Hi
Please clarify the following
- Did you run "truss getent passwd" command and look for lines with
nss_winbind- just in case it is looking for a file with a different
version.
- Why does nsswitch.conf have ldap references- are you using ldap?
You should also look through the samba logs- it may provide some
information.
On 09/30/2010 12:14 PM, Ben George wrote:
yes client has Solaris and a windows xp machine under the AD domain
yes i exported the paths to the newly installed /usr/local/samba/lib
me using the new packahes and disabled the default packages
On Thu, Sep 30, 2010 at 6:16 PM, Gaiseric Vandal
<[email protected] <mailto:[email protected]>> wrote:
So to clarify the customer has a Sun Solaris 10 UNIX machine and a
Linux workstation?
FOR SOLARIS
I had problems with getting nsswitch+winbind working with the
samba from sunfreeware- I had to recompile from scratch (major
headache.) In hindsight this may not have been necessary for
winbind- although I had to recompile anyway for ZFS support.
On solaris, you should have a file called
/usr/lib/nss_winbind.so.1 - which is the nsswitcher winbind
library provided by the samba that sun bundles with solaris 10
(but this is samba 3.0.x and too old to be much use.)
In /usr/local/samba/lib - do you see an nss_winbind.so.1 file?
How is your PATH and LD_LIBRARY_PATH set- you want to make sure
you are using the /usr/local/samba/bin and /usr/local/samba/lib
first.
If you run "truss getent passwd | tee log1.txt" you should see it
looking for nss_winbind.so.1 - ideally it will look in
/usr/local/samba/lib before /usr/lib. If it uses
/usr/lib/nss_winbind.so.1 that will probably NOT work. You may
want to rename that file just to make sure.
On 09/30/2010 10:57 AM, Ben George wrote:
Sun Solaris 10 (under SPARC)
local users in /etc/passwd
samba 3.4.2 from sunfreeware.com <http://sunfreeware.com>
getent passwd
*/ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh
/*like this*/
/*/
/Thanks
Ben.T.George*/
/*
On Thu, Sep 30, 2010 at 5:45 PM, Gaiseric Vandal
<[email protected] <mailto:[email protected]>> wrote:
Then it sounds like you need the AD integration. If the
user's also login to the linux workstation directly (or via
ssh) then you will need to configure winbind and nsswitch to
support unix logins.
Why does nsswitch.conf include ldap? Is this the only
linux/unix machine? Are local users in ldap or /etc/passwd?
What version of samba? What version of linux?
Ideally "getent passwd" woudl show something like
ben:*:10001:10001:Ben George:/export/Home/SRE/ben/:bin/tcsh
or
SRE+ben:*:10001:10001:Ben George:/export/Home/SRE/ben:/bin/bash
I don't think you need a huge amount of AD experience to make
this work but I think you have to have general understanding
of what WIndows domains are about.
You should also review the smb.conf man page for the section
on idmap_ad.
On 09/30/2010 09:24 AM, Ben George wrote:
Thanks for your replay..
yes my client told me like this that's Y..and the manager
gave that work to newly joined me.. :(
i don't have any AD and core unix experience..i have only
experience in linux.not much
may this project will affect my job.. :(
my nsswitch.conf
*/passwd: files ldap winbind
group: files ldap winbind
hosts: dns files
ipnodes: dns files/*
"*nsswitch+winbind (which I do) or the smb pam module*"..? :(
i don't know..my client's need is he has a linux
machine..also a ADS..from the unix machine, he want to share
secure folder's to the AD user's..so eash user can only
access that particular shared folder..when the password of
user changed in AD, that will affect to the
smbpassword...means without changing that particular user's
smb password in the unix machine..
for this need which method is useful..from your experience
"*Does "getent passwd" show the windows users?*"
please check the output ..i think getent password only shows
unix system password
*/bash-3.00# getent passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp
Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh
svctag:x:95:12:Service Tag UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
ramana:x:100:1::/export/home/ramana:/bin/sh
teju:x:101:1::/export/home/teju:/bin/sh
user1:x:102:1::/export/home/user1:/bin/sh
ben:x:103:1::/home/ben:/bin/sh/*
"you already have a "unix" ben and a "ADS" ben defined?"
Yes i defined the ben user in Unix and ADS...bcoz i don't
have much knowledge about that sorry
Hope u will help me
Thanks
Ben.T.George
On Thu, Sep 30, 2010 at 3:59 PM, Gaiseric Vandal
<[email protected]
<mailto:[email protected]>> wrote:
disclaimer: I don't use Samba as an ADS member server.
I use samba as PDC with trusts to an ADS domain. So my
observations may not be valuid.
Did you try updating nsswitch.conf
passwd: files winbind
group: files winbind
If you are using a Windows domain and have a user
defined in the domain, you generally don't want to add
the user as a local user. Since the underlying unix OS
needs to know about the domain users you need to either
use nsswitch+winbind (which I do) or the smb pam module
(which I don't use, and not sure if it really is the
correct approach.)
If you use nsswitch.conf+winbind you can then also
OPTIONALLY allow "windows" users "unix" access like ssh.
My samba server is a PDC- I have a domain trust with
windows domains BUT the default shell is "/bin/false."
(It is still a little flaky...)
Does "getent passwd" show the windows users? It should
show something like
ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false
or
SRE+ben:*:10001:10001:Ben George:/home/SRE/ben/bin/false
It looks like = you already have a "unix" ben and a
"ADS" ben defined?
"wbinfo -s" and "wbinfo -n" are also useful for making
sure that the name-to-sid and sid-to-name mappings are
correct for domain users.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
