4.2rc2 and winbindd

Rowland Penny repenny241155 at gmail.com
Mon Oct 20 08:08:29 MDT 2014 

On 20/10/14 14:45, David Mansfield wrote:
>
> On 10/20/2014 08:46 AM, Rowland Penny wrote:
>> On 20/10/14 13:34, Michael Adam wrote:
>>> Hi Rowland,
>>>
>>> On 2014-10-20 at 13:07 +0100, Rowland Penny wrote:
>>>> On 20/10/14 12:44, Michael Adam wrote:
>>>>> Ok. I think the DC-with-winbindd scenario is special here,
>>>>> just need to understand, how so.
>>>> I thought that the whole idea of changing 'winbind' to 'winbindd'
>>>> was to get all the benefits of the established winbind without
>>>> having to do anything special, you are now saying that 'Something
>>>> special' may be required, if this is the case, just what is required
>>>> ????
>>> There are several points for using winbindd.
>>> Here are the two (imho) most important ones:
>>>
>>> - Make use of winbindd's ability to speak to other domains
>>>    (the winbind internal samba component can't), hence enabling
>>>    support for trusts!
>>>
>>> - Don't maintain two winbind implementations but just one.
>>>
>>> That being said, winbindd is avery versatile, flexible tool
>>> that can be configured in various ways. So similar to the
>>> mode of samba starting smbd for file serving, which also
>>> enforces several parameters for the running smbd (which reflects
>>> the special purpose for which smbd is run, namely to serve
>>> SMB in a DC setup), I could imagine that samba enforces
>>> several parameters to reflect the special situation.
>>> That's what I meant with special.
>>> I have not found anything special though with a brief look at
>>> the code.
>>>
>>> But that being said, of course things should work in the DC
>>> setup, and you have most certainly found a problem.
>>> Since I did not have the time yet to dig deeper, I don't know
>>> the answer yet. So we'll need to do more testing / digging until
>>> we find it or possibly Andrew can shed some light.
>>>
>>> We should have some nss-level test also in our selftest.
>>> (If this is not the case, then it needs to be added...)
>>> The samba-setup for this test (from the selftest provisioning
>>> code) would tell us how to proceed.
>>> (Just trying to give a few hints as to where I would look next
>>> if I had the time right now..)
>>>
>>> Cheers - Michael
>>>
>> Hi Michael, I have the feeling that you would like me to compile 
>> samba again, this is not a problem except I haven't a clue just how 
>> to configure the build and then how do I carry out any tests. ?
>>
>> Rowland
>>
> Hi Rowland,
>
> Just a stab in the dark: with the "old" winbind-on-DC approach (4.0, 
> 4.1) you had to use the libnss_winbind.so that was built during 
> compile, which in my case involved symlinking the shared objects into 
> the /lib64 directory (on centos6). This was not done by "make 
> install".  Is it possible you are using the "old" libraries still?
>
Good thought, but unfortunately wrong ;-)

I installed samba4 from backports, then ignored it, built samba4.2rc2, 
altered /etc/init.d/samba-ad-dc to use the samba daemon in 
/usr/local/samba/sbin, updated PATH and then tried wbinfo, all ok so 
tried getent, got nothing. remembered having to create the symlinks from 
when I did compile samba4, so copied the ones I compiled to where the 
ones apt-get had installed and getent burst into life, but it just 
doesn't display the users home directory or login shell.

Bug report made:

https://bugzilla.samba.org/show_bug.cgi?id=10886

Rowland

More information about the samba-technical mailing list