I will try to get hands on the latest patches for solaris 8 and see if that
fixes the nscd problems. I can't believe that samba-winbind is not running
100% well on a Solaris 8 machine.
On 4/28/08, Oliver Weinmann [EMAIL PROTECTED] wrote:
Just for fun i changed the perms of
which output gives ldd -r /usr/lib/nss_winbind.so ?
I have the following naming and permission for nss_winbind:
lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so -
nss_winbind.so.1
-rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1
Please try with the
Please try to login (or su) to the user oweinmann and issue then ldd -r
/usr/lib/nss_winbind.so
For some reason I think that non root users are not able to read one of
the involved files.
This could be
/etc/nsswitch.conf
/usr/lib/nss_winbind.so
or some of the files found by the ldd
su to user oweinmann works but when i ussie the ldd -r
/usr/lib/nss_winbind.so command it gets put in the background.. :( i then do
fg 2 and this is the output:
bash-2.03$ ldd -r /usr/lib/nss_winbind.so
[2]+ Stopped ldd -r /usr/lib/nss_winbind.so
bash-2.03$ fg 2
ldd -r
Are there any messages in /var/adm/messages which are related to nss ?
As I can see you are using bash as your shell.
Try using csh. Does something change?
Oliver Weinmann schrieb:
su to user oweinmann works but when i ussie the ldd -r
/usr/lib/nss_winbind.so command it gets put in the
Hi,
no, there was nothing in /var/adm/messages, but guess what with the csh ls
-alrt and such commands work fine... But i get kicked out of the ssh session
after 2 minutes... :(
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
Are there any messages in /var/adm/messages which are
So there must be something in your bash init files, /etc/profile or
~/.bashrc (sorry I'm not a bash user) which causes the problem.
Maybe something which forms the shell prompt like whoami etc.
Maybe there is something like a autologout set for the csh or in sshd
with idle session timeout.
there is nothing in /etc/profile and the user oweinmann has no .bashrc. The
problem seems to be related to nscd. When nscd is turned on i can login and
issue commands and I don't get kicked out of the ssh login. There is no idle
session timeout set. If there was I would get kicked out when nscd is
Could the problem be that the AD users are not in any of the local groups on
the machine? How do you manage your AD users to be members of local groups
e.g. staff, sys etc.? pam_groups?
On 4/29/08, Oliver Weinmann [EMAIL PROTECTED] wrote:
there is nothing in /etc/profile and the user oweinmann
We have several installations where we use the two different AD schema
extensions (SFU from Windows Services for Unix and rfc2307bis from
Windows Server 2003R2) to put the needed information in.
We are using the idmap_ad module to map the uid, gid, home etc.
information from the AD.
The
Here could be a problem. I could not change our win 2k3 schema. They were
afraid it could break something... tsss. So i had to use the idmap_rid
module. Which does a good job actually. It uses the last portion of the AD
users SID and adds it to a base set in smb.conf. I issued your commands:
Which samba version do you use?
Please post the global configuration section of smb.conf.
Oliver Weinmann schrieb:
Here could be a problem. I could not change our win 2k3 schema. They
were afraid it could break something... tsss. So i had to use the
idmap_rid module. Which does a good job
It's the latest stable.
# smbd -V
Version 3.0.28a
[global]
netbios name = rose8
realm = VEGAGROUP.NET
workgroup = VEGA
security = ADS
encrypt passwords = yes
password server = *
os level = 20
socket options = TCP_NODELAY
Please try to set combinations of
winbind enum groups = No
and test again.
This could be the reason why getent groups never ends. This is known to
be a problem with big AD user/groups databases.
Have a look at this and related paramters in samba installation
I wonder why oweinmann is member of the group staff. Maybe there is an
entry for oweinmann in /etc/passwd?
So I'm running out of ideas :-( Mabye someone out there can take over.
Good luck and report back what you have found.
Oliver Weinmann schrieb:
I changed both groups and users to no.
Yes, i added him to that group to see if that makes any difference. Thanks
for all your help. And I will let you know, when I found out what the
problem is.
Best Regards,
Oliver
On 4/29/08, Dietrich Streifert [EMAIL PROTECTED] wrote:
I wonder why oweinmann is member of the group staff. Maybe
Dear All,
I came across a really strange behaviour when using winbind on solaris 8.
Normally nscd should be turned off because it's causing problems in the
username resolution etc. When I turn it off I can login e.g. using ssh as an
AD users but when i start a command like ls it gets put in the
Oliver Weinmann wrote:
Dear All,
I came across a really strange behaviour when using winbind on solaris 8.
Normally nscd should be turned off because it's causing problems in the
username resolution etc. When I turn it off I can login e.g. using ssh as an
AD users but when i start a command
forgot to mention that the nss_winbind links are there:
bash-2.03# ls -alrt /usr/lib/nss_w*
lrwxrwxrwx 1 root other 28 Apr 23 14:30
/usr/lib/nss_winbind.so.2 - /usr/lib/libnss_winbind.so.1
lrwxrwxrwx 1 root other 28 Apr 23 14:30
/usr/lib/nss_winbind.so.1 -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oliver Weinmann wrote:
| forgot to mention that the nss_winbind links are there:
|
| bash-2.03# ls -alrt /usr/lib/nss_w*
| lrwxrwxrwx 1 root other 28 Apr 23 14:30
| /usr/lib/nss_winbind.so.2 - /usr/lib/libnss_winbind.so.1
| lrwxrwxrwx
Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777
bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
-rwxrwxrwx 1 root other 74744 Apr 28 13:32
/usr/lib/libnss_winbind.so
nscd is turned off. I can login as an AD users but
21 matches
Mail list logo
