[Samba] winbind and Solaris 9 with AD

Ganguly, Sapan Sapan.Ganguly at thalesgroup.com
Mon Jan 19 14:45:05 GMT 2004


Patrik,

Hello!  I have been waiting for you to get back, you may be able to help me.
I am having trouble making winbind work with Solaris 9.  I was wondering if
you could post a copy of your pam.conf again so that I can double check that
I have a correct copy of it?

The problem I am having is that when I try to log in with an NT username and
password the login process hangs after I put the password in.  I don't know
why this happens because getent works.  I decided to log what is going on in
PAM, here is what I got -

Jan 14 13:29:55 sun001 pam_winbind[15352]: [ID 571141 auth.debug]
libpam_winbind:pam_sm_close_sessio
n handler
Jan 14 13:29:59 sun001 login: [ID 634615 auth.debug]
pam_authtok_get:pam_sm_authenticate: flags = 0 Jan 14 13:30:05 sun001 login:
[ID 378613 auth.debug] pam_dhkeys: user ganguly not found Jan 14 13:30:05
sun001 login: [ID 896952 auth.debug] pam_unix_auth: entering
pam_sm_authenticate() Jan 14 13:30:05 sun001 login: [ID 219349 auth.debug]
pam_unix_auth: user ganguly not found Jan 14 13:30:05 sun001
pam_winbind[15369]: [ID 572310 auth.info] Verify user `ganguly' Jan 14
13:30:05 sun001 pam_winbind[15369]: [ID 614614 auth.notice] user 'ganguly'
granted acces Jan 14 13:30:05 sun001 login[15369]: [ID 509786 auth.debug]
roles pam_sm_authenticate, service = tel net user = ganguly ruser = not set
rhost = 192.168.224.90

Thanks for any help you can offer!

Sapan

-----Original Message-----
From: Patrik Gustavsson [mailto:Patrik.Gustavsson at Sun.COM] 
Sent: 19 January 2004 14:39
To: Unix Service (ANTS)
Cc: 'samba at lists.samba.org'
Subject: Re: [Samba] winbind and Solaris 9 with AD


Hi,

I have the following libraries and links in /usr/lib and 
it works:

libnss_winbind.so
libnss_winbind.so.1 -> libnss_winbind.so
nss_winbind.so.1 -> libnss_winbind.so

/Patrik
On Mon, 2004-01-19 at 13:13, Unix Service (ANTS) wrote:
> Hi
> 
> have been trying to get winbind working on Solaris 9 but to no effect.
> 
> version info:
> 
> samba: 3.0.0
> openldap: 2.1.23
> kerberos: MIT 1.3.1
> 
> Have followed the instructions in every howto, usenet posting I could
> find:
> 
> nscd not running
> created relevant links in /lib and /lib/security/sparcv9 applied patch 
> for nsswitch as recommended
> 
> kinit -e works
> net ads join works
> wbinfo -t works
> wbinfo -u gives list of all users in all trusted domains getent 
> doesn't work samba authentication doesn't work - get the following in 
> winbindd.log:
> 
> [2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379)
>   NTLM CRAP authentication for user [DEV]\[test7] returned 
> NT_STATUS_OK (PAM: 0) [2004/01/19 10:59:27, 3] 
> nsswitch/winbindd_acct.c:(875)
>   [ 3551]: create_user: user=>(test7), group=>()
> [2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521)
>   wb_getgrnam: Did not find group (nobody)
> 
> my smb.conf is:
> 
> workgroup = DEV
> #workgroup = DEV.ANTS.AD.ANPLC.CO.UK
> realm = DEV.ANTS.AD.ANPLC.CO.UK
> security = ADS
> password server = lonsd010.dev.ants.ad.anplc.co.uk
> dns proxy = no
> idmap gid = 70000-80000
> idmap uid = 800000-900000
> winbind cache time = 15
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> encrypt passwords = yes
> log level = 9
> 
> [temp]
> path = /tmp
> read list = @users
> 
> [docs]
> path = /var/tmp/samba-3.0.0
> read list = @users
> 
> I would appreciate any pointers as to further debugging I could do or 
> possible problems as being able to use winbind to deal with samba 
> authentication would make life a great deal easier.
> 
> 
> 
> 
> **********************************************************************
> *****
> This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received
this communication in error, you should destroy it without copying,
disclosing or otherwise using its contents.  Please notify the sender
immediately of the error.
> 
> Internet communications are not necessarily secure and may be 
> intercepted or changed after they are sent.  Abbey National Treasury 
> Services plc does not accept liability for any loss you may suffer as 
> a result of interception or any liability for such changes.  If you 
> wish to confirm the origin or content of this communication, please 
> contact the sender by using an alternative means of communication.
> 
> This communication does not create or modify any contract and, unless 
> otherwise stated, is not intended to be contractually binding.
> 
> Abbey National Treasury Services plc. Registered Office:  Abbey 
> National House, 2 Triton Square, Regents Place, London NW1 3AN.
Registered in England under Company Registration Number: 2338548.  Regulated
by the Financial Services Authority (FSA).
>
***************************************************************************
-- 
"In a world without fences who needs Gates"
Patrik Gustavsson, Senior Technical Consultant
patrik.gustavsson at sun.com     Telephone: +46 60 671540
http://glen.sweden            Mobile: +46 70 3551040
SUN MICROSYSTEMS              Fax: +46 60 671550
--------------------------------------------------------------


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list