[Samba] RE: Winbind on HPUX 11, some small progress

Miles Roper mroper at westcoastdhb.org.nz
Thu Feb 6 20:45:29 GMT 2003


so where to from now?

do you think it would be useful to install the compiled one for HPUX one
from samba ftp?

just a note, I've been tring to get this to work for at least a year, since
winbind was first included in winbind, this time I'm determined I'm going to
get it working :o)

-----Original Message-----
From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
Sent: Friday, 7 February 2003 09:37 a.m.
To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1);
samba-technical at lists.samba.org; 'samba at lists.samba.org'; 'Esh, Andrew';
'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe';
'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1)
Subject: RE: Winbind on HPUX 11, some small progress


ps, the fact that get getpwent and getent programs that you are running do
NOT 
return any output indicate that the issue is probably with the
libnss_winbind.so
on your system..
Don

> -----Original Message-----
> From: Miles Roper [mailto:mroper at westcoastdhb.org.nz]
> Sent: Thursday, February 06, 2003 15:31
> To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical at lists.samba.org;
> 'samba at lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide';
> michael_steffens at bbn.exch.hp.com; 'Richard Sharpe'; 'John H Terpstra';
> GILCHRIST,KIM (HP-NewZealand,ex1)
> Subject: RE: Winbind on HPUX 11, some small progress
> 
> 
> Hi Don,
> 
> Michael Steffens a while back sent me a compiled version of 
> getent which I
> couldn't get to work.
> 
> I compiled your version and it doesn't seem to produce any 
> result either,
> seems to return immeditaly without doing anything.
> 
> ie
> coastdr: /mnt/1/samba/test> ./getent passwd WESTCOASTDHB+mroper
> coastdr: /mnt/1/samba/test>
> 
> If I run it without any parameters I get a core dump :o)
> 
> Better tell you that I'm compiling winbind with gcc 3.01 on hpux.  I
> compiled the getent program you sent me with.
> 
> gcc -c -I. -g -O2 getent.c
> gcc -g getent.o -o getent
> 
> >From what you have said it would seem like libnss_winbind.so 
> itsn't working.
> Anyway to get any debug output?
> 
> Here is my /usr/lib/libnss*
> 
> -r-xr-xr-x   1 bin        bin          28672 Mar 13  2001 
> libnss_compat.1
> -r-xr-xr-x   1 bin        bin         104536 Nov  6  1997 libnss_dns.1
> -r-xr-xr-x   1 bin        bin          40960 Mar  7  2001 
> libnss_files.1
> lrwxrwxrwx   1 root       sys             17 Jan 27 09:49 
> libnss_ldap.1 ->
> libns
> s_winbind.so
> -r-xr-xr-x   1 bin        bin          40960 Mar 13  2001 libnss_nis.1
> -r-xr-xr-x   1 bin        bin          57344 Mar 13  2001 
> libnss_nisplus.1
> -r-xr-xr-x   1 bin        bin          28672 Jan 24 15:23 
> libnss_winbind.so
> lrwxrwxrwx   1 root       sys             17 Jan 27 11:51
> libnss_winbind.so.1 ->
>  libnss_winbind.so
> lrwxrwxrwx   1 root       sys             17 Oct 15 16:14
> libnss_winbind.so.2 ->
>  libnss_winbind.so
> 
> Here is my /etc/nsswitch.conf
> 
> hosts: dns     [NOTFOUND=continue UNAVAIL=continue 
> TRYAGAIN=continue] files
> [N
> OTFOUND=return UNAVAIL=continue TRYAGAIN=return]
> passwd: files winbind
> group: files winbind
> 
> Here is the compile output from libnss_winbind.so
> 
> Compiling nsswitch/winbind_nss.c with -fpic
> nsswitch/winbind_nss.c: In function `fill_pwent':
> nsswitch/winbind_nss.c:600: warning: passing arg 2 of 
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:612: warning: passing arg 2 of 
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:629: warning: passing arg 2 of 
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:641: warning: passing arg 2 of 
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:653: warning: passing arg 2 of 
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `fill_grent':
> nsswitch/winbind_nss.c:690: warning: passing arg 2 of 
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:702: warning: passing arg 2 of 
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:728: warning: passing arg 2 of 
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:753: warning: passing arg 2 of 
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getpwent_r':
> nsswitch/winbind_nss.c:870: warning: passing arg 4 of 
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getpwuid_r':
> nsswitch/winbind_nss.c:920: warning: passing arg 4 of 
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:933: warning: passing arg 4 of 
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getpwnam_r':
