[Samba] Winbind trouble. Wbinfo see's users, "getent passwd" doesn't

Wed Jul 24 10:01:43 GMT 2002

I'm trying to set up a new fileshare, to replace an aging NT4 machine we've
been using for far too long.
I'd like to run Linux (RedHat 7.3) on the machine.

Basically, I'm trying to create a fileshare "files" that people can
transparently log in to from NT4 and Windows 2000 workstations. My boss has
approved the use of Linux for the server, but only if I can make it
transparent to the users.
(which means that they shouldn't need to enter anything special to use it.
just the standard domain username/password)

Our workstations are authenticating off of the domain, which has a Primary
Domain Controller of HOTT-Main. I want to create several shared folders that
any one can write to, for dumping files, but also several directories that
are user-specific.
This means that I need to import the NT4 domain list. I'm using winbind to
try to do this, but having some trouble. 

I set up both Samba and Winbind, but I don't think that winbind is working
correctly, and I'm trying to figure out what I missed.
when I do a "wbinfo -u" 
I get a list get a list of domain users, but "getent passwd" it just lists
the unix users, and not the NT users.
What adds to my confusion is that the groups (including the domain groups!)
can be listed with "getent group"

Do you have any suggestions on why this might be happening? Could it be
because I'm using shadow passwords?
I'd appreciate any advice you could offer.

(I'm having a hard time figuring out what is wrong, and it's starting  to
become tempting to just write a perl script to parse the "wbinfo -u" info,
and put it into the /etc/passwd file, but that seems unnecessarily messy)

My smb.conf looks like the following 

[global]
        password server = *
        wins server = {ip address of wins server}
        remote announce = {ip address of wins server}
        winbind uid = 10000-20000
        security = domain
        encrypt passwords = Yes
        winbind separator = +
        template shell = /bin/bash
        server string = Fileshare
        workgroup = DOMAINNAME
        winbind gid = 10000-20000
        winbind enum groups = yes
        netbios name = Files
        winbind enum users = yes

{shares go here}

/etc/nsswitch.conf contains

passwd:     files windbind
shadow:     files  nisplus
group:      files winbind

/etc/pam.d/login looks like
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so
account   sufficient /lib/security/pam_winbind.so
session   required   /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022

finally, /etc/pam.d/samba

#%PAM-1.0
auth       required     pam_securetty.so
auth       required     pam_nologin.so
auth       sufficient   pam_winbind.so
auth       required     pam_pwdb.so use_first_pass shadow nullok
account    required     pam_winbind.so  service=system-auth
session    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth