yes client has Solaris and a windows xp machine under the AD domain yes i exported the paths to the newly installed /usr/local/samba/lib
me using the new packahes and disabled the default packages On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal <[email protected]>wrote: > So to clarify the customer has a Sun Solaris 10 UNIX machine and a Linux > workstation? > > FOR SOLARIS > > I had problems with getting nsswitch+winbind working with the samba from > sunfreeware- I had to recompile from scratch (major headache.) In > hindsight this may not have been necessary for winbind- although I had to > recompile anyway for ZFS support. > > On solaris, you should have a file called /usr/lib/nss_winbind.so.1 - > which is the nsswitcher winbind library provided by the samba that sun > bundles with solaris 10 (but this is samba 3.0.x and too old to be much > use.) > > In /usr/local/samba/lib - do you see an nss_winbind.so.1 file? How is > your PATH and LD_LIBRARY_PATH set- you want to make sure you are using the > /usr/local/samba/bin and /usr/local/samba/lib first. > > If you run "truss getent passwd | tee log1.txt" you should see it looking > for nss_winbind.so.1 - ideally it will look in /usr/local/samba/lib before > /usr/lib. If it uses /usr/lib/nss_winbind.so.1 that will probably NOT > work. You may want to rename that file just to make sure. > > > > > > > On 09/30/2010 10:57 AM, Ben George wrote: > > > Sun Solaris 10 (under SPARC) > > local users in /etc/passwd > > samba 3.4.2 from sunfreeware.com > > > getent passwd > > *ramana:x:100:1::/export/home/ramana:/bin/sh > teju:x:101:1::/export/home/teju:/bin/sh > user1:x:102:1::/export/home/user1:/bin/sh > ben:x:103:1::/home/ben:/bin/sh > > *like this* > > ** > *Thanks > Ben.T.George* > * > > > > > On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal < > [email protected]> wrote: > >> Then it sounds like you need the AD integration. If the user's also login >> to the linux workstation directly (or via ssh) then you will need to >> configure winbind and nsswitch to support unix logins. >> >> Why does nsswitch.conf include ldap? Is this the only linux/unix >> machine? Are local users in ldap or /etc/passwd? >> >> What version of samba? What version of linux? >> >> Ideally "getent passwd" woudl show something like >> >> >> >> ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh >> >> or >> >> SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash >> >> >> >> I don't think you need a huge amount of AD experience to make this work >> but I think you have to have general understanding of what WIndows domains >> are about. >> >> You should also review the smb.conf man page for the section on idmap_ad. >> >> >> >> >> >> >> On 09/30/2010 09:24 AM, Ben George wrote: >> >> >> >> Thanks for your replay.. >> >> yes my client told me like this that's Y..and the manager gave that work >> to newly joined me.. :( >> >> i don't have any AD and core unix experience..i have only experience in >> linux.not much >> >> may this project will affect my job.. :( >> >> my nsswitch.conf >> >> *passwd: files ldap winbind >> group: files ldap winbind >> hosts: dns files >> ipnodes: dns files* >> >> >> "*nsswitch+winbind (which I do) or the smb pam module*"..? :( >> >> i don't know..my client's need is he has a linux machine..also a >> ADS..from the unix machine, he want to share secure folder's to the AD >> user's..so eash user can only access that particular shared folder..when the >> password of user changed in AD, that will affect to the smbpassword...means >> without changing that particular user's smb password in the unix machine.. >> >> for this need which method is useful..from your experience >> >> "*Does "getent passwd" show the windows users?*" >> >> please check the output ..i think getent password only shows unix system >> password >> >> *bash-3.00# getent passwd >> root:x:0:0:Super-User:/:/sbin/sh >> daemon:x:1:1::/: >> bin:x:2:2::/usr/bin: >> sys:x:3:3::/: >> adm:x:4:4:Admin:/var/adm: >> lp:x:71:8:Line Printer Admin:/usr/spool/lp: >> uucp:x:5:5:uucp Admin:/usr/lib/uucp: >> nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico >> smmsp:x:25:25:SendMail Message Submission Program:/: >> listen:x:37:4:Network Admin:/usr/net/nls: >> gdm:x:50:50:GDM Reserved UID:/: >> webservd:x:80:80:WebServer Reserved UID:/: >> postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh >> svctag:x:95:12:Service Tag UID:/: >> nobody:x:60001:60001:NFS Anonymous Access User:/: >> noaccess:x:60002:60002:No Access User:/: >> nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: >> ramana:x:100:1::/export/home/ramana:/bin/sh >> teju:x:101:1::/export/home/teju:/bin/sh >> user1:x:102:1::/export/home/user1:/bin/sh >> ben:x:103:1::/home/ben:/bin/sh* >> >> >> "you already have a "unix" ben and a "ADS" ben defined?" >> >> Yes i defined the ben user in Unix and ADS...bcoz i don't have much >> knowledge about that sorry >> >> Hope u will help me >> Thanks >> Ben.T.George >> >> >> On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal < >> [email protected]> wrote: >> >>> >>> disclaimer: I don't use Samba as an ADS member server. I use samba as >>> PDC with trusts to an ADS domain. So my observations may not be valuid. >>> >>> Did you try updating nsswitch.conf >>> >>> >>> passwd: files winbind >>> group: files winbind >>> >>> >>> If you are using a Windows domain and have a user defined in the domain, >>> you generally don't want to add the user as a local user. Since the >>> underlying unix OS needs to know about the domain users you need to either >>> use nsswitch+winbind (which I do) or the smb pam module (which I don't use, >>> and not sure if it really is the correct approach.) >>> >>> If you use nsswitch.conf+winbind you can then also OPTIONALLY allow >>> "windows" users "unix" access like ssh. My samba server is a PDC- I have >>> a domain trust with windows domains BUT the default shell is "/bin/false." >>> (It is still a little flaky...) >>> >>> Does "getent passwd" show the windows users? It should show something >>> like >>> >>> ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false >>> >>> or >>> >>> SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false >>> >>> >>> >>> It looks like = you already have a "unix" ben and a "ADS" ben defined? >>> >>> "wbinfo -s" and "wbinfo -n" are also useful for making sure that the >>> name-to-sid and sid-to-name mappings are correct for domain users. >>> >> >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
