Sapan, I recently installed Samba-3 on Solaris 9 and had no problem with PAM and NSS functionality. Logons using domain users worked well. As I do not have a Sun box it is a little difficult for me to help you directly.
What output do you get from: wbinfo -u wbinfo -g Please send me your smb.conf file so I can see what may be going on. - John T. On Thu, 8 Jan 2004, Ganguly, Sapan wrote: > > Yep, I've done that, I basically followed the Solaris 9 HOWTO from the main > HOWTO collection that comes with Samba 3.0, the only difference is that I > used an /etc/pam.conf for Solaris 9 posted on the list by Patrik Gustavsson. > I haven't managed to get hold of him, he says he has made it work on Solaris > 9. > I also want to get pam_mkhomedir work but I have to get past this bit first. > >From his email signature it looks like he work for Sun in Sweden but even > the Sun helpdesk in the UK hasn't been able to get hold of him yet. > > -----Original Message----- > From: John H Terpstra [mailto:[EMAIL PROTECTED] > Sent