[Samba] Samba 3.20 Solaris questions PLEASE HELP!

Mon Oct 3 19:31:46 GMT 2005

OMG Jerry YOU ARE A GOD! Enum users and enum groups did the trick I turned
them off and I can now login to admsrv dude thank you soooo much I've been
trying to figure that out for 2 weeks I OWE U BEER or wine whatever you want
!!!!!!!!!!!!!

On 10/3/05, Matt Marcus <unixwizard at gmail.com> wrote:
>
> Jerry,
> Thank you sooo much for your answers to my questions I was beggining to
> lose hope :)
>  As for your answer below, do you have any online resources that may go
> over how to configure a chroot environment, I'm not familure with it at all?
> The application we're using on this box requires Solaris 8 so an upgrade to
> solaris 10 is not currently possible.
>  Samba has to have a uid/gid for each user/group in the
> Windows domain. If you don't want to use the global
> /etc/nsswitch.conf, you could use a chroot environment
> or a Solaris 10 zone.
>  I will attempt the changes you suggested today. Basically I'm having a
> problem with this product named Helios Ethershare its an old school legacy
> OPI and appletalk filesharing system. There is an administration service
> named admsrv that allows you to configure the ethershare application via a
> client gui. It is this app thats causing all the issues with winbind. The
> app should essentially consult nsswitch.conf, find the root user, if the
> root user does not exist it will consult its own passwd database for root,
> if it can't find an account there it will consult nsswitch for some other
> means of auth. Unfortuently when winbind is running the app doesn't see root
> in /etc/passwd or in its own passwd database and then begins to consult
> winbind. However the app hangs while logging in for 30 minutes but stopping
> winbind allows you to login instantly. I'm attaching my smb.conf as well
> as 3 text files named (TrussAdmSrvFailed.out, TrussAdmsrvSuccess.out, and
> TrussWinbindFailedAuth.out) The first two are truss outputs of the
> application admsrv in both a successful state without winbind and an
> unsucessful state with winbind. The last is a truss of winbind while a
> failed login is in progress. I hope this is enough to help let me know if
> there is something else that may help with debugging this.
>
> # Samba config file created using SWAT
> # from 170.165.228.218 <http://170.165.228.218/> ( 170.165.228.218<http://170.165.228.218/>
> )
> # Date: 2005/09/29 16:51:36
>
> # Global parameters
> [global]
> workgroup = NDMSNET
> realm = NEWSDAY.AD.TRB
> netbios name = NDCCS
> server string = Consolidated Content Server
> interfaces = 170.165.195.177 <http://170.165.195.177/>
> bind interfaces only = Yes
> security = ADS
> map to guest = Bad User
> lanman auth = No
> client NTLMv2 auth = Yes
> client lanman auth = No
> client plaintext auth = No
> getwd cache = No
> wins server = 170.165.228.9 <http://170.165.228.9/>
> ldap ssl = no
> idmap uid = 10000-30000
> idmap gid = 10000-30000
> winbind separator = +
> winbind use default domain = Yes
> admin users = root, NDMSNET+marcusm
> wide links = No
>
> [Laser]
> comment = Laser Print Queue Share
> path = /opi_laser
> read only = No
>
> [Imagers]
> comment = Image Setter Queue Share
> path = /opi_imagers
> read only = No
>
> [XML]
> comment = XML Share For Order Entry
> path = /app/samba/Mounts
> read only = No
>
> [ToPlate]
> comment = PDF To Plate Share
> path = /psfiles/To_Plate
> read only = No
>
> [RipCheck]
> comment = Rip Validation Share
> path = /app/samba/PagMounts
>
> [MattsHome]
> comment = Home Dir
> path = /usr/users/mmarcus
> read only = No
> create mask = 0664
> directory mask = 0775
> browseable = No
>
> [HammerThis]
> comment = Samba3 Stress Test
> path = /vol11
> admin users = NDMSNET+marcusm, NDMSNET+benzej
> read only = No
> guest ok = Yes
>
>
>  On 10/3/05, Gerald (Jerry) Carter <jerry at samba.org> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Matt Marcus wrote:
> >
> > | 1 - Does PAM have to be configured when using winbind
> > | and samba 3 in an ADS environment? Everything is currently
> > | working and I've done nothing to configure PAM, yet
> > | all online documetation states this is a necissary step?
> >
> > No. You only need PAM if you want to use pam (or build pam_winbindd.so)
> >
> > | 2 - Can samba 3 still use ads and winbind without
> > | adding winbind to nsswitch.conf? If not is there anyway
> > | to force winbind to leave all applications with the
> > | exception of samba out of its control eg helios
> > | admsrv, afpserv or anything else installed on the
> > | system that may consult nsswitch that knows
> > | nothing about domains or winbind?
> >
> > Samba has to have a uid/gid for each user/group in the
> > Windows domain. If you don't want to use the global
> > /etc/nsswitch.conf, you could use a chroot environment
> > or a Solaris 10 zone.
> >
> >
> > | 3 - Why does wbinfo -u fail to return entries from
> > | the domain controler periodically? Is this normal
> > | behavior or did I mess up configuration someplace?
> >
> > No. wbinfo -u should consistently return all users.
> >
> > | 4 - wbinfo -u seems to work 80% of the time but
> > | when it takes a long time to query the domain
> > | controller access to any service on the sun server is
> > | slow?
> >
> > enumerating users and groups is slow. We're working
> > on fixing this but for now you might just prefer to
> > set 'winbind enum {users,groups} = no' in smb.conf.
> > This will break any applications that use
> > {set,get,end}{pw,gr}ent() but such application tend to
> > be fairly rare tehse days (although IIRC id and finger are
> > one of them).
> >
> >
> >
> >
> >
> >
> > cheers, jerry
> > =====================================================================
> > Alleviating the pain of Windows(tm) ------- http://www.samba.org
> > GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
> > "There's an anonymous coward in all of us." --anonymous
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.0 (GNU/Linux)
> > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> >
> > iD8DBQFDQSgXIR7qMdg1EfYRAqFoAKCI5t/v4nIGbtmhaErP2w5IsOjgqgCfdXql
> > nzsYgIU2rZvGB885XzLzbgc=
> > =xUOl
> > -----END PGP SIGNATURE-----
> >
>
>
>