[Samba] Winbind on Slackware - no auth but all the rest OK
Alexis Tremblay
altrem at gmail.com
Tue May 30 10:16:24 GMT 2006
Hi list,
I got a Winbind issue that I'm stuck with since a very long time, this
is getting ridiculous.
On our Linux shell server (Slackware 9.1), I Installed the whole samba
from self-compilation, tried many different configure options but
mostly --without-pam --with-ldap, and everything required from all the
HowTos I've read.
I start winbindd via: # /usr/local/samba/sbin/winbindd -F -i -n -d 9 -S
I can query any information from the ADS, wbinfo -u -g -A ... getent
passwd, getent group, etc... all works A+OK.
Then, in another terminal, as a UNIX local user on the same system I
want to "su" to an AD user so I type:
$ su - alexis.tremblay
where "alexis.tremblay" is my AD user on my PDC, Winbind works,
queries via ldap, gets all required info:
[...]
0078 status : NT_STATUS_OK
child daemon request 48
[ 3879]: lookupsid S-1-5-21-688190787-2786516605-92148756-1107
ads: query_user
Current tickets expire at 1149006892, time is now 1148982918
Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\43\F5\04\29\7D\DE\16\A6\14\14\7E\05\53\04\00\00)
gave 1 replies
ads query_user gave alexis.tremblay
BUT Then, it stops right there, when I type any password at the
"password: " prompt (from my `su - alexis.tremblay`), it just drops
me. The system never, ever sends the password to the ADS, the "su"
command says "Sorry" and that's it.
I can "su - alexis.tremblay" as ROOT, without entering any password,
and it'll give me a shell! But nothing works as a normal user.
Mind that I don't have PAM on this Slackware system, shouldn't be
required, I know people have done it without PAM.
Please, if someone could point me in the right direction, would be very great!
Thanks a lot
Alexis Tremblay
My configs follow:
smb.conf (I tried every immaginable combination, but I reverted to
something simple like this):
[global]
WORKGROUP = MYREALM
realm = MYREALM.TLD
netbios name = URI
password server = ip.of.win2k3.server
server string = URI Shell Server %v
security = ADS
winbind separator = +
idmap uid = 500-20000
idmap gid = 500-20000
winbind enum users = Yes
winbind enum groups = Yes
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = yes
winbind cache time = 10
obey pam restrictions = no
[homes]
comment = Home Directories
valid users = %U
read only = No
browseable = No
nsswitch.conf:
passwd: compat winbind
shadow: compat
group: compat winbind
in /lib/lib_nss* I got:
$ ls -l /lib/libnss_*
-rwxr-xr-x 1 root root 49707 May 19 2003
/lib/libnss_compat-2.3.2.so*
lrwxrwxrwx 1 root root 22 Dec 17 15:05
/lib/libnss_compat.so.2 -> libnss_compat-2.3.2.so*
-rwxr-xr-x 1 root root 16948 May 19 2003
/lib/libnss_dns-2.3.2.so*
lrwxrwxrwx 1 root root 19 Dec 17 15:05
/lib/libnss_dns.so.2 -> libnss_dns-2.3.2.so*
-rwxr-xr-x 1 root root 42833 May 19 2003
/lib/libnss_files-2.3.2.so*
lrwxrwxrwx 1 root root 21 Dec 17 15:05
/lib/libnss_files.so.2 -> libnss_files-2.3.2.so*
-rwxr-xr-x 1 root root 18513 May 19 2003
/lib/libnss_hesiod-2.3.2.so*
lrwxrwxrwx 1 root root 22 Dec 17 15:05
/lib/libnss_hesiod.so.2 -> libnss_hesiod-2.3.2.so*
-rwxr-xr-x 1 root root 397975 May 30 11:39
/lib/libnss_ldap-2.3.2.so*
lrwxrwxrwx 1 root root 20 May 30 11:39
/lib/libnss_ldap.so -> libnss_ldap-2.3.2.so*
lrwxrwxrwx 1 root root 20 May 30 11:39
/lib/libnss_ldap.so.1 -> libnss_ldap-2.3.2.so*
lrwxrwxrwx 1 root root 20 May 30 11:39
/lib/libnss_ldap.so.2 -> libnss_ldap-2.3.2.so*
-rwxr-xr-x 1 root root 40317 May 19 2003
/lib/libnss_nis-2.3.2.so*
lrwxrwxrwx 1 root root 19 Dec 17 15:05
/lib/libnss_nis.so.2 -> libnss_nis-2.3.2.so*
-rwxr-xr-x 1 root root 47823 May 19 2003
/lib/libnss_nisplus-2.3.2.so*
lrwxrwxrwx 1 root root 23 Dec 17 15:05
/lib/libnss_nisplus.so.2 -> libnss_nisplus-2.3.2.so*
-rwxr-xr-x 1 root root 20991 Mar 9 11:59 /lib/libnss_winbind.so*
lrwxrwxrwx 1 root root 17 Mar 1 15:22
/lib/libnss_winbind.so.1 -> libnss_winbind.so*
lrwxrwxrwx 1 root root 17 Mar 2 15:43
/lib/libnss_winbind.so.2 -> libnss_winbind.so*
$ grep -i pam /lib/libnss_*
(nothing)
More information about the samba
mailing list