[Samba] getent & winbindd on FreeBSD 5.4
Ilia Chipitsine
ilia at paramon.ru
Sun Sep 18 10:21:44 GMT 2005
> I'm trying to get a FreeBSD 5.4 server to join a NT4 domain as a member
> domain server using winbindd. I've compiled Samba with WinBIND support, ACL
> Support, Syslog support, UTMP support, SMB PAM module, and with installed
> POPT library.
>
> I've reviewed Chapter 20 of TOSHARG and implemented a good portion of it
> into our smb.conf file but am having trouble making the 'getent' command
> work. Running Samba 3.0.20.1. The 'getent' command is found in
> /usr/compat/linux/usr/bin/.
getent is linux thing and for FreeBSD You'd better to use "id"
for instance,
$ id ilia
>
> I can join the domain fine and execute 'wbinfo -u' with the expected domain
> user listing as well as with the 'wbinfo -g' command. However when I attempt
> to execute 'getent passwd' it shows only the local user accounts. Executing
> 'getent group' also produces only the local groups.
>
> It seems the getent command that comes with the linux_base port on FreeBSD
> 5.4 may or may not be working. I am unable to verify it though. Doing a
> 'tdbdump winbind_cache.tdb' reveals that the users are being enumerated but
> without a corresponding *nix user id. I don't know if the tdbsam is supposed
> to reveal such information. TOSHARG states that for getent to work, the
> nsswitch.conf must be properly configured. Mine is as follows:
>
> # /etc/nsswitch.conf
> passwd: compat winbind
> group: compat winbind
> hosts: files winbind wins dns
> networks: files
> shells: files
>
>
> NSSwitch depends on PAM modules for authentications so here's my login file:
>
> #
> # $FreeBSD: src/etc/pam.d/login,v 1.16 2003/06/14 12:35:05 des Exp $
> #
> # PAM configuration for the "login" service
> #
>
> # auth
> auth sufficient pam_winbind.so
> auth sufficient pam_unix.so use_first_pass
> auth required pam_stack.so service=system-auth
> auth required pam_nologin.so no_warn
> auth sufficient pam_self.so no_warn
> auth include system
>
> # account
> account sufficient pam_winbind.so
> account required pam_stack.so service=system-auth
> account include system
>
> # session
> session required pam_stack.so service=system-auth
> session include system
>
> # password
> password required pam_stack.so service=system-auth
> password include system
>
>
> # smb.conf
> [global]
> workgroup = DSP
> server string = Samba Server
> security = DOMAIN
> passdb backend = tdbsam
> log file = /var/log/samba/log.%m
> max log size = 50
> os level = 33
> local master = No
> dns proxy = No
> wins server = 192.168.1.1
> idmap uid = 15000-20000
> idmap gid = 15000-20000
> template homedir = /usr/home/%D/%U
> template shell = /bin/bash
> winbind separator = +
> hosts allow = 192.168.1., 192.168.2., 127.
>
> [homes]
> comment = Home Directories
> read only = No
> browseable = No
>
> [MacData]
> comment = Production Data
> path = /data
> valid users = @DSP+PRODUCTION
> read only = No
> create mask = 0765
>
>
> The odd thing is- there's no /etc/pam.d/samba file even though I specified
> that the PAM samba module be installed. Is my PAM whacked?
>
> Also, I am unsure if I need to map users to NT account using a text file
> similar to /etc/smb/smbusers or some file similar to that? When I execute
> 'pw groupshow DSP+PRODUCTION', the log.smbd shows this:
> [2005/09/15 16:17:24, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(195)
> Unable to open/create TDB passwd
> [2005/09/15 16:17:24, 0] passdb/pdb_tdb.c:tdbsam_getsampwrid(488)
> pdb_getsampwrid: Unable to open TDB rid database!
>
> log.wb-DSP shows this:
> [2005/09/15 16:17:24, 0] rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700)
> rpc_pipe_bind failed
>
> I'm a newb so would appreciate any advice!
>
> ~Doug
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list