Samba 2.2.2 / PAM / Winbind

Josh Konkol susesambaboy at yahoo.com
Wed Jan 9 08:47:02 GMT 2002 

Don,

Thanks for the advice.

wbinfo -u and -g work like they're supposed to
However, below are the results if -a  ( I have x'd out the password)

linux20:~ # /usr/local/samba/bin/wbinfo -a prfmstr2+$ejwk%xxxxxxxxx
plaintext password authentication failed
Could not authenticate user prfmstr2+%xxxxxxxxx with plaintext password
challenge/response password authentication failed
Could not authenticate user prfmstr2+%xxxxxxxx with challenge/response

I did try this on a working instance and got the exact same response.

Any ideas ??


On Wednesday 09 January 2002 10:20, MCCALL,DON (HP-USA,ex1) wrote:
> Hi Josh,
> If getent is showing your NT domain users as well as your local
> ones, then the libnss_winbind.so IS working.  So that part
> apparently is ok.
> Try using wbinfo -u
> and wbinfo -g
> to make sure that it also gives you your NT users and groups.
> then try
> wbinfo -a prfmstr2+ejwk%<whatever your password is>
> and see what that gives you.
> Don
>
> -----Original Message-----
> From: Josh Konkol [mailto:susesambaboy at yahoo.com]
> Sent: Wednesday, January 09, 2002 8:38 AM
> To: MCCALL,DON (HP-USA,ex1); Samba List
> Subject: Re: Samba 2.2.2 / PAM / Winbind
>
>
> Thank you for your reply,
>
> You are thinking along the same lines I am.  I am suspicious of the
> NSSWITCH.CONF file also.  I have verified that they are exactly the same. 
> I
>
> have even gone as far as to take the file from the working instance and
> copy
>
> it to the broken one.  After re-starting the daemons, no luck still.
>
> I get an error when I run getpwent prfmstr2+$ejwk that says command not
> found.  However, I am able to run getent passwd and getent group, both
> return
> local and domain users and groups.
>
> I have verified the libnss_winbind.so file was copied to /lib and I have
> even
> re-compiled and copied the new one. (they ended up to be the same size so I
> know they're the same thing)
>
> I have re-joined the domain a couple of different ways.  The way that is
> working for me is to:
>
> Create local account using  ./smbpasswd -a -m LINUX20$
> Use Server Manager to add account to PRFMSTR2
> Join domain and sync Machine passwords using  ./smbpasswd -j PRFMSTR2 -r
> GIGDC1
>
> ANY other ideas ??
>
> TIA
>
> Josh Konkol
>
> On Tuesday 08 January 2002 16:26, MCCALL,DON (HP-USA,ex1) wrote:
> > Hi Josh;
> > Check your /etc/nsswitch.conf on the working system and the broken
> > system, and make sure that both have winbind as a method for looking up
> > passwd and group.
> > Verify that this part is working by
> > doing a getpwent prfmstr2+ejwk; it should come back with information
> > about the user.
> > Make sure that the winbindd daemon is actually running.
> > Also make sure that you copied the appropriate libnss_winbind.so to the
> > /usr/lib/... for your system.
> >
> > Finally, you may want to stop nmbd smbd and winbindd, and remove and
> > recreate the machine account in your PRFMSTR2 domain for the non working
> > samba installation, and then use smbpasswd -j prfmstr2 -r pdc-name  to
> > rejoin the domain, and try again.
> >
> > Hope this helps,
> > Don
> >
> >
> > -----Original Message-----
> > From: Josh Konkol [mailto:susesambaboy at yahoo.com]
> > Sent: Tuesday, January 08, 2002 4:25 PM
> > To: Samba List
> > Subject: Samba 2.2.2 / PAM / Winbind
> >
> >
> > We are running Suse 7.3 on an s/390 and trying to get the combination of
> > Samba 2.2.2 / PAM / Winbind to work.  I have multiple instances setup and
>
> I
>
> > have one that is working.  Problem is I can't get any other ones to work.
> > I
> >
> > have followed the exact same procedure yet I'm missing something.  I have
> > been struggling with this for some time and hope someone out there can
> > help.
> >
> > I have compared the two instances and the ONLY difference I'm seeing is
> > when
> >
> > the client tries to connect.
> >
> > In the log.smbd on the working instance I get the following:
> >
> >   Domain=[PRFMSTR2]  NativeOS=[Windows 2000 2195] NativeLanMan=[Windows
> > 2000
> >
> > 5.0]
> > [2002/01/08 09:16:58, 3] smbd/reply.c:reply_sesssetup_and_X(866)
> >   sesssetupX:name=[$ejwk]
> > [2002/01/08 09:16:58, 3] smbd/reply.c:reply_sesssetup_and_X(927)
> >   Using unix username PRFMSTR2+$ejwk
> > [2002/01/08 09:16:58, 3] libsmb/namequery.c:resolve_lmhosts(749)
> >   resolve_lmhosts: Attempting lmhosts lookup for name GIGDC1<0x20>
> >
> > In the log.smbd on the NOT working instance i get:
> >
> >   Domain=[PRFMSTR2]  NativeOS=[Windows 2000 2195] NativeLanMan=[Windows
> > 2000
> >
> > 5.0]
> > [2002/01/08 19:24:30, 3] smbd/reply.c:reply_sesssetup_and_X(866)
> >   sesssetupX:name=[$ejwk]
> > [2002/01/08 19:24:30, 3] libsmb/namequery.c:resolve_lmhosts(749)
> >   resolve_lmhosts: Attempting lmhosts lookup for name GIGDC1<0x20>
> >
> > To simplify this, in the working instance I can see it translating the
> > username to unix username PRFMSTR2+$ejwk, but this step is skipped in the
> > broken one.
> >
> > I suspect this is a PAM or NSSWITCH problem ?? I know it's something I
> > did/didn't do.
> >
> > ANY help is appreciated!!
> >
> > Josh Konkol, CNE MCSE
> >
> > _________________________________________________________
> > Do You Yahoo!?
> > Get your free @yahoo.com address at http://mail.yahoo.com
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

More information about the samba mailing list