[Samba] winbind and pam on FC3

David Rigler dave at itserviceltd.com
Mon Jun 13 17:25:31 GMT 2005 

Hi giuseppe

after some more investigation ive found the following sequence to be
100% repeatable.

2 users, dave & elina. dave has a local account, elina does not. After 
reboot or restart of the winbindd daemon, dave can login but elina can 
not. After logging in as dave, "wbinfo -n dave" returns "Could not 
lookup name
dave". Huh !! it just logged me in but now cant find my details ?? Same 
with "wbinfo -n elina". Now run "getent passwd", result of which kind of 
looks like the passwd file with the AD domain users tacked onto the end. 
After
this "wbinfo -n dave" returns the windows SID. Now run "wbinfo -n elina" 
which again should show the Windows SID for elina. log out as dave and 
TRA-LA I can log in as elina.

as to why "wbinfo -n" cannot get the Windows SID ?? and does the "getent 
passwd"  result in the SID being cached ??

giuseppe panei wrote:

> Hi dave
>
> I have found the following items in the htmldocs:
>
> "The pam_winbind module in the 2.2.2 release only supports the auth 
> and account module-types. The latter simply performs a getpwnam() to 
> verify that the system can obtain a uid for the user. If the 
> libnss_winbind library has been correctly installed, this should 
> always succeed."
>
> Well, then is failing the account module ?

??

>
>
> From Using Samba, cap 9:
>
> "Be careful when adding local users after domain users have started 
> accessing the Samba server. The domain users will have entries created 
> for them by winbind in /etc/passwd, with UIDs in the range you specify.
> ................
> ................"

>
> In my /etc/passwd there are no entities for domain users.
>
I dont believe this is true, it does not add teh AD users to the local 
passwd file. Although "getent passwd" produces a list that looks like a 
cat of passwd + the AD users

>
>
> I apologize for my bad english.
> Giuseppe
>
much better than my non-existant italian

dave
 

>
>
> David Rigler wrote:
>
>>
>> Hi Giuseppe
>>
>> I was thinking that getpwnam should fail, that user doesnt exist 
>> locally.
>> But the pam_unix and/or pam stack should be able to cope with that ?
>>
>> dave
>>
>

More information about the samba mailing list