Did I miss something? Is LDAP supposed to replace winbindd in nsswitch.conf? If so, then what I've written below is not right, but read it anyway. Perhaps LDAP is not finding winbindd in it's list of things to query.
My experience is not with HPUX, but I have been able to use "passwd: files winbindd" in /etc/nsswitch.conf on Linux. Perhaps the "not a supported type" problem is because "/lib/libnss_winbindd.so" hasn't been compiled and installed. (Compile it by doing a "make nsswitch" in the top level of samba source. Install it by copying from source/nsswitch to /lib, and running ldconfig.) Once that library is present in the "ldconfig -p" output, then the winbindd keyword in nsswitch.conf should work. That library provides connectivity from the name system to the winbind services which list Windows users and groups, and their assigned ID numbers. getent should work too. I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I don't see how this would be solved with PAM. PAM uses the same service, but is not the solution to the problem. I did all the PAM/winbindd stuff as directed in a HOWTO, only to find out at the end that I don't need PAM unless I want Windows users to be able to telnet, FTP, or use other Unix services which require authentication. Assignment of user IDs is not done through PAM. Obligatory link fest: http://us3.samba.org/samba/ftp/docs/textdocs/Solaris-Winbind-HOWTO.txt http://archives.neohapsis.com/archives/pam-list/2001-10/0038.html http://nic-ks.greatplains.net/samba/winbind.html http://www.samba.org/samba/docs/Samba-HOWTO-Collection.html#WINBIND > -----Original Message----- > From: Richard Sharpe [mailto:[EMAIL PROTECTED]] > Sent: Sunday, January 26, 2003 8:05 PM > To: Miles Roper > Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' > Subject: Re: Winbind on HPUX11, Totally Stuck, Please Help > > > On Mon, 27 Jan 2003, Miles Roper wrote: > > Let me first say that I am no expert on HP-UX, maybe Tim > Potter can help, > now that he works for them. > > > I can do a wbinfo -u and get the user names, and a wbinfo > -g returns the > > groups. I had to specify the password to use first with > > > > wbinfo -A user%password > > > > I also joined the domain sucessfully with > > OK, this looks like winbindd is sort of works ... > > > /etc/nsswitch.conf to > > > > hosts: dns [NOTFOUND=continue UNAVAIL=continue > TRYAGAIN=continue] files > > [ > > passwd: files ldap > > group: files ldap > > > > notice it is ldap, rather than winbind. The reason for > this is, if you set > > it to winbind you get a error about not being a supported > type, ie must be > > nis, ldap or files. > > I think this is where your problem is. ldap is not winbindd. > > It looks like PAM on your version of HP-UX does not handle > arbritrary NSS > shared library stuff. > > Regards > ----- > Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, > sharpe[at]ethereal.com, http://www.richardsharpe.com >
