Just another Winbind problem ;)

Sean O'Grady sean.ogrady at sheridanc.on.ca
Mon Oct 22 13:44:15 GMT 2001


Greetings,

	I've done a 2.2.2 install from source on a Debian Woody release and
have hit a wall (configure --with-winbind  --with-pam). I've followed
the Winbind setup doc and everything seems to have gone ok except I am
not able to get Domain User or Group information from the DC.

I did the smb.conf setup for winbindd with -- 

        ### WINBIND STUFF
        winbind separator = +
        winbind uid = 1001-20000
        winbind gid = 1001-20000
        winbind enum users = yes
        winbind enum groups = yes
        template shell = /bin/tcsh
        winbind cache time = 10

        security = domain
        password server = myhost
        workgroup = MYDOMAIN

I am able to join the computer to the domain successfully and a wbinfo
-t reports that the secret is good. However when I do a wbinfo -u or a
wbinfo -g I recieve "Error looking up domain users" or "Error looking up
domain groups". 

The pam.d files have been modified to include --

auth            sufficient    /lib/security/pam_winbind.so
account         required        /lib/security/pam_winbind.so

Which I believe is all that was required to be added for PAM. I've also
made sure that /lib/libnss_winbind.so and the symlink are there and
modified /etc/nsswitch.conf accordingly.

I've run winbindd in debug mode attached to the terminal to see if
something *pops up* at me and I did notice some moody behaviour being
reported.

I run winbindd -d 10 -i 

and send

wbinfo -t

I see this on the terminal 

contacting controller MYSERVER to check secret --

secret is good
read failed on sock 10, pid 5623: EOF

Also something similiar happens with the wbinfo -u call --

accepted socket 10
[ 5622]: list users
read failed on sock 10, pid 5622: EOF

and with the wbinfo -g call --

accepted socket 10
[ 5626]: list groups
read failed on sock 10, pid 5626: EOF


The error "read failed" appears to be telling me something, but I don't
believe that I'm getting it ;)


The extremely weird part of the matter is that the call wbinfo -n
username actually returns a valid SID from the DC and sending the SID
back returns the DOMAIN+username value for that SID, although the "read
failed" message still appears in the debug messafes while doing this.

Any thoughts, questions, suggestions or help offered is appreciated.

Thanks,
Sean

--
Sean O'Grady
Information Technology - SS
Sheridan College
905-845-9430 x. 2166
sean.ogrady at sheridanc.on.ca




More information about the samba mailing list