[Samba] winbind and pam on FC3
David Rigler
dave at itserviceltd.com
Mon Jun 13 17:25:31 GMT 2005
Hi giuseppe
after some more investigation ive found the following sequence to be
100% repeatable.
2 users, dave & elina. dave has a local account, elina does not. After
reboot or restart of the winbindd daemon, dave can login but elina can
not. After logging in as dave, "wbinfo -n dave" returns "Could not
lookup name
dave". Huh !! it just logged me in but now cant find my details ?? Same
with "wbinfo -n elina". Now run "getent passwd", result of which kind of
looks like the passwd file with the AD domain users tacked onto the end.
After
this "wbinfo -n dave" returns the windows SID. Now run "wbinfo -n elina"
which again should show the Windows SID for elina. log out as dave and
TRA-LA I can log in as elina.
as to why "wbinfo -n" cannot get the Windows SID ?? and does the "getent
passwd" result in the SID being cached ??
giuseppe panei wrote:
> Hi dave
>
> I have found the following items in the htmldocs:
>
> "The pam_winbind module in the 2.2.2 release only supports the auth
> and account module-types. The latter simply performs a getpwnam() to
> verify that the system can obtain a uid for the user. If the
> libnss_winbind library has been correctly installed, this should
> always succeed."
>
> Well, then is failing the account module ?
??
>
>
> From Using Samba, cap 9:
>
> "Be careful when adding local users after domain users have started
> accessing the Samba server. The domain users will have entries created
> for them by winbind in /etc/passwd, with UIDs in the range you specify.
> ................
> ................"
>
> In my /etc/passwd there are no entities for domain users.
>
I dont believe this is true, it does not add teh AD users to the local
passwd file. Although "getent passwd" produces a list that looks like a
cat of passwd + the AD users
>
>
> I apologize for my bad english.
> Giuseppe
>
much better than my non-existant italian
dave
>
>
> David Rigler wrote:
>
>>
>> Hi Giuseppe
>>
>> I was thinking that getpwnam should fail, that user doesnt exist
>> locally.
>> But the pam_unix and/or pam stack should be able to cope with that ?
>>
>> dave
>>
>
More information about the samba
mailing list