Folks, Got an odd one here that's had me scratching my head for a few days! Samba 3.3.4-31 from SuSE's RedHat repository, RHEL5 on x86.
Compiled OK once I'd worked out how to force a build on the libraries I needed, I also added the code back in to support the 'winbind: ignore domains' directive in smb.conf. Discovered the hard way that 'make install' doesn't move the libnss* libraries over to /lib :) /etc/nsswitch.conf and /etc/pam.d/system-auth configured for winbind support, smb.conf configured for Active Directory once I worked out which directives were actually in use, there's a lot of conflicting info out there in web-land! Also discovered the hard way that wbinfo -u and -g won't work unless you have 'winbind enumerate users = yes' and 'winbind enumerate groups = yes' in smb.conf. It would be nice if wbinfo says this rather than just exiting! What works: all domain and file sharing, I can connect an XP network drive using my Active Directory username, smbclient authenticates ok, 'net ads' commands are happy. Files created get the correct credentials. What doesn't: getent passwd and getent group (strace shows it's using the wrong directory name for the priveleged winbind pipe) ssh logins using AD username. I get the following logs: /var/log/samba/winbindd.log [2009/06/18 11:18:45, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) /var/log/secure Jun 18 11:18:45 old-fs2 sshd[25696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=fs2.cam.cw.local user=ADuser Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): [pamh: 0x09769350] ENTER: pam_sm_authenticate (flags: 0x0001) Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): getting password (0x00000011) Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): pam_get_item returned a password Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): Verify user 'ADuser' Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): pam_winbind_request: write to socket failed! Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): internal module error (retval = 3, user = 'ADuser') Jun 18 11:18:45 old-fs2 sshd[25696]: pam_winbind(sshd:auth): [pamh: 0x09769350] LEAVE: pam_sm_authenticate returning 3 Jun 18 11:18:47 old-fs2 sshd[25696]: Failed password for ADuser from 10.134.0.102 port 54947 ssh2 Jun 18 11:18:48 old-fs2 sshd[25697]: Connection closed by 10.134.0.102 Obviously the 'write to socket failed' and the error in winbindd.log are directly related, and last time I had an error like that it was because the correct libnss* libraries hadn't been installed. Since file sharing and smbclient can authenticate against AD correctly winbind is obviously working, nothing in the debug level 20 logs to suggest otherwise. pam_winbind is being correctly compiled and linked so I'm currently at a loss. Anyone lucky enough to have seen this before? Cheers! -- -- adrian/witchy Owner of Binary Dinosaurs, the UK's biggest home computer collection? www.binarydinosaurs.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
