constructors is awful, changing from correct to
wrong. :(

This is what I did:

  1. Create a copy of winbind_nss_solaris.c with a descriptive
     name, like winbind_nss_solaris_fakeldap.c

  2. Do constructor replacements descriped above in the copy

  3. Build shared library with a descriptive name, like

       make nsswitch/winbind_nss_solaris_fakeldap.po \
            nsswitch/winbind_nss.po nsswitch/wb_common.po
       ld -b -B symbolic +h libnss_winbind_fakeldap.1 -o nsswitch/libnss_winbind_fakeldap.1 \
            nsswitch/winbind_nss_solaris_fakeldap.po nsswitch/winbind_nss.po \
            nsswitch/wb_common.po -lc

  4. Create symlink in /usr/lib

       libnss_ldap.1 -> libnss_winbind_fakeldap.1

     and leave original libnss_winbind.1 as it is.

This way gives a hint to administrators/supporters about what has
been tweaked, and it allows to revert the hack easily once the
conflict with libpam_unix.1 has been resolved.

> Does anyone have an idea about the shell logging in?  Why do I keep on 
> getting logged out?  Does the home directory need to be created, does it 
> need a .profile?  What about the permissions?  I've tried creating one 
> world writeable but no luck.

I did not see any dependeny to the home directory. If it doesn't
exist, or is not accessible, the user just gets a warning and is
being put to '/'.

But the login shell is important ("template shell" parameter).
If the shell doesn't exist, or happens to be /usr/bin/false,
you will get logged off immediately.


More information about the samba-technical mailing list