[Samba] nsswitch not calling winbindd - suse 9.3 64 bit & Samba 3.0.14a

Noel Kelly thunderbird at lolith.net
Mon May 23 08:00:52 GMT 2005 

Sridhar,

Spot on!  Works at treat as soon as I killed nscd.  I must admit I had
my doubts when I saw your email but thanks very much for that.  I just
need to look at why nscd interferes with winbind so badly....

Cheers
Noel

Sridhar Venkatakrishnan wrote:

> Are you running nscd? That could mess up things a bit.
>
> Sridhar
>
> Noel Kelly wrote:
>
>> Hi - I have a problem that is driving me round the bend.
>>
>> I have installed Suse 9.3 (64-bit) and compiled Samba 3.0.14a from
>> source.
>>
>> The server is going to be part of an ADS network so I have Kerberos
>> working fine and I have joined the domain ('net ads testjoin' works
>> fine).
>>
>> I have compiled and loaded the idmap_rid module and that seems to be
>> working fine too.  wbinfo -u gives me all the domain users and wbinfo -g
>> the groups.  'net ads info' gives me this:
>>
>> LDAP server: 192.168.5.4
>> LDAP server name: brain
>> Realm: UK.*****.PLC
>> Bind Path: dc=UK,dc=*****,dc=PLC
>> LDAP port: 389
>> Server time: Sat, 21 May 2005 23:12:14 GMT
>> KDC server: 192.168.5.4
>> Server time offset: 0
>>
>> which also seems fine to me.
>>
>> However, the wheels come off when I try a 'getent passwd' (which returns
>> no domain users) or 'getent passwd administrator' (returns nothing).
>>
>> My /etc/nsswitch.conf looks like this:
>>
>> passwd:         files winbind
>> group:          files winbind
>>
>> hosts:          files dns wins
>> networks:       files dns
>>
>> services:       files
>> protocols:      files
>> rpc:            files
>> ethers:         files
>> netmasks:       files
>> netgroup:       files
>> publickey:      files
>>
>> bootparams:     files
>> automount:      files nis
>> aliases:        files
>>
>> I have tried running winbindd with debug info in the foreground (see
>> listing below) and there is no sign of activity at all when 'getent' is
>> run.  It is as if the nsswitch.conf just ignores winbind.  If I remove
>> 'files' and leave:
>>
>> passwd:        winbind
>>
>> in nsswitch.conf then 'getent passwd' returns nothing.
>>
>> libnss_wins.so and libnss_winbind.so are both in /lib and both have a
>> softlink to a .so.2.  i have even made links in /lib64 reasoning that
>> they might be better found there?
>>
>> Has anyone got any suggestions as to how i could force nsswitch.conf to
>> call winbind?
>>
>> Not really sure where to go next other than to a different distro as it
>> would seem to me in my limited capacity that the OS is not making the
>> right library calls?
>>
>> Thanks in advance,
>> Noel
>>
>>
>> newbelly:~ # winbindd -i -d3
>> winbindd version 3.0.14a started.
>> Copyright The Samba Team 2000-2004
>> lp_load: refreshing parameters
>> Initialising global parameters
>> params.c:pm_process() - Processing configuration file
>> "/usr/local/samba/lib/smb.conf"
>> Processing section "[global]"
>> Processing section "[homes]"
>> Processing section "[printers]"
>> Processing section "[print$]"
>> Processing section "[IT]"
>> adding IPC service
>> adding IPC service
>> added interface ip=192.168.5.134 bcast=192.168.5.255 nmask=255.255.255.0
>> added interface ip=192.168.5.134 bcast=192.168.5.255 nmask=255.255.255.0
>> idmap_init: using 'idmap_rid' as remote backend
>> Module '/usr/local/samba/lib/idmap/idmap_rid.so' loaded
>> rid_idmap_parse: parsing entry: 0
>> rid_idmap_parse:        entry 0 has name: [UK]
>> rid_idmap_parse:        entry 0 has sid:
>> [S-1-5-21-2025429265-764733703-725345543]
>> rid_idmap_parse:        entry 0 has min_id: [500]
>> rid_idmap_parse:        entry 0 has max_id: [500000]
>> rid_idmap_init: using 1 mappings:
>> rid_idmap_init: domain: [UK], sid:
>> [S-1-5-21-2025429265-764733703-725345543], min_id: [500], max_id:
>> [500000]
>> Registered MSG_REQ_POOL_USAGE
>> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
>> Added domain UK UK.******.PLC S-0-0
>> cm_get_ipc_userpass: No auth-user defined
>> Doing spnego session setup (blob length=108)
>> got OID=1 2 840 48018 1 2 2
>> got OID=1 2 840 113554 1 2 2
>> got OID=1 2 840 113554 1 2 2 3
>> got OID=1 3 6 1 4 1 311 2 2 10
>> got principal=brain$@UK.******.PLC
>> Doing kerberos session setup
>> Ticket in ccache[MEMORY:cliconnect] expiration Sun, 22 May 2005
>> 09:18:38 GMT
>> lsa_io_sec_qos: length c does not match size 8
>> add_trusted_domain: UK is an ADS native mode domain
>> ads: alternate_name
>> Connected to LDAP server 192.168.5.12
>> got ldap server name lips at UK.******.PLC, using bind path:
>> dc=UK,dc=******,dc=PLC
>> ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
>> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
>> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
>> ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
>> ads_sasl_spnego_bind: got server principal name =lips$@UK.******.PLC
>> ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
>> found)
>> Ticket in ccache[MEMORY:winbind_ccache] expiration Sun, 22 May 2005
>> 09:18:38 GMT
>> Found alternate name 'UK' for realm 'UK.******.PLC'
>> Added domain BUILTIN  S-1-5-32
>> Added domain NEWBELLY  S-1-5-21-2759713905-3148918603-543342210
>>
>>
>>
>>
>>
>>  
>>
>

More information about the samba mailing list