> nsswitch/winbind_nss.c:982: warning: passing arg 4 of 
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:995: warning: passing arg 4 of 
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getgrent_r':
> nsswitch/winbind_nss.c:1119: warning: passing arg 5 of 
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getgrnam_r':
> nsswitch/winbind_nss.c:1179: warning: passing arg 5 of 
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:1193: warning: passing arg 5 of 
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getgrgid_r':
> nsswitch/winbind_nss.c:1242: warning: passing arg 5 of 
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:1256: warning: passing arg 5 of 
> `fill_grent' from
> incompatible pointer type
> Compiling nsswitch/winbind_nss_solaris.c with -fpic
> Linking nsswitch/libnss_winbind.so
> 
> Any idea where to go from here?
> 
> Cheers
> 
> Miles
> 
> -----Original Message-----
> From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
> Sent: Thursday, 6 February 2003 05:53 a.m.
> To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1);
> samba-technical at lists.samba.org; 'samba at lists.samba.org'; 
> 'Esh, Andrew';
> 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe';
> 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1)
> Subject: RE: Winbind on HPUX 11, some small progress
> 
> 
> Hi Miles,
> This sounds like a 
> PAM_USER_UNKNOWN        13
> error.  Which would indicate that winbind daemon did it's job 
> (ie passed the
> username and 
> password to the password server ,and got validation back that 
> the user is
> authenticated,
> but then when it went thru the nsswitch stuff to 'look up' 
> the user, that
> failed.
> Kinda wierd.  I don't have your original post, but I'm 
> assuming that you
> have 
> passwd: files winbind
> group: files winbind
> 
> in your /etc/nsswitch.conf file
> and that  you have working links to the winbind nss code 
> (look something
> like this):
> 
> 46 Aug 27 11:16 /usr/lib/libnss_winbind.1 ->
> /usr/local/samba/lib/winbind/libnss_winbind.so
> 
> 
> To verify that your nsswitch code is working compile the 
> getent.c program I
> have attached to this message, and then verify that you can get an
> appropriate uid/gid back for a user
> defined on your NT password server in the following manner;
> 
> getent passwd <domainname><domainseparator><username>
> (for instance on my system, I use '+' as winbind domain 
> separator, and my
> domain is atl-wtec,
> so: getent passwd atl-wtec+administrator  returns me the 
> 'passwd' entry
> faked up from the 
> NT domain controller I am a member of.
> 
> Just a thought,
> Don
> 
> > -----Original Message-----
> > From: Miles Roper [mailto:mroper at westcoastdhb.org.nz]
> > Sent: Tuesday, February 04, 2003 21:28
> > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical at lists.samba.org;
> > 'samba at lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide';
> > michael_steffens at bbn.exch.hp.com; 'Richard Sharpe'; 'John H 
> Terpstra';
> > Kim (E-mail)
> > Subject: Winbind on HPUX 11, some small progress
> > 
> > 
> > Hi All,
> > 
> > Well, i've managed to enable some debugging in syslog, I 
> had to put in
> > /etc/syslog.conf
> > 
> > ;*.debug
> > 
> > on the syslog line.
> > 
> > So at least I have an error which is being returned into syslog from
> > winbind.
> > 
> > This is what I get from winbind
> > 
> > Feb  4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie'
> > Feb  4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie' 
> > granted acces
> > Feb  4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting 
> > with return code
> > 13
> > 
> > This is what I get from pamsmb (ignore the dates, they are a 
> > bit funny for
> > some reason)
> > 
> > Feb  5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user
> > unix:trainingus
> > er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC:
> > Feb  5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry
> > Feb  4 20:53:55 coastdr : pamsmbd: Got something back... 0
> > Feb  4 20:53:55 coastdr : pam_smb: got back 0 username traininguser
> > Feb  4 20:53:55 coastdr : LOGIN: exiting with return code 13
> > 
> > So the error with pamsmb and winbind is the same.  I've done 
> > a man on login
> > and can only find a description of errors, not the error 
> > codes.  What is
> > error code 13?  If I can find that out it will make looking 
> > for it a bit
> > easier.  I thought it might be that the shell doens't exist, 
> > but I tried
> > making a user with a invalid shell and get back error code 1, 
