Just another Winbind problem ;)

Sean O'Grady sean.ogrady at sheridanc.on.ca
Mon Oct 22 13:44:15 GMT 2001


	I've done a 2.2.2 install from source on a Debian Woody release and
have hit a wall (configure --with-winbind  --with-pam). I've followed
the Winbind setup doc and everything seems to have gone ok except I am
not able to get Domain User or Group information from the DC.

I did the smb.conf setup for winbindd with -- 

        ### WINBIND STUFF
        winbind separator = +
        winbind uid = 1001-20000
        winbind gid = 1001-20000
        winbind enum users = yes
        winbind enum groups = yes
        template shell = /bin/tcsh
        winbind cache time = 10

        security = domain
        password server = myhost
        workgroup = MYDOMAIN

I am able to join the computer to the domain successfully and a wbinfo
-t reports that the secret is good. However when I do a wbinfo -u or a
wbinfo -g I recieve "Error looking up domain users" or "Error looking up
domain groups". 

The pam.d files have been modified to include --

auth            sufficient    /lib/security/pam_winbind.so
account         required        /lib/security/pam_winbind.so

Which I believe is all that was required to be added for PAM. I've also
made sure that /lib/libnss_winbind.so and the symlink are there and
modified /etc/nsswitch.conf accordingly.

I've run winbindd in debug mode attached to the terminal to see if
something *pops up* at me and I did notice some moody behaviour being

I run winbindd -d 10 -i 

and send

wbinfo -t

I see this on the terminal 

contacting controller MYSERVER to check secret --

secret is good
read failed on sock 10, pid 5623: EOF

Also something similiar happens with the wbinfo -u call --

accepted socket 10
[ 5622]: list users
read failed on sock 10, pid 5622: EOF

and with the wbinfo -g call --

accepted socket 10
[ 5626]: list groups
read failed on sock 10, pid 5626: EOF

The error "read failed" appears to be telling me something, but I don't
believe that I'm getting it ;)

The extremely weird part of the matter is that the call wbinfo -n
username actually returns a valid SID from the DC and sending the SID
back returns the DOMAIN+username value for that SID, although the "read
failed" message still appears in the debug messafes while doing this.

Any thoughts, questions, suggestions or help offered is appreciated.


Sean O'Grady
Information Technology - SS
Sheridan College
905-845-9430 x. 2166
sean.ogrady at sheridanc.on.ca

More information about the samba mailing list