[Samba] Samba 4.1 Member Server and Winbind
Andrey Repin
anrdaemon at yandex.ru
Thu Apr 23 15:20:49 MDT 2015
Greetings, Peter Ross!
> problem solved but part of the mystery remains:
> It has to do with the root shell!!
Oh? I'm no expert, but I could probably explain it.
If you're using statically linked shell (busybox comes to mind), you are
locked to whatever libs have been linked in at the compile time.
Also re: your previous wonder about library name, it may differ between
distributions. As you predicted, it needs some digging to find the right name,
if it doesn't work OOB.
> On Thu, 23 Apr 2015, Peter Ross wrote:
>>>> for a while I am running a Samba 4.1 AD server under FreeBSD (from the
>>>> FreeBSD ports). At thw moment the domain has ca. 20 Windows 7 desktops.
>>>
>>>> I wanted to add a Samba 4.1 file server as a member server, was able to
>>>> joint the domain and see AD users via "winbind -u"
>>>
>>>> but "getent password" or "id <user>" does not work.
>>>
>> In nsswitch.conf
>>
>> passwd: files winbind
>> group: files winbind
>>
>> In auth.log:
>>
>> 2015-04-23T12:05:31.804932+10:00 filetest1.vv.fda sshd[99725]:
>> NSSWITCH(_nsdispatch): winbind, passwd, endpwent, not found, and no fallback
>> provided
> I found this here googling for the error:
> -----------------------------------------
> http://freebsd.1045724.n5.nabble.com/NSS-ldap-errors-td5891855.html
> I'm trying to implement net/nss-pam-ldapd on 9.2-RELEASE, and hitting
> some NSS issues
> ..
> This is related to using bash-static as root's shell . As well as setting
> non root users login shell to bash-static .
> The "I have no name" user name issue and the the getpwuid* calls failing
> have to do with the fact that bash-static can not load some library , but
> my memory is lost on the exact library and details . I wasted a bunch of
> time on this in 7.2-RELEASE and it took a while to debug this . Using a
> standard port of bash or any other shell resolved this for me .
> -----------------------------------------
> Well, I have my root shell changed to /bin/sh..
> Changing the root shell back to /etc/csh works:
> $ id pross
> uid=10000(pross) gid=10000(domain_users) groups=10000(domain_users)
> Both shells are dynamically linked under my FreeBSD-10 system.
> $ file /bin/sh
> /bin/sh: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD),
> dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.1
> (1001512), stripped
> $ file /bin/csh
> /bin/csh: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD),
> dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.1
> (1001512), stripped
> So, it has obviously to do with the shell, shell environment and dynamic
> libraries.
> I can live with this but.. it would be better not to have it (especially
> for others - I am not the first with this problem)
> I have to admit I do not understand 100% how the NSS is setup that it
> relies on the root shell.
> It nearly seems to me that FreeBSD's base system is "to blame" or can the
> samba port take care of it so the problem does not occur?
> Well, maybe I should have not done the root shell change but it works for
> a while by now..
> FreeBSD provides a second UID 0 login, toor, maybe I should have used this
> for things where I prefer sh. Mainly because of running more complicated
> commands (while $foo; do for i in $is; do..) using this shell, and if I
> give them as parameters to a remote ssh with a csh it becomes a
> nightmare..
--
With best regards,
Andrey Repin
Friday, April 24, 2015 00:18:28
Sorry for my terrible english...
More information about the samba
mailing list