> > so its not
> > that.
> > 
> > Ideas?
> > 
> > Cheers
> > 
> > Miles
> > 
> > 
> > -----Original Message-----
> > From: Miles Roper 
> > Sent: Monday, 3 February 2003 08:54 a.m.
> > To: 'MCCALL,DON (HP-USA,ex1)'
> > Cc: 'samba-technical at lists.samba.org'; 'samba at lists.samba.org'; Esh,
> > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard
> > Sharpe'; 'John H Terpstra'
> > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, 
> Please Help
> > 
> > 
> > Thanks for your help, still no luck though.  More info for you.
> > 
> > with no debug statements in my /etc/pam.conf I get in sys log 
> > the following.
> > 
> > Feb  2 14:43:02 coastdr pam_winbind[2832]: user 
> > 'traininguser' granted acces
> > 
> > with debug turned on I get
> > 
> > Feb  2 14:47:49 coastdr pam_winbind[2839]: Verify user 
> `traininguser'
> > Feb  2 14:47:49 coastdr pam_winbind[2839]: user 
> > 'traininguser' granted acces
> > 
> > the user is still logging out.
> > 
> > incidentlally, when I log in as a unix user, rather than a 
> > win2k user I
> > don't get anything in sys log.  I've included my pam.conf below.
> > 
> > Also, I checked for /etc/shells, no such file, and I have set 
> > my smb.conf
> > shell line to
> > 
> > template shell = /sbin/sh
> > 
> > and also tried
> > 
> > template shell = /usr/bin/sh
> > 
> > both files exist.
> > 
> > #
> > # PAM configuration
> > #
> > # Authentication management
> > #
> > login    auth sufficient        
> /usr/lib/security/libpam_unix.1 debug
> > login    auth sufficient        /usr/lib/security/libpam_winbind.1
> > debug
> > #login   auth sufficient        
> /usr/lib/security/libpam_smb.1 nolocal
> > debug
> > su       auth required  /usr/lib/security/libpam_unix.1 debug
> > dtlogin  auth required  /usr/lib/security/libpam_unix.1 debug
> > dtaction auth required  /usr/lib/security/libpam_unix.1 debug
> > ftp      auth required  /usr/lib/security/libpam_unix.1 debug
> > OTHER    auth required  /usr/lib/security/libpam_unix.1 debug
> > #
> > # Account management
> > #
> > login    account sufficient     
> /usr/lib/security/libpam_unix.1 debug
> > login    account sufficient     /usr/lib/security/libpam_winbind.1
> > debug
> > su       account required       
> /usr/lib/security/libpam_unix.1 debug
> > dtlogin  account required       
> /usr/lib/security/libpam_unix.1 debug
> > dtaction account required       
> /usr/lib/security/libpam_unix.1 debug
> > ftp      account required       
> /usr/lib/security/libpam_unix.1 debug
> > #
> > OTHER    account required       
> /usr/lib/security/libpam_unix.1 debug
> > #
> > # Session management
> > #
> > login    session sufficient     
> /usr/lib/security/libpam_unix.1 debug
> > login    session sufficient     /usr/lib/security/libpam_winbind.1
> > debug
> > dtlogin  session required       
> /usr/lib/security/libpam_unix.1 debug
> > dtaction session required       
> /usr/lib/security/libpam_unix.1 debug
> > OTHER    session required       
> /usr/lib/security/libpam_unix.1 debug
> > #
> > # Password management
> > #
> > login    password sufficient    
> /usr/lib/security/libpam_unix.1 debug
> > login    password sufficient    /usr/lib/security/libpam_winbind.1
> > debug
> > passwd   password required      
> /usr/lib/security/libpam_unix.1 debug
> > passwd   password required      /usr/lib/security/libpam_winbind.1
> > debug
> > dtlogin  password required      
> /usr/lib/security/libpam_unix.1 debug
> > dtaction password required      
> /usr/lib/security/libpam_unix.1 debug
> > OTHER    password required      
> /usr/lib/security/libpam_unix.1 debug
> > 
> > Cheers
> > 
> > Miles
> > 
> > -----Original Message-----
> > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
> > Sent: Saturday, 1 February 2003 04:53 a.m.
> > To: 'John H Terpstra'; Miles Roper
> > Cc: 'samba-technical at lists.samba.org'; 'samba at lists.samba.org'; Esh,
> > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON
> > (HP-USA,ex1); 'Richard Sharpe'
> > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, 
> Please Help
> > 
> > 
> > Hi, Miles,
> > Actually on HP-UX, you will need to add the word 'debug' at 
> > the end of each
> > of 
> > the lines in you /etc/pam.conf file, to enable more debugging 
> > to go into the
> > 
> > /var/adm/syslog/syslog.log file.
> > 
> > One thing that I have seen something like this happen on is if the 
> > /etc/shells file is corrupt, or if the shell that is defined 
> > for the user
> > (since they don't have a /etc/passwd entry, this would be 
> > whatever you put
> > in
