[Samba] Winbind trouble. Wbinfo see's users, "getent passwd"
doesn't
dj at 4ict.com
dj at 4ict.com
Wed Jul 24 12:13:03 GMT 2002
On Wed, 24 Jul 2002, Colin Davis wrote:
> Our workstations are authenticating off of the domain, which has a Primary
> Domain Controller of HOTT-Main. I want to create several shared folders that
> any one can write to, for dumping files, but also several directories that
> are user-specific.
> This means that I need to import the NT4 domain list. I'm using winbind to
> try to do this, but having some trouble.
>
> I set up both Samba and Winbind, but I don't think that winbind is working
> correctly, and I'm trying to figure out what I missed.
> when I do a "wbinfo -u"
> I get a list get a list of domain users, but "getent passwd" it just lists
> the unix users, and not the NT users.
> What adds to my confusion is that the groups (including the domain groups!)
> can be listed with "getent group"
If you get the users using wbinfo but not using getent then there is
something wrong with the nis part of winbind. Winbind itself
(smb.conf,...) is working.
> Do you have any suggestions on why this might be happening? Could it be
> because I'm using shadow passwords?
No, the use of shadow passwords or not should not matter. For the linux
system it is a extra way to find users, not changing the exsisting one.
> (I'm having a hard time figuring out what is wrong, and it's starting to
> become tempting to just write a perl script to parse the "wbinfo -u" info,
> and put it into the /etc/passwd file, but that seems unnecessarily messy)
There should be no need of this.
> My smb.conf looks like the following
>
> [global]
> password server = *
> wins server = {ip address of wins server}
> remote announce = {ip address of wins server}
> winbind uid = 10000-20000
> security = domain
> encrypt passwords = Yes
> winbind separator = +
> template shell = /bin/bash
> server string = Fileshare
> workgroup = DOMAINNAME
> winbind gid = 10000-20000
> winbind enum groups = yes
> netbios name = Files
> winbind enum users = yes
>
> {shares go here}
Looks ok and probably is because wbinfo works.
> /etc/nsswitch.conf contains
>
> passwd: files windbind
> shadow: files nisplus
> group: files winbind
Also ok, checked it with a working wibind system
> /etc/pam.d/login looks like
> #%PAM-1.0
> auth required /lib/security/pam_securetty.so
> auth required /lib/security/pam_stack.so service=system-auth
> auth required /lib/security/pam_nologin.so
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session optional /lib/security/pam_console.so
> account sufficient /lib/security/pam_winbind.so
> session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
> umask=0022
>
> finally, /etc/pam.d/samba
>
> #%PAM-1.0
> auth required pam_securetty.so
> auth required pam_nologin.so
> auth sufficient pam_winbind.so
> auth required pam_pwdb.so use_first_pass shadow nullok
> account required pam_winbind.so service=system-auth
> session required pam_stack.so service=system-auth
> password required pam_stack.so service=system-auth
For the getent part not working PAM is not involved, so it shouldn't
matter. But the account line in /etc/pam.d/samba is wrong. Either only
pam.winbind.so or pam_stack.so service=system-auth.
I could make out from your mail what Linux distro you are using and how
you installed samba. But it looks like there is something wrong with
winbind nss library.
Check if both
/lib/libnss_winbind.so
/lib/libnss_winbind.so.2
are present on your system.
Regards,
Tim
--
===========================================================================
Tim Verhoeven
Linux & Open Source Specialist
GSM : 0496 / 693 453 + e-business solutions
Email : dj at 4ict.com + consulting
URL : www.sin.khk.be/~dj/ + Server consolidation
===========================================================================
More information about the samba
mailing list