Hi all, sorry but I am not familiar in programming.
Maybe someone else could do that. The patch I have referenced did not job at least to samba 2.2.4 Best Regards Roman > -----Urspr�ngliche Nachricht----- > Von: Mike Gerdts [SMTP:[EMAIL PROTECTED]] > Gesendet am: Donnerstag, 27. Juni 2002 15:11 > An: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; Samba Technical Mailing List > Betreff: Re: AW: Winbind authenticatition of user accessing a share > with encry pted password. > > I have not yet had the time to finish up the patch that is referred to > below. If anyone else wants to move it forward, I would be more than > happy. In addition to the patches at > http://www.cae.wisc.edu/~gerdts/samba/ I have a private CVS repository > that I would happily tar up and send to anyone that would put it up on a > public CVS server. > > A "todo list" of sorts can be found at > http://lists.samba.org/pipermail/samba-technical/2002-May/036877.html > > Mike > > On Thu, 2002-06-27 at 08:31, [EMAIL PROTECTED] wrote: > > Hi, > > > > I have not installed samba until 2.2.5 now. > > > > But there is a bug in the winbindd code which has been fixed by Mike > Gerdts, > > see attached e-mail. > > I assumed that this patch, wich works for me on samba 2.2.4 solaris 2.6, > has > > been added to the 2.2.5 release. > > > > Obviously not. > > > > <<Re: Samba, winbind, solaris and your patch>> > > > > Could you please give me feedback if this works for you an 2.2.5 also. > > > > Best Regards > > > > Roman > > > > > -----Urspr�ngliche Nachricht----- > > > Von: Allan Nielsen [SMTP:[EMAIL PROTECTED]] > > > Gesendet am: Donnerstag, 27. Juni 2002 09:53 > > > An: [EMAIL PROTECTED] > > > Betreff: Winbind authenticatition of user accessing a share with > > > encrypted password. > > > > > > Hi > > > > > > In relation to your posted message I have exactly the same problem on > > > samba > > > 2.2.5. > > > Flags used are --with-winbind --with-winbind-auth-challenge > > > --with-acl-support. > > > After including --with-winbind-auth-challenge it is possible to get > > > authentication with encrypted passwords from wbinfo -a user%password > but > > > when accessing a share as this user he is mapped to nobody. > > > > > > Did you succeed to solve your problem? > > > > > > I'm using samba now for 6-7 years starting with samba 1.9.18. > > > > > > I have 6 machines running samba v2.0.7 under linux and solaris > > > I have upgraded one of the solaris machines to samba 2.2.3a including > > > acl-support and winbind. > > > > > > I live in a win2k forest, so my domain has a trust relationship with > an > > > other win2k domain. > > > My domain controllers are in mixed mode. > > > > > > In order to get winbindd and nsswitch up and running I had to adjust > the > > > Makefile as follows: > > > > > > nsswitch/libnss_winbind.so: $(WINBIND_NSS_PICOBJS) > > > @echo "Linking $@" > > > @$(SHLD) -h $@ -G -o $@ $(WINBIND_NSS_PICOBJS) $(LIBS) > > > > > > I added the $(LIBS) to the linker-line, without that I had errors when > > > doing > > > a 'ls -l' for a file which was owned by a DOMAIN+domuser account. > > > > > > Furthermore I had to copy the nsswitch/libnss_winbind.so as > nss_winbind.so > > > to /lib > > > After configuring nsswitch.conf I can successfully do: > > > > > > wbinfo -u > > > wbinfo -g > > > getent passwd > > > getent group > > > > > > From a NT4 or win2k-box I can modify acl an the samba-share as long as > I > > > use > > > a useraccount which is not authenticated by winbind. > > > > > > when I use: > > > wbinfo -a domain\\domuser%password (my winbind separator is '\') > > > > > > I'll get error: > > > > > > plaintext password authentication succeeded > > > challenge/response password authentication failed > > > Could not authenticate user domain\domuser%password with > > > challenge/response > > > > > > Although encrypted passwords are enabled in smb.conf > > > > > > I can do a > > > > > > su - domain\\domuser%password > > > > > > on unix level > > > > > > When I do a smbclient //server/share -U domain\\domuser%password > > > > > > I'll get error: > > > > > > Domain=[DOMAIN] OS=[Unix] Server=[Samba 2.2.3a] > > > tree connect failed: NT_STATUS_WRONG_PASSWORD > > > > > > I can not connect to that server using a winbind authenticated > useraccount > > > from neither NT4sp6 nor win2ksp2. > > > > > > In any case I can see in the winbindd-log that the demon is > enumerating > > > SID's to GID's and UID's, but it states that the password are not > > > encrypted. > > > > > > I was reading through the docs and mailings for the last two days, but > I > > > did > > > not get the proper advice in how to get it up and running. > > > > > > Can anybody help > > > > > > Best Regards > > > > > > Roman > > > > > > Med venlig hilsen / With kind Regards > > > > > > Allan Nielsen > > > Advisory IT-Specialist > > > > > > IBM Danmark A/S - Sortemosevej 21 - 3450 Aller�d - Phone: > 4523 > > > 9595 - Mobil: 