[Samba] Strange behaviour of winbind on solaris 8
Oliver Weinmann
oliver.weinmann at googlemail.com
Tue Apr 29 10:57:29 GMT 2008
Could the problem be that the AD users are not in any of the local groups on
the machine? How do you manage your AD users to be members of local groups
e.g. staff, sys etc.? pam_groups?
On 4/29/08, Oliver Weinmann <oliver.weinmann at googlemail.com> wrote:
>
> there is nothing in /etc/profile and the user oweinmann has no .bashrc.
> The problem seems to be related to nscd. When nscd is turned on i can login
> and issue commands and I don't get kicked out of the ssh login. There is no
> idle session timeout set. If there was I would get kicked out when nscd is
> turned on as well. Only when logged in as an AD user I get kicked out...
>
> On 4/29/08, Dietrich Streifert <dietrich.streifert at visionet.de> wrote:
> >
> > So there must be something in your bash init files, /etc/profile or
> > ~/.bashrc (sorry I'm not a bash user) which causes the problem.
> >
> > Maybe something which forms the shell prompt like whoami etc.
> >
> > Maybe there is something like a autologout set for the csh or in sshd
> > with idle session timeout.
> >
> >
> > Oliver Weinmann schrieb:
> >
> > Hi,
> >
> > no, there was nothing in /var/adm/messages, but guess what with the csh
> > ls -alrt and such commands work fine... But i get kicked out of the ssh
> > session after 2 minutes... :(
> >
> >
> > On 4/29/08, Dietrich Streifert <dietrich.streifert at visionet.de> wrote:
> > >
> > > Are there any messages in /var/adm/messages which are related to nss ?
> > >
> > > As I can see you are using bash as your shell.
> > >
> > > Try using csh. Does something change?
> > >
> > > Oliver Weinmann schrieb:
> > >
> > > su to user oweinmann works but when i ussie the ldd -r
> > > /usr/lib/nss_winbind.so command it gets put in the background.. :( i then do
> > > fg 2 and this is the output:
> > >
> > > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
> > >
> > > [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
> > > bash-2.03$ fg 2
> > > ldd -r /usr/lib/nss_winbind.so
> > > libthread.so.1 => /usr/lib/libthread.so.1
> > > libsocket.so.1 => /usr/lib/libsocket.so.1
> > > libdl.so.1 => /usr/lib/libdl.so.1
> > > libc.so.1 => /usr/lib/libc.so.1
> > > libnsl.so.1 => /usr/lib/libnsl.so.1
> > > libmp.so.2 => /usr/lib/libmp.so.2
> > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
> > >
> > > bash-2.03$ ls -alrt /etc/nsswitch.conf
> > >
> > > [2]+ Stopped ls -alrt /etc/nsswitch.conf
> > > bash-2.03$ fg 2
> > > ls -alrt /etc/nsswitch.conf
> > > -rw-r--r-- 1 root sys 1320 Apr 28 13:19
> > > /etc/nsswitch.conf
> > >
> > >
> > >
> > >
> > >
> > > On 4/29/08, Dietrich Streifert <dietrich.streifert at visionet.de> wrote:
> > > >
> > > > Please try to login (or su) to the user oweinmann and issue then ldd
> > > > -r /usr/lib/nss_winbind.so
> > > >
> > > > For some reason I think that non root users are not able to read one
> > > > of the involved files.
> > > >
> > > > This could be
> > > >
> > > > /etc/nsswitch.conf
> > > > /usr/lib/nss_winbind.so
> > > >
> > > > or some of the files found by the ldd -r command. The fact that you
> > > > can issue commands while nscd is running points to this fact becaus nscd is
> > > > running as root and has permissions to read all of those files.
> > > >
> > > > /etc/nsswitch.conf should be readable by everyone.
> > > >
> > > > I compiled samba myself with a full stack of openssl, iconv, heimdal
> > > > kerberos, cyrus-sasl, openldap and samba. While people often speak of the
> > > > Windows DLL hell this is the Solaris shared library hell :-( But it works.
> > > >
> > > >
> > > >
> > > > Oliver Weinmann schrieb:
> > > >
> > > > Hi,
> > > >
> > > > bash-2.03# ldd -r /usr/lib/nss_winbind.so
> > > > libthread.so.1 => /usr/lib/libthread.so.1
> > > > libsocket.so.1 => /usr/lib/libsocket.so.1
> > > > libdl.so.1 => /usr/lib/libdl.so.1
> > > > libc.so.1 => /usr/lib/libc.so.1
> > > > libnsl.so.1 => /usr/lib/libnsl.so.1
> > > > libmp.so.2 => /usr/lib/libmp.so.2
> > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
> > > >
> > > > I changed the permissions and files exactly to be the same but i
> > > > still cant issue commands... :(
> > > >
> > > > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
> > > > -rwxr-xr-x 1 root other 74744 Apr 29 09:03
> > > > /usr/lib/nss_winbind.so.1
> > > > lrwxrwxrwx 1 root other 25 Apr 29 09:04
> > > > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
> > > >
> > > > Could this also be a problem of a compiling? Have you compiled the
> > > > samba yourself or are you using prebuilt packages?
> > > >
> > > > On 4/29/08, Dietrich Streifert <dietrich.streifert at visionet.de>
> > > > wrote:
> > > > >
> > > > > which output gives ldd -r /usr/lib/nss_winbind.so ?
