Samba 2.2.2 / PAM / Winbind

MCCALL,DON (HP-USA,ex1) don_mccall at hp.com
Wed Jan 9 08:24:06 GMT 2002


Hi Josh,
If getent is showing your NT domain users as well as your local
ones, then the libnss_winbind.so IS working.  So that part
apparently is ok.
Try using wbinfo -u
and wbinfo -g
to make sure that it also gives you your NT users and groups.
then try 
wbinfo -a prfmstr2+ejwk%<whatever your password is>
and see what that gives you.
Don

-----Original Message-----
From: Josh Konkol [mailto:susesambaboy at yahoo.com]
Sent: Wednesday, January 09, 2002 8:38 AM
To: MCCALL,DON (HP-USA,ex1); Samba List
Subject: Re: Samba 2.2.2 / PAM / Winbind


Thank you for your reply,

You are thinking along the same lines I am.  I am suspicious of the 
NSSWITCH.CONF file also.  I have verified that they are exactly the same.  I

have even gone as far as to take the file from the working instance and copy

it to the broken one.  After re-starting the daemons, no luck still.

I get an error when I run getpwent prfmstr2+$ejwk that says command not 
found.  However, I am able to run getent passwd and getent group, both
return 
local and domain users and groups.

I have verified the libnss_winbind.so file was copied to /lib and I have
even 
re-compiled and copied the new one. (they ended up to be the same size so I 
know they're the same thing)

I have re-joined the domain a couple of different ways.  The way that is 
working for me is to:

Create local account using  ./smbpasswd -a -m LINUX20$
Use Server Manager to add account to PRFMSTR2
Join domain and sync Machine passwords using  ./smbpasswd -j PRFMSTR2 -r 
GIGDC1

ANY other ideas ??

TIA

Josh Konkol


On Tuesday 08 January 2002 16:26, MCCALL,DON (HP-USA,ex1) wrote:
> Hi Josh;
> Check your /etc/nsswitch.conf on the working system and the broken system,
> and make sure that both have winbind as a method for looking up passwd and
> group.
> Verify that this part is working by
> doing a getpwent prfmstr2+ejwk; it should come back with information about
> the user.
> Make sure that the winbindd daemon is actually running.
> Also make sure that you copied the appropriate libnss_winbind.so to the
> /usr/lib/... for your system.
>
> Finally, you may want to stop nmbd smbd and winbindd, and remove and
> recreate the machine account in your PRFMSTR2 domain for the non working
> samba installation, and then use smbpasswd -j prfmstr2 -r pdc-name  to
> rejoin the domain, and try again.
>
> Hope this helps,
> Don
>
>
> -----Original Message-----
> From: Josh Konkol [mailto:susesambaboy at yahoo.com]
> Sent: Tuesday, January 08, 2002 4:25 PM
> To: Samba List
> Subject: Samba 2.2.2 / PAM / Winbind
>
>
> We are running Suse 7.3 on an s/390 and trying to get the combination of
> Samba 2.2.2 / PAM / Winbind to work.  I have multiple instances setup and
I
> have one that is working.  Problem is I can't get any other ones to work. 
> I
>
> have followed the exact same procedure yet I'm missing something.  I have
> been struggling with this for some time and hope someone out there can
> help.
>
> I have compared the two instances and the ONLY difference I'm seeing is
> when
>
> the client tries to connect.
>
> In the log.smbd on the working instance I get the following:
>
>   Domain=[PRFMSTR2]  NativeOS=[Windows 2000 2195] NativeLanMan=[Windows
> 2000
>
> 5.0]
> [2002/01/08 09:16:58, 3] smbd/reply.c:reply_sesssetup_and_X(866)
>   sesssetupX:name=[$ejwk]
> [2002/01/08 09:16:58, 3] smbd/reply.c:reply_sesssetup_and_X(927)
>   Using unix username PRFMSTR2+$ejwk
> [2002/01/08 09:16:58, 3] libsmb/namequery.c:resolve_lmhosts(749)
>   resolve_lmhosts: Attempting lmhosts lookup for name GIGDC1<0x20>
>
> In the log.smbd on the NOT working instance i get:
>
>   Domain=[PRFMSTR2]  NativeOS=[Windows 2000 2195] NativeLanMan=[Windows
> 2000
>
> 5.0]
> [2002/01/08 19:24:30, 3] smbd/reply.c:reply_sesssetup_and_X(866)
>   sesssetupX:name=[$ejwk]
> [2002/01/08 19:24:30, 3] libsmb/namequery.c:resolve_lmhosts(749)
>   resolve_lmhosts: Attempting lmhosts lookup for name GIGDC1<0x20>
>
> To simplify this, in the working instance I can see it translating the
> username to unix username PRFMSTR2+$ejwk, but this step is skipped in the
> broken one.
>
> I suspect this is a PAM or NSSWITCH problem ?? I know it's something I
> did/didn't do.
>
> ANY help is appreciated!!
>
> Josh Konkol, CNE MCSE
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




More information about the samba mailing list