23325107 - Fax: 4523 6803 - E-mail: > > > [EMAIL PROTECTED] > > > > > ---- > > > > > From: [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > > Subject: Re: Samba, winbind, solaris and your patch > > Date: 13 May 2002 19:59:46 +0200 > > > > On Mon, 2002-05-13 at 11:20, [EMAIL PROTECTED] wrote: > > > Hello Mike, > > > > > > I was veerrryyy interested in your work when I first saw your posting > > > concerning winbind and the related problems when running it on more > than > > one > > > machine. > > > > Glad to hear it. I was begininning to think that I was the only one > > looking for this functionality. > > > > > I therefore immediately downloaded your patch and enhancements to > winbind > > > and applied it to samba 2.2.4. > > > > > > But when starting winbindd I get error messages in the log.winbindd > > stating > > > that the loader ld.so.1 can not find the symbol main in idmap_file.so. > > > > Hmmmm... not sure about that. Could you send me the version that you > > compiled so that I can compare it against the one that works for me? > > Also, please include any modifications that you did to the makefile to > > get it to compile. > > > > > Any idea what could be wrong? > > > > Perhaps a different compiler and/or linker contributed to the problems. > > I am using gcc 2.95.2 on Solaris 8. > > > > > My configuration is as follows: > > > > > > Solaris 2.6 > > > Samba 2.2.4 > > > gcc et al 2.95.3 > > > > > > > > > Besides the problem that winbindd, without your patch, causes trouble > in > > an > > > multi-machine environment I face the following problem, with and > without > > > your patch, as well: > > > > > > - winbindd is running > > > - wbinfo -u --> shows all domain users > > > - wbinfo -g --> shows all domain groups > > > - getent passwd --> shows all, local and domain, users > > > - getent group --> shows all, local and domain, groups > > > - getent passwd domain+domuser --> shows passwd entry for specified > domain > > > user > > > - wbinfo -a domain+domuser%passwd --> both authentication methods > succeed > > > - when install pam_winbind --> login to solaris as domain+domuser and > > > domain-passwd works > > > > > > BUT > > > > > > connecting from an windows-box in explorer to a share on that > > > winbind-machine is not working. > > > I tried to track it down and I think I found out that when winbind > tries > > to > > > call the solaris function 'getpwnam' that function returns a > null-pointer. > > > > This is likely the bug related to the passwd structure on Solaris having > > pw_age and pw_comment fields. See > > http://lists.samba.org/pipermail/samba-technical/2002-May/036614.html > > for details. If you didn't remove that part from my patch, you should > > be protected from this bug. You may want to take a look at > > source/lib/system.c. In wsys_getpwnam() there is another function that > > copies the passwd structure (wsys_getpwnam). It looks as though it is > > not called by anything, but perhaps I am missing some funky macro or > > define that comes out of configure somewhere. > > > > If there is another problem, I am not sure where exactly it would be > > at. The bug I found was quite difficult to find until I recompiled nscd > > with debugging symbols. Unfortunately, that is not an option for most > > people, especially with Solaris 2.6. AFAIK, Sun only gave the Solaris > > 2.5.1, 2.6, and 7 code to univerisities. The only Sun source that I > > have access to for debugging things like this is Solaris 8. > > > > > I assume from your postings that you are familiar with c, solaris and > have > > a > > > running winbind environment. > > > > I have tried minimal functionality of winbindd. I do not want to use > > the winbind PAM module because UNIX users should authenticate against > > NIS. getent passwd <domain\\user> and getent passwd <uid> work just > > fine. Exporer on NT4 and Win2k is able to create files and display ACLs > > consistent with what I expect, given the U/GIDs assigned by winbindd. > > ls and getfacl concur with the results that Windows explorer show. > > Also, I explorer on Windows 98 is able to create directories just fine > > (that is all I tried from 98). > > > > > Any idea what causes that problem, when I posted this problem to the > > > samba-technical mailing list no one was responding except some other > > usesrs > > > facing the same problem. > > > > > > Can you contribute in any matter to this problems? > > > > > > Would be veeerrryyyy helpful. > > > > > > Thanks in advance and best regards > > > > > > Roman > > > > If you don't have a reason for not Cc'ing the list, please do so in the > > future so that others can benefit from your question and my response. > > It helps the samba team know that there is more than one person that > > would like this functionality and they are more likely to include it in > > future releases. > > > > Please let me know if this does or does not help. > > Mike >