> > template in the smb.conf) does not exactly match one of the lines in
> > /etc/shells,
> > or the defaults, if this file does not exist.
> > The defaults for 11.0 are:
> > 
> > 
> > 
> >                                     /sbin/sh
> >                                     /usr/bin/sh
> >                                     /usr/bin/rsh
> >                                     /usr/bin/ksh
> >                                     /usr/bin/rksh
> >                                     /usr/bin/csh
> >                                     /usr/bin/keysh
> > 
> > Hope this helps,
> > Don
> > > -----Original Message-----
> > > From: John H Terpstra [mailto:jht at samba.org]
> > > Sent: Friday, January 31, 2003 1:36
> > > To: Miles Roper
> > > Cc: 'samba-technical at lists.samba.org'; 
> 'samba at lists.samba.org'; Esh,
> > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 
> 'MCCALL,DON
> > > (HP-USA,ex1)'; 'Richard Sharpe'
> > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, 
> > Please Help
> > > 
> > > 
> > > On Fri, 31 Jan 2003, Miles Roper wrote:
> > > 
> > > > Hi Everyone,
> > > >
> > > > I'm forgetting about the password one at the moment, thanks 
> > > for all your
> > > > input :o)
> > > >
> > > > I still don't have a clue how to solve my main problem.  
> > > I'm assuming that
> > > > its not actually winbind related now, as I've recently 
> > > tried pam_smb and get
> > > > the same basic problem.
> > > >
> > > > Basically, when I log into the UNIX box, the 
> > > username/password of a NT user
> > > > is being authenticated, but doesn't actually log in.  It 
> > > doesn't get past
> > > > the password line.  I know it accepts the password.  Its 
> > > almost as if it
> > > > can't find the shell.  But the template variable is set 
> > > within the smb.conf
> > > > file.  Permissions are fine.  I have exactly the same 
> > > problem with the
> > > > pam_smb module.
> > > 
> > > So what does PAM report into your /var/log files?
> > > 
> > > Have you tried adding to each line in your /etc/pam.d/login 
> > > (after the .so
> > > file name) the word 'audit' - this will increase the volume 
> > > of debugging
> > > info spit out into /var/log/messages, or wherever PAM send 
> > > this on your
> > > distro.
> > > 
> > > - John T.
> > > 
> > > >
> > > > If there is any further information I can send let me know.
> > > >
> > > > Ideas?
> > > >
> > > > Thanks
> > > >
> > > > Miles
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall at hp.com]
> > > > Sent: Friday, 31 January 2003 07:06 a.m.
> > > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide
> > > > Cc: 'samba at lists.samba.org'; Esh, Andrew; Miles Roper;
> > > > 'samba-technical at lists.samba.org'; 'Richard Sharpe'
> > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, 
> > > Please Help
> > > >
> > > >
> > > > Hi Everyone,
> > > > This whole problem with the password command not working 
> > > when winbind
> > > > is included as a method in the nsswitch.conf can probably 
> > > be worked around
> > > > by simply using the -r files (or -r nis or -r nisplus) 
> > > switch.  Take a look
> > > > at the man page for passwd on HP-UX 11.x  and see if this 
> > > won't help you
> > > > out.
> > > > Hope this helps,
> > > > Don
> > > >
> > > > > -----Original Message-----
> > > > > From: Michael Steffens [mailto:michael.steffens at hp.com]
> > > > > Sent: Tuesday, January 28, 2003 11:52
> > > > > To: Ronan Waide
> > > > > Cc: 'samba at lists.samba.org'; Esh, Andrew; Miles Roper;
> > > > > 'samba-technical at lists.samba.org'; 'Richard Sharpe'
> > > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally 
> > > Stuck, Please Help
> > > > >
> > > > >
> > > > > Ronan Waide wrote:
> > > > > > On January 28, Andrew_Esh at adaptec.com said:
> > > > > >
> > > > > >>I don't have HPUX, so I don't know what to suggest for
> > > > > that. I just know
> > > > > >>getent won't work without winbindd in nsswitch.conf 
> on Linux.
> > > > > >
> > > > > >
> > > > > > I think the point that was being made is that NSS support
> > > > > on HPUX only
> > > > > > supports a few known types, of which one is LDAP. The 
> > > discussion was
> > > > > > basically about faking out the system so that what it 
> > > thinks is LDAP
> > > > > > is actually winbind.
> > > > >
> > > > > Yep. It's a HP-UX specific workaround. Please ignore it
> > > > > everywhere else.
> > > > >
> > > > > Michael
> > > > >
> > > > >
> > > >
> > > 
> > > -- 
> > > John H Terpstra
> > > Email: jht at samba.org
> > > 
> > 
> 


More information about the samba mailing list