Just another Winbind problem ;)
Sean O'Grady
sean.ogrady at sheridanc.on.ca
Mon Oct 22 13:44:15 GMT 2001
Greetings,
I've done a 2.2.2 install from source on a Debian Woody release and
have hit a wall (configure --with-winbind --with-pam). I've followed
the Winbind setup doc and everything seems to have gone ok except I am
not able to get Domain User or Group information from the DC.
I did the smb.conf setup for winbindd with --
### WINBIND STUFF
winbind separator = +
winbind uid = 1001-20000
winbind gid = 1001-20000
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/tcsh
winbind cache time = 10
security = domain
password server = myhost
workgroup = MYDOMAIN
I am able to join the computer to the domain successfully and a wbinfo
-t reports that the secret is good. However when I do a wbinfo -u or a
wbinfo -g I recieve "Error looking up domain users" or "Error looking up
domain groups".
The pam.d files have been modified to include --
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_winbind.so
Which I believe is all that was required to be added for PAM. I've also
made sure that /lib/libnss_winbind.so and the symlink are there and
modified /etc/nsswitch.conf accordingly.
I've run winbindd in debug mode attached to the terminal to see if
something *pops up* at me and I did notice some moody behaviour being
reported.
I run winbindd -d 10 -i
and send
wbinfo -t
I see this on the terminal
contacting controller MYSERVER to check secret --
secret is good
read failed on sock 10, pid 5623: EOF
Also something similiar happens with the wbinfo -u call --
accepted socket 10
[ 5622]: list users
read failed on sock 10, pid 5622: EOF
and with the wbinfo -g call --
accepted socket 10
[ 5626]: list groups
read failed on sock 10, pid 5626: EOF
The error "read failed" appears to be telling me something, but I don't
believe that I'm getting it ;)
The extremely weird part of the matter is that the call wbinfo -n
username actually returns a valid SID from the DC and sending the SID
back returns the DOMAIN+username value for that SID, although the "read
failed" message still appears in the debug messafes while doing this.
Any thoughts, questions, suggestions or help offered is appreciated.
Thanks,
Sean
--
Sean O'Grady
Information Technology - SS
Sheridan College
905-845-9430 x. 2166
sean.ogrady at sheridanc.on.ca
More information about the samba
mailing list