[Samba] Samba 4.1 Member Server and Winbind
Peter Ross
Peter.Ross at alumni.tu-berlin.de
Wed Apr 22 22:13:26 MDT 2015
Hi Andrey and all,
problem solved but part of the mystery remains:
It has to do with the root shell!!
On Thu, 23 Apr 2015, Peter Ross wrote:
>>> for a while I am running a Samba 4.1 AD server under FreeBSD (from the
>>> FreeBSD ports). At thw moment the domain has ca. 20 Windows 7 desktops.
>>
>>> I wanted to add a Samba 4.1 file server as a member server, was able to
>>> joint the domain and see AD users via "winbind -u"
>>
>>> but "getent password" or "id <user>" does not work.
>>
> In nsswitch.conf
>
> passwd: files winbind
> group: files winbind
>
> In auth.log:
>
> 2015-04-23T12:05:31.804932+10:00 filetest1.vv.fda sshd[99725]:
> NSSWITCH(_nsdispatch): winbind, passwd, endpwent, not found, and no fallback
> provided
I found this here googling for the error:
-----------------------------------------
http://freebsd.1045724.n5.nabble.com/NSS-ldap-errors-td5891855.html
I'm trying to implement net/nss-pam-ldapd on 9.2-RELEASE, and hitting
some NSS issues
..
This is related to using bash-static as root's shell . As well as setting
non root users login shell to bash-static .
The "I have no name" user name issue and the the getpwuid* calls failing
have to do with the fact that bash-static can not load some library , but
my memory is lost on the exact library and details . I wasted a bunch of
time on this in 7.2-RELEASE and it took a while to debug this . Using a
standard port of bash or any other shell resolved this for me .
-----------------------------------------
Well, I have my root shell changed to /bin/sh..
Changing the root shell back to /etc/csh works:
$ id pross
uid=10000(pross) gid=10000(domain_users) groups=10000(domain_users)
Both shells are dynamically linked under my FreeBSD-10 system.
$ file /bin/sh
/bin/sh: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD),
dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.1
(1001512), stripped
$ file /bin/csh
/bin/csh: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD),
dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.1
(1001512), stripped
So, it has obviously to do with the shell, shell environment and dynamic
libraries.
I can live with this but.. it would be better not to have it (especially
for others - I am not the first with this problem)
I have to admit I do not understand 100% how the NSS is setup that it
relies on the root shell.
It nearly seems to me that FreeBSD's base system is "to blame" or can the
samba port take care of it so the problem does not occur?
Well, maybe I should have not done the root shell change but it works for
a while by now..
FreeBSD provides a second UID 0 login, toor, maybe I should have used this
for things where I prefer sh. Mainly because of running more complicated
commands (while $foo; do for i in $is; do..) using this shell, and if I
give them as parameters to a remote ssh with a csh it becomes a
nightmare..
Regards
Peter
More information about the samba
mailing list