[Samba] getent not working / winbindd issues

Noel Kelly nkelly at citrusnetworks.net
Tue Nov 5 22:38:59 GMT 2002 

Sean,

You don't actually need PAM for Samba to act as a Windows file server
dipping into the NT domain lists with winbindd for authentication.

I would remove your PAM configuration stuff and see if that cures it.

I run several large Samba servers here which do file/print to domain users.
There is no adjusted PAM config.

HTH
Noel

-----Original Message-----
From: Sean Patrick Ingles [mailto:ingless at visionsys.com]
Sent: 05 November 2002 20:42
To: samba at samba.org
Subject: FW: [Samba] getent not working / winbindd issues


I was looking through all my SaMBa documentation with a fine-tooth comb,
and I noticed there is a line in the HOWTO, Section 12.4.3 "Pluggable
Authentication Modules" in the last paragraph it states: 

"PAM is configured by providing control files in the directory
/etc/pam.d/ for each of the services that require authentication. When
an authentication request is made by an application the PAM code in the
C library looks up this control file to determine what modules to load
to do the authentication check and in what order. This interface makes
adding a new authentication service for Winbind very easy, all that
needs to be done is that the pam_winbind.so module is copied to
/lib/security/ and the PAM control files for relevant services are
updated to allow authentication via winbind. See the PAM documentation
for more details."

What exactly are the "relevant services" for SaMBa?

I've only been updating the "/etc/pam.d/login" file.

Below is my original question, which remains un-answered and I can't
seem to find any solution to it :(

Looks like I'll just have to deploy this fileserver with 2 logins, 1 to
the domain and 1 to the fileserver :(

-SP


-----Original Message-----
From: Sean Patrick Ingles 
Sent: Tuesday, November 05, 2002 10:55 AM
To: samba at samba.org
Subject: [Samba] getent not working / winbindd issues




I first start smbd -D and nmbd -D

Then I start winbindd

Then I join the domain (smbpasswd -j DOMAIN -r DOMAINCONTROLLER -U
Administrator) It works

Then I check my Secret (wbinfo -t) and it's good

Then I list users and groups (wbinfo -u and wbinfo -g) and it works fine

However I still cannot get "getent passwd" and "getent group" working,
it just lists the local users or groups and hangs...

I verified that the libraries were in the /lib folder and symlinked, and
here is the output from ldconfig: 

[root at tux samba]# ldconfig -v | grep winbind
        libnss_winbind.so -> libnss_winbind.so

I restarted winbindd and typed "getent passwd" and it just lists my
local passwords and hangs.

Nothing is generated in my log.winbindd when I do this either.

I am also noticing that _occasionally_ the box will not allow anyone to
login until after I kill winbindd and sometimes winbindd locks up most
of the processor until I KILL -9 it.

uname -a: 

Linux tux.#########.net 2.4.19 #1 Fri Oct 25 15:39:52 EDT 2002 i686
unknown

Here is my /etc/nsswitch.conf (abbreviated):

passwd:     files winbind
shadow:     files winbind
group:      files winbind

Here is my smb.conf:

[global]
         workgroup = vsionline
         server string = Samba %v -- TEST --
         security = domain
         password server = vsi-vsi-albany
         winbind uid = 10000-20000
         winbind gid = 10000-20000
         winbind separator = +
         winbind cache time = 10
         winbind enum users = Yes
         winbind enum groups = Yes

For reference, here is my /etc/pam.d/login:

[root at tux pam.d]# cat login
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/security/pam_unix.so use_first_pass
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so
[root at tux pam.d]#

Any assistance anyone can provide will be much appreciated!

-SP


===========================================================
 
   \        /   ____/    / Sean Patrick Ingles
    \      /   /        / Jr. Network Engineer
     \    /   ___ /    / 
      \  /       /    / Vision Systems, Inc.
      __/   ____/   _/ 142 State Street
                       Albany, NY 12207
    www.visionsys.com   Landline: +1 518.434.4300 x1406
  ingless at visionsys.com  Fax: +1 518.434.4304
 
==========================================================
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002

More information about the samba mailing list