[Samba] Strange behaviour of winbind on solaris 8

Oliver Weinmann oliver.weinmann at googlemail.com
Mon Apr 28 11:21:26 GMT 2008


forgot to mention that the nss_winbind links are there:

bash-2.03# ls -alrt /usr/lib/nss_w*
lrwxrwxrwx   1 root     other         28 Apr 23 14:30
/usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
lrwxrwxrwx   1 root     other         28 Apr 23 14:30
/usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
lrwxrwxrwx   1 root     other         28 Apr 23 14:30
/usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1

Changed the crle to only /usr/lib:/opt/csw/lib and disabled nscd at boot.

After reboot i can no longer resolve usernames, wbinfo -t/-g/-u work fine.


getent passwd and getent group are not showing AD users.

when logging in as an AD users i can see the following in the
/var/adm/messages logfile:

Apr 28 13:20:09 rose8 sshd[516]: [ID 129890 auth.error] pam_winbind(sshd):
request failed: No such user, PAM error was No account present for user
(13), NT error was NT_STATUS_NO_SUCH_USER
Apr 28 13:20:18 rose8 sshd[524]: [ID 800047 auth.error] error: PAM: No
account present for user for illegal user oweinmann from
vb8860.vegagroup.net



On 4/28/08, Oliver Weinmann <oliver.weinmann at googlemail.com> wrote:
>
> I got:
>
>
> bash-2.03# ls -alrt /usr/lib/libnss_winbind.so*
> -rwxr-xr-x   1 root     bin        74744 Apr 21 14:45
> /usr/lib/libnss_winbind.so.1
> lrwxrwxrwx   1 root     other         28 Apr 23 14:30
> /usr/lib/libnss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
> lrwxrwxrwx   1 root     other         28 Apr 23 14:30
> /usr/lib/libnss_winbind.so -> /usr/lib/libnss_winbind.so.1
>
> so that's fine.
>
> i didn't have crle setup correctly since i have build against libraries
> from blastwave and they reside under /opt/csw/lib
>
> so i did:
>
>
> bash-2.03# crle -u -l /usr/lib:/usr/local/lib:/opt/csw/lib
> bash-2.03# crle
>
> Configuration file [version 4]: /var/ld/ld.config
>   Default Library Path (ELF):   /usr/lib:/usr/local/lib:/opt/csw/lib
>   Trusted Directories (ELF):    /usr/lib/secure  (system default)
>
> Command line:
>   crle -c /var/ld/ld.config -l /usr/lib:/usr/local/lib:/opt/csw/lib
>
> and I did change my nsswitch.conf to reflect the shadow entry. Still not
> working without nscd. :( I had no problems under Linux at all but under
> Solaris I'm lost.
>
>
>
> On 4/28/08, Scott Lovenberg <scott.lovenberg at gmail.com> wrote:
> >
> >  Oliver Weinmann wrote:
> >
> >
> >
> > On 4/28/08, Scott Lovenberg <scott.lovenberg at gmail.com> wrote:
> > >
> > > Oliver Weinmann wrote:
> > >
> > > > Dear All,
> > > >
> > > > I came across a really strange behaviour when using winbind on
> > > > solaris 8.
> > > > Normally "nscd" should be turned off because it's causing problems
> > > > in the
> > > > username resolution etc. When I turn it off I can login e.g. using
> > > > ssh as an
> > > > AD users but when i start a command like "ls" it gets put in the
> > > > background
> > > > immediately? When "nscd" is turn on and login again I can issue
> > > > commands
> > > > with no problems, but doing an ls -alrt on a directory gets stuck if
> > > > a file
> > > > is owned by user that is not a AD user.
> > > >
> > > > my /etc/nsswitch.conf
> > > >
> > > >
> > > > #
> > > > # /etc/nsswitch.dns:
> > > > #
> > > > # An example file that could be copied over to /etc/nsswitch.conf;
> > > > it uses
> > > > # DNS for hosts lookups, otherwise it does not use any other naming
> > > > service.
> > > > #
> > > > # "hosts:" and "services:" in this file are used only if the
> > > > # /etc/netconfig file has a "-" for nametoaddr_libs of "inet"
> > > > transports.
> > > >
> > > > passwd: files [NOTFOUND=CONTINUE]       winbind [NOTFOUND=return]
> > > > group:  files [NOTFOUND=CONTINUE]       winbind [NOTFOUND=return]
> > > >
> > > > # You must also set up the /etc/resolv.conf file for DNS name
> > > > # server lookup.  See resolv.conf(4).
> > > > hosts:      files dns
> > > > ipnodes:    files
> > > > # Uncomment the following line and comment out the above to resolve
> > > > # both IPv4 and IPv6 addresses from the ipnodes databases. Note that
> > > > # IPv4 addresses are searched in all of the ipnodes databases before