> > > > >
> > > > > I have the following naming and permission for nss_winbind:
> > > > >
> > > > > lrwxrwxrwx 1 root other 16 Jan 15 2004
> > > > > nss_winbind.so -> nss_winbind.so.1
> > > > > -rwxr-xr-x 1 root other 44540 Apr 28 17:35
> > > > > nss_winbind.so.1
> > > > >
> > > > > Please try with the exactly same naming and permissions of your
> > > > > files.
> > > > >
> > > > >
> > > > >
> > > > > Oliver Weinmann schrieb:
> > > > >
> > > > > > I will try to get hands on the latest patches for solaris 8 and
> > > > > > see if that
> > > > > > fixes the nscd problems. I can't believe that samba-winbind is
> > > > > > not running
> > > > > > 100% well on a Solaris 8 machine.
> > > > > >
> > > > > >
> > > > > > On 4/28/08, Oliver Weinmann <oliver.weinmann at googlemail.com>
> > > > > > wrote:
> > > > > >
> > > > > >
> > > > > > > Just for fun i changed the perms of /usr/lib/libnss_winbind.so
> > > > > > > to 777
> > > > > > >
> > > > > > > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
> > > > > > > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
> > > > > > > -rwxrwxrwx 1 root other 74744 Apr 28 13:32
> > > > > > > /usr/lib/libnss_winbind.so
> > > > > > >
> > > > > > > nscd is turned off. I can login as an AD users but I cant
> > > > > > > start any
> > > > > > > command. :(
> > > > > > >
> > > > > > >
> > > > > > > login as: oweinmann
> > > > > > > Using keyboard-interactive authentication.
> > > > > > > Password:
> > > > > > > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
> > > > > > > bash-2.03$ ls -alrt
> > > > > > >
> > > > > > > [1]+ Stopped ls -alrt
> > > > > > > bash-2.03$ id
> > > > > > >
> > > > > > > [2]+ Stopped id
> > > > > > > bash-2.03$ group
> > > > > > >
> > > > > > > [3]+ Stopped group
> > > > > > > bash-2.03$ echo "TEST"
> > > > > > > TEST
> > > > > > > bash-2.03$
> > > > > > > Some commands are working and some others are put in
> > > > > > > background and the
> > > > > > > session closes after one or two minutes?
> > > > > > >
> > > > > > > When I turn on nscd everything is fine, except ls -alrt not
> > > > > > > working.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On 4/28/08, Gerald (Jerry) Carter <jerry at samba.org> wrote:
> > > > > > >
> > > > > > >
> > > > > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > > > > > Hash: SHA1
> > > > > > > >
> > > > > > > > Oliver Weinmann wrote:
> > > > > > > > | forgot to mention that the nss_winbind links are there:
> > > > > > > > |
> > > > > > > > | bash-2.03# ls -alrt /usr/lib/nss_w*
> > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
> > > > > > > > | /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
> > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
> > > > > > > > | /usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
> > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
> > > > > > > > | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1
> > > > > > > >
> > > > > > > > Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
> > > > > > > > like it might be rwx for root only.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > cheers, jerry
> > > > > > > > - --
> > > > > > > >
> > > > > > > > =====================================================================
> > > > > > > > Samba -------
> > > > > > > > http://www.samba.org
> > > > > > > > Likewise Software ---------
> > > > > > > > http://www.likewisesoftware.com
> > > > > > > > "What man is a man who does not make the world better?"
> > > > > > > > --Balian
> > > > > > > > -----BEGIN PGP SIGNATURE-----
> > > > > > > > Version: GnuPG v1.4.2.2 (Darwin)
> > > > > > > > Comment: Using GnuPG with Mozilla -
> > > > > > > > http://enigmail.mozdev.org
> > > > > > > >
> > > > > > > >
> > > > > > > > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnYWVRtqmcwCg293J
> > > > > > > > 0OxWwTr/wJPDW67YmZCAfQo=
> > > > > > > > =6S2v
> > > > > > > > -----END PGP SIGNATURE-----
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > --
> > > > > Mit freundlichen Grüßen
> > > > > Dietrich Streifert
> > > > > --
> > > > > Visionet GmbH
> > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
> > > > > Registergericht: Handelsregister Fürth, HRB 6573
> > > > > Geschäftsführer: Stefan Lindner
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > --
> > > > Mit freundlichen Grüßen
> > > > Dietrich Streifert
> > > > --
> > > > Visionet GmbH
> > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
> > > > Registergericht: Handelsregister Fürth, HRB 6573
> > > > Geschäftsführer: Stefan Lindner
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > > --
> > > Mit freundlichen Grüßen
> > > Dietrich Streifert
> > > --
> > > Visionet GmbH
> > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
> > > Registergericht: Handelsregister Fürth, HRB 6573
> > > Geschäftsführer: Stefan Lindner
> > >
> > >
> > >
> > >
> > >
> >
> > --
> > Mit freundlichen Grüßen
> > Dietrich Streifert
> > --
> > Visionet GmbH
> > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
> > Registergericht: Handelsregister Fürth, HRB 6573
> > Geschäftsführer: Stefan Lindner
> >
> >
> >
> >
>
More information about the samba
mailing list