[Samba] Samba 4.1 Member Server and Winbind

Wed Apr 22 22:13:26 MDT 2015

Hi Andrey and all,

problem solved but part of the mystery remains:

It has to do with the root shell!!

On Thu, 23 Apr 2015, Peter Ross wrote:

>>> for a while I am running a Samba 4.1 AD server under FreeBSD (from the
>>> FreeBSD ports). At thw moment the domain has ca. 20 Windows 7 desktops.
>> 
>>> I wanted to add a Samba 4.1 file server as a member server, was able to
>>> joint the domain and see AD users via "winbind -u"
>> 
>>> but "getent password" or "id <user>" does not work.
>>

> In nsswitch.conf
>
> passwd: files winbind
> group: files winbind
>
> In auth.log:
>
> 2015-04-23T12:05:31.804932+10:00 filetest1.vv.fda sshd[99725]: 
> NSSWITCH(_nsdispatch): winbind, passwd, endpwent, not found, and no fallback 
> provided

I found this here googling for the error:
-----------------------------------------
http://freebsd.1045724.n5.nabble.com/NSS-ldap-errors-td5891855.html

I'm trying to implement net/nss-pam-ldapd on 9.2-RELEASE, and hitting 
some NSS issues
..
This is related to using bash-static as root's shell . As well as setting 
non root users login shell to bash-static .

The "I have no name" user name issue and the the getpwuid* calls failing 
have to do with the fact that bash-static can not load some library , but 
my memory is lost on the exact library and details . I wasted a bunch of 
time on this in 7.2-RELEASE and it took a while to debug this .  Using a 
standard port of bash or any other shell resolved this for me .
-----------------------------------------

Well, I have my root shell changed to /bin/sh..

Changing the root shell back to /etc/csh works:

$ id pross
uid=10000(pross) gid=10000(domain_users) groups=10000(domain_users)

Both shells are dynamically linked under my FreeBSD-10 system.

$ file /bin/sh
/bin/sh: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), 
dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.1 
(1001512), stripped
$ file /bin/csh
/bin/csh: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), 
dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.1 
(1001512), stripped

So, it has obviously to do with the shell, shell environment and dynamic 
libraries.

I can live with this but.. it would be better not to have it (especially 
for others - I am not the first with this problem)

I have to admit I do not understand 100% how the NSS is setup that it 
relies on the root shell.

It nearly seems to me that FreeBSD's base system is "to blame" or can the 
samba port take care of it so the problem does not occur?

Well, maybe I should have not done the root shell change but it works for 
a while by now..

FreeBSD provides a second UID 0 login, toor, maybe I should have used this 
for things where I prefer sh. Mainly because of running more complicated 
commands (while $foo; do for i in $is; do..) using this shell, and if I 
give them as parameters to a remote ssh with a csh it becomes a 
nightmare..

Regards
Peter