[Samba] nsswitch not calling winbindd - suse 9.3 64 bit & Samba 3.0.14a

Noel Kelly thunderbird at lolith.net
Sun May 22 22:49:48 GMT 2005 

Hi - I have a problem that is driving me round the bend.

I have installed Suse 9.3 (64-bit) and compiled Samba 3.0.14a from source.

The server is going to be part of an ADS network so I have Kerberos
working fine and I have joined the domain ('net ads testjoin' works fine).

I have compiled and loaded the idmap_rid module and that seems to be
working fine too.  wbinfo -u gives me all the domain users and wbinfo -g
the groups.  'net ads info' gives me this:

LDAP server: 192.168.5.4
LDAP server name: brain
Realm: UK.*****.PLC
Bind Path: dc=UK,dc=*****,dc=PLC
LDAP port: 389
Server time: Sat, 21 May 2005 23:12:14 GMT
KDC server: 192.168.5.4
Server time offset: 0

which also seems fine to me.

However, the wheels come off when I try a 'getent passwd' (which returns
no domain users) or 'getent passwd administrator' (returns nothing).

My /etc/nsswitch.conf looks like this:

passwd:         files winbind
group:          files winbind

hosts:          files dns wins
networks:       files dns

services:       files
protocols:      files
rpc:            files
ethers:         files
netmasks:       files
netgroup:       files
publickey:      files

bootparams:     files
automount:      files nis
aliases:        files

I have tried running winbindd with debug info in the foreground (see
listing below) and there is no sign of activity at all when 'getent' is
run.  It is as if the nsswitch.conf just ignores winbind.  If I remove
'files' and leave:

passwd:		winbind

in nsswitch.conf then 'getent passwd' returns nothing.

libnss_wins.so and libnss_winbind.so are both in /lib and both have a
softlink to a .so.2.  i have even made links in /lib64 reasoning that
they might be better found there?

Has anyone got any suggestions as to how i could force nsswitch.conf to
call winbind?

Not really sure where to go next other than to a different distro as it
would seem to me in my limited capacity that the OS is not making the
right library calls?

Thanks in advance,
Noel


newbelly:~ # winbindd -i -d3
winbindd version 3.0.14a started.
Copyright The Samba Team 2000-2004
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/usr/local/samba/lib/smb.conf"
Processing section "[global]"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[IT]"
adding IPC service
adding IPC service
added interface ip=192.168.5.134 bcast=192.168.5.255 nmask=255.255.255.0
added interface ip=192.168.5.134 bcast=192.168.5.255 nmask=255.255.255.0
idmap_init: using 'idmap_rid' as remote backend
Module '/usr/local/samba/lib/idmap/idmap_rid.so' loaded
rid_idmap_parse: parsing entry: 0
rid_idmap_parse:        entry 0 has name: [UK]
rid_idmap_parse:        entry 0 has sid:
[S-1-5-21-2025429265-764733703-725345543]
rid_idmap_parse:        entry 0 has min_id: [500]
rid_idmap_parse:        entry 0 has max_id: [500000]
rid_idmap_init: using 1 mappings:
rid_idmap_init: domain: [UK], sid:
[S-1-5-21-2025429265-764733703-725345543], min_id: [500], max_id: [500000]
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Added domain UK UK.******.PLC S-0-0
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=108)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=brain$@UK.******.PLC
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Sun, 22 May 2005 09:18:38 GMT
lsa_io_sec_qos: length c does not match size 8
add_trusted_domain: UK is an ADS native mode domain
ads: alternate_name
Connected to LDAP server 192.168.5.12
got ldap server name lips at UK.******.PLC, using bind path:
dc=UK,dc=******,dc=PLC
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
ads_sasl_spnego_bind: got server principal name =lips$@UK.******.PLC
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
Ticket in ccache[MEMORY:winbind_ccache] expiration Sun, 22 May 2005
09:18:38 GMT
Found alternate name 'UK' for realm 'UK.******.PLC'
Added domain BUILTIN  S-1-5-32
Added domain NEWBELLY  S-1-5-21-2759713905-3148918603-543342210

More information about the samba mailing list