[Samba] getent not working correctly

Sean Patrick Ingles ingless at visionsys.com
Mon Nov 4 16:03:58 GMT 2002 

I verified that the libraries were in the /lib folder and symlinked, and here is the output from ldconfig: 

[root at tux samba]# ldconfig -v | grep winbind
        libnss_winbind.so -> libnss_winbind.so

I restarted winbindd and typed "getent passwd" and it just lists my local passwords and hangs.

Nothing is generated in my log.winbindd when I do this either.

I am also noticing that _occasionally_ the box will not allow anyone to login until after I kill winbindd...

For reference, here is my /etc/pam.d/login:

[root at tux pam.d]# cat login
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/security/pam_unix.so use_first_pass
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so
[root at tux pam.d]#

Here is what I have for my smb.conf as well:

[root at tux pam.d]# cat /usr/local/samba/lib/smb.conf
[global]
         workgroup = VSIONLINE
         server string = Samba %v -- TEST --
         security = domain
         password server = vsi-vsi-albany
         winbind uid = 10000-20000
         winbind gid = 10000-20000
         winbind separator = +
         winbind cache time = 10
         winbind enum users = Yes
         winbind enum groups = Yes
[root at tux pam.d]#

-SP

-----Original Message-----
From: Noel Kelly [mailto:nkelly at citrusnetworks.net] 
Sent: Monday, November 04, 2002 10:39 AM
To: Sean Patrick Ingles; Hall, Ken (ECSS); samba at samba.org
Subject: RE: [Samba] getent not working correctly


Have you copied libnss_winbind.so from the nsswitch directory to /lib ? Also make a soft link to  /lib/libnss_winbind.so.2 and then run 'ldconfig -v
| grep winbind' to make sure the libraries are picked up.

Restart winbind and watch your log.winbindd for messages as you run getent.

HTH
Noel

-----Original Message-----
From: Sean Patrick Ingles [mailto:ingless at visionsys.com]
Sent: 04 November 2002 15:19
To: Hall, Ken (ECSS); samba at samba.org
Subject: RE: [Samba] getent not working correctly


Here is my /etc/nsswitch.conf (abbreviated):

passwd:     files winbind
shadow:     files winbind
group:      files winbind

I first start smbd -D and nmbd -D

Then I start winbindd

Then I join the domain (smbpasswd -j DOMAIN -r DOMAINCONTROLLER -U
Administrator) It works

Then I check my Secret (wbinfo -t) and it's good

Then I list users and groups (wbinfo -u and wbinfo -g) and it works fine

However I still cannot get "getent passwd" and "getent group" working.

I am 100% stumped

-SP

-----Original Message-----
From: Hall, Ken (ECSS) [mailto:KeHall at exchange.ml.com] 
Sent: Friday, November 01, 2002 12:55 PM
To: samba at samba.org
Subject: RE: [Samba] getent not working correctly


Did you reboot after starting winbindd?

Either do that, or try looking for the nameserver cache daemons (nscd), and kill them all.  (Don't worry, they'll restart.)

I had the same problem with nss_ldap, and it drove me NUTS till I found out about the cache mechanism.

> -----Original Message-----
> From: Noel Kelly [mailto:nkelly at citrusnetworks.net]
> Sent: Friday, November 01, 2002 12:46 PM
> To: 'Sean Patrick Ingles'; samba at samba.org
> Subject: RE: [Samba] getent not working correctly
> 
> 
> You need getent to work.  This is really how Unix actually does the
> authenticating - winbind is just the conduit to the M$ database.
> 
> Have you edited your /etc/nsswitch.conf correctly?  You need:
> 
> passwd:     files winbind nisplus
> shadow:     files winbind nisplus
> group:      files winbind nisplus
> 
> This will make Unix call winbind when looking for users/groups (this 
> the mechanism that getent passwd/group runs).
> 
> HTH,
> Noel
>        
> 
> -----Original Message-----
> From: Sean Patrick Ingles [mailto:ingless at visionsys.com]
> Sent: 01 November 2002 15:41
> To: samba at samba.org
> Subject: [Samba] getent not working correctly
> 
> 
> Hello again!
> 
> Ok, I've gotten wbinfo -u and wbinfo -g working great
> 
> Now I try to run getent passwd and getent group I get my local 
> users/groups but not the ones on the Windows 2k Server Domain 
> Controller and it just
> hangs after listing the local ones.
> 
> I also tried authenticating a user and it worked I'm assuming
> 
> wbinfo -a DOMAIN+ingless at DOMAIN%"password" (The usernames here have
> user at domain due to some M$ Active-Directory thing...) plaintext 
> password authentication succeeded challenge/response password
> authentication failed
> Could not authenticate user DOMAIN+ingless at DOMAIN%"password" with
> challenge/response
> 
> Do I need getent working, or is it safe to assume everything is 
> functioning normally now?
> 
> Thanks!
> 
> -SP
> 
> ===========================================================
>  
>    \        /   ____/    / Sean Patrick Ingles
>     \      /   /        / Jr. Network Engineer
>      \    /   ___ /    /
>       \  /       /    / Vision Systems, Inc.
>       __/   ____/   _/ 142 State Street
>                        Albany, NY 12207
>     www.visionsys.com   Landline: +1 518.434.4300 x1406
>   ingless at visionsys.com  Fax: +1 518.434.4304
>  
> ==========================================================
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
>  
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.408 / Virus Database: 230 - Release Date: 24/10/2002
>  
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002

More information about the samba mailing list