So to clarify the customer has a Sun Solaris 10 UNIX machine and a Linux
workstation?
FOR SOLARIS
I had problems with getting nsswitch+winbind working with the samba from
sunfreeware- I had to recompile from scratch (major headache.) In
hindsight this may not have been necessary for winbind- although I had
to recompile anyway for ZFS support.
On solaris, you should have a file called /usr/lib/nss_winbind.so.1 -
which is the nsswitcher winbind library provided by the samba that sun
bundles with solaris 10 (but this is samba 3.0.x and too old to be much
use.)
In /usr/local/samba/lib - do you see an nss_winbind.so.1 file? How
is your PATH and LD_LIBRARY_PATH set- you want to make sure you are
using the /usr/local/samba/bin and /usr/local/samba/lib first.
If you run "truss getent passwd | tee log1.txt" you should see it
looking for nss_winbind.so.1 - ideally it will look in
/usr/local/samba/lib before /usr/lib. If it uses
/usr/lib/nss_winbind.so.1 that will probably NOT work. You may want to
rename that file just to make sure.
On 09/30/2010 10:57 AM, Ben George wrote:
Sun Solaris 10 (under SPARC)
local users in /etc/passwd
samba 3.4.2 from sunfreeware.com <http://sunfreeware.com>
getent passwd
*/ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh
/*like this*/
/*/
/Thanks
Ben.T.George*/
/*
On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal
<[email protected] <mailto:[email protected]>> wrote:
Then it sounds like you need the AD integration. If the user's
also login to the linux workstation directly (or via ssh) then
you will need to configure winbind and nsswitch to support unix
logins.
Why does nsswitch.conf include ldap? Is this the only linux/unix
machine? Are local users in ldap or /etc/passwd?
What version of samba? What version of linux?
Ideally "getent passwd" woudl show something like
ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh
or
SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash
I don't think you need a huge amount of AD experience to make this
work but I think you have to have general understanding of what
WIndows domains are about.
You should also review the smb.conf man page for the section on
idmap_ad.
On 09/30/2010 09:24 AM, Ben George wrote:
Thanks for your replay..
yes my client told me like this that's Y..and the manager gave
that work to newly joined me.. :(
i don't have any AD and core unix experience..i have only
experience in linux.not much
may this project will affect my job.. :(
my nsswitch.conf
*/passwd: files ldap winbind
group: files ldap winbind
hosts: dns files
ipnodes: dns files/*
"*nsswitch+winbind (which I do) or the smb pam module*"..? :(
i don't know..my client's need is he has a linux machine..also a
ADS..from the unix machine, he want to share secure folder's to
the AD user's..so eash user can only access that particular
shared folder..when the password of user changed in AD, that will
affect to the smbpassword...means without changing that
particular user's smb password in the unix machine..
for this need which method is useful..from your experience
"*Does "getent passwd" show the windows users?*"
please check the output ..i think getent password only shows unix
system password
*/bash-3.00# getent passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
svctag:x:95:12:Service Tag UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh/*
"you already have a "unix" ben and a "ADS" ben defined?"
Yes i defined the ben user in Unix and ADS...bcoz i don't have
much knowledge about that sorry
Hope u will help me
Thanks
Ben.T.George
On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal
<[email protected] <mailto:[email protected]>> wrote:
disclaimer: I don't use Samba as an ADS member server. I use
samba as PDC with trusts to an ADS domain. So my
observations may not be valuid.
Did you try updating nsswitch.conf
passwd: files winbind
group: files winbind
If you are using a Windows domain and have a user defined in
the domain, you generally don't want to add the user as a
local user. Since the underlying unix OS needs to know
about the domain users you need to either use
nsswitch+winbind (which I do) or the smb pam module (which I
don't use, and not sure if it really is the correct approach.)
If you use nsswitch.conf+winbind you can then also OPTIONALLY
allow "windows" users "unix" access like ssh. My samba
server is a PDC- I have a domain trust with windows domains
BUT the default shell is "/bin/false." (It is still a
little flaky...)
Does "getent passwd" show the windows users? It should show
something like
ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false
or
SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false
It looks like = you already have a "unix" ben and a "ADS" ben
defined?
"wbinfo -s" and "wbinfo -n" are also useful for making sure
that the name-to-sid and sid-to-name mappings are correct for
domain users.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
