[Samba] Solaris 10 winbind authentication with ADS

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Jan 6 15:42:49 MST 2011


I am guessing it also updated samba (unless you had previously patched 
samba.)

Did you try backing up and deleting any TDB files relating to idmap or 
winbind and restarting samba?



On 01/06/2011 03:49 PM, CJ Keist wrote:
> So, no one has a clue here?
>
> ------------------------------
>
> Well,
>      I did smart thing and upgraded my Solaris box to Solaris 10 
> update 9.  And now my winbind authentication has broken.  I have 
> checked all my /usr/lib/*winbind* and /usr/lib/security/*winbind* libs 
> and all are still good from my last install.  /etc/pam.conf, 
> nsswitch.conf are still intact.  wbinfo seems to work fine.  getent 
> passwd username just returns empty.
>
> This is what I'm getting in my /var/samba/log/log.winbindd file:
>
> [2011/01/05 16:04:00.061446,  2] 
> winbindd/winbindd.c:819(winbind_client_request_read)
>   Could not read client request from fd 22: I/O error
>
> Anyone have any ideas what broke?
>
> # ./testparm
> Load smb config files from /opt/local/lib/smb.conf
> rlimit_max: rlimit_max (256) below minimum Windows limit (16384)
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
>         workgroup = DOMAIN
>         realm = DOMAIN.EDU
>         interfaces = eri0
>         security = ADS
>         password server = domain.edu
>         log level = 10 winbind:10
>         log file = /var/samba/log/log.%m
>         max log size = 50
>         load printers = No
>         utmp = Yes
>         idmap backend = rid:DOMAIN=100000-500000
>         idmap uid = 100000-500000
>         idmap gid = 100000-500000
>         template homedir = /home/%U
>         template shell = /bin/tcsh
>         winbind separator = /
>         winbind cache time = 1800
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         create krb5 conf = No
>



More information about the samba mailing list