[Samba] Samba 4.1 Member Server and Winbind

Thu Apr 23 15:20:49 MDT 2015

Greetings, Peter Ross!

> problem solved but part of the mystery remains:

> It has to do with the root shell!!

Oh? I'm no expert, but I could probably explain it.
If you're using statically linked shell (busybox comes to mind), you are
locked to whatever libs have been linked in at the compile time.

Also re: your previous wonder about library name, it may differ between
distributions. As you predicted, it needs some digging to find the right name,
if it doesn't work OOB.

> On Thu, 23 Apr 2015, Peter Ross wrote:

>>>> for a while I am running a Samba 4.1 AD server under FreeBSD (from the
>>>> FreeBSD ports). At thw moment the domain has ca. 20 Windows 7 desktops.
>>> 
>>>> I wanted to add a Samba 4.1 file server as a member server, was able to
>>>> joint the domain and see AD users via "winbind -u"
>>> 
>>>> but "getent password" or "id <user>" does not work.
>>>

>> In nsswitch.conf
>>
>> passwd: files winbind
>> group: files winbind
>>
>> In auth.log:
>>
>> 2015-04-23T12:05:31.804932+10:00 filetest1.vv.fda sshd[99725]: 
>> NSSWITCH(_nsdispatch): winbind, passwd, endpwent, not found, and no fallback 
>> provided

> I found this here googling for the error:
> -----------------------------------------
> http://freebsd.1045724.n5.nabble.com/NSS-ldap-errors-td5891855.html

> I'm trying to implement net/nss-pam-ldapd on 9.2-RELEASE, and hitting 
> some NSS issues
> ..
> This is related to using bash-static as root's shell . As well as setting 
> non root users login shell to bash-static .

> The "I have no name" user name issue and the the getpwuid* calls failing 
> have to do with the fact that bash-static can not load some library , but 
> my memory is lost on the exact library and details . I wasted a bunch of 
> time on this in 7.2-RELEASE and it took a while to debug this .  Using a 
> standard port of bash or any other shell resolved this for me .
> -----------------------------------------

> Well, I have my root shell changed to /bin/sh..

> Changing the root shell back to /etc/csh works:

> $ id pross
> uid=10000(pross) gid=10000(domain_users) groups=10000(domain_users)

> Both shells are dynamically linked under my FreeBSD-10 system.

> $ file /bin/sh
> /bin/sh: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), 
> dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.1 
> (1001512), stripped
> $ file /bin/csh
> /bin/csh: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), 
> dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.1 
> (1001512), stripped

> So, it has obviously to do with the shell, shell environment and dynamic 
> libraries.

> I can live with this but.. it would be better not to have it (especially 
> for others - I am not the first with this problem)

> I have to admit I do not understand 100% how the NSS is setup that it 
> relies on the root shell.

> It nearly seems to me that FreeBSD's base system is "to blame" or can the 
> samba port take care of it so the problem does not occur?

> Well, maybe I should have not done the root shell change but it works for 
> a while by now..

> FreeBSD provides a second UID 0 login, toor, maybe I should have used this 
> for things where I prefer sh. Mainly because of running more complicated 
> commands (while $foo; do for i in $is; do..) using this shell, and if I 
> give them as parameters to a remote ssh with a csh it becomes a 
> nightmare..

-- 
With best regards,
Andrey Repin
Friday, April 24, 2015 00:18:28

Sorry for my terrible english...