> > > > # searching the hosts databases. Before turning this option on,
> > > > consult
> > > > # the Network Administration Guide for more details on using IPv6.
> > > > #ipnodes:   files dns
> > > >
> > > > networks:   files
> > > > protocols:  files
> > > > rpc:        files
> > > > ethers:     files
> > > > netmasks:   files
> > > > bootparams: files
> > > > publickey:  files
> > > > # At present there isn't a 'files' backend for netgroup;  the system
> > > > will
> > > > #   figure it out pretty quickly, and won't use netgroups at all.
> > > > netgroup:   files
> > > > automount:  files
> > > > aliases:    files
> > > > services:   files
> > > > sendmailvars:   files
> > > > printers:       user files
> > > >
> > > > auth_attr:  files
> > > > prof_attr:  files
> > > > project:    files
> > > >
> > > >
> > > Can you get the ls to work with numeric uids?  And, I noticed that you
> > > don't have any entries for shadow... you're not using shadow passwords,
> > > right?
> >
> >
> > I have no entry in nsswitch.conf for shadow. I'm mainly using AD users
> > so I didn't add an entry for shadow pw's. I turned off nscd now and logged
> > in as an AD user. The problem is not only when running ls. It happens on
> > many commands:
> >
> > e.g.
> >
> >
> > bash-2.03$ ls -alrt
> >
> > [1]+  Stopped                 ls -alrt
> > bash-2.03$ pwd
> > /home/oweinmann
> > bash-2.03$ grep home /etc/passwd
> >
> > [2]+  Stopped                 grep home /etc/passwd
> > bash-2.03$
> >
> > the commands gets put in the background immidiately. I have no clue why?
> > When i turn nscd back on this works fine:
> >
> > bash-2.03$ ls -alrt
> > total 8
> > -rw-r--r--   1 oweinmann domain users       0 Apr 28 08:57 test1
> > -rw-r--r--   1 oweinmann domain users       0 Apr 28 08:57 test2
> > -rw-r--r--   1 oweinmann domain users       0 Apr 28 08:57 test3
> > -rw-r--r--   1 oweinmann domain users       0 Apr 28 08:57 test4
> >
> > but the command then hangs because it can't lookup the user of a file.
> >
> >
> >
> > And you've got proper library links and all?
> >
> > Chapter 24. Winbind: Use of Domain Accounts<http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html#id431926>
> > <quote>
> > The libraries needed to run the winbindd daemon through nsswitch need to
> > be copied to their proper locations:
> > [...]
> >
> > And, in the case of Sun Solaris:
> >
> > root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1*root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1*root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2*
> >
> >  As root, edit /etc/nsswitch.conf to allow user and group entries to be
> > visible from the winbindd daemon. My /etc/nsswitch.conf file looked like
> > this after editing:
> >
> > passwd:     files winbind
> > shadow:     files
> > group:      files winbind
> >
> > The libraries needed by the winbindd daemon will be automatically
> > entered into the ldconfig cache the next time your system reboots, but
> > it is faster (and you do not need to reboot) if you do it manually:
> >
> > The Sun Solaris dynamic link loader management tool is called crle. The
> > use of this tool is necessary to instruct the dynamic link loader to search
> > directories that contain library files that were not supplied as part of the
> > original operating system platform. The following example shows how to use
> > this tool to add the directory /usr/local/lib to the dynamic link
> > loader's search path:
> >
> > root#  crle -u -l /usr/lib:/usr/local/lib
> >
> > When executed without arguments, crle reports the current dynamic link
> > loader configuration. This is demonstrated here:
> >
> > root#  crle
> >
> > Configuration file [version 4]: /var/ld/ld.config
> >   Default Library Path (ELF):   /lib:/usr/lib:/usr/local/lib
> >   Trusted Directories (ELF):    /lib/secure:/usr/lib/secure  (system default)
> >
> > Command line:
> >   crle -c /var/ld/ld.config -l /lib:/usr/lib:/usr/local/lib
> >
> > From this it is apparent that the /usr/local/lib directory is included
> > in the search dynamic link libraries in order to satisfy object module
> > dependencies.
> > </quote>
> >
> >
>
>


More information about the samba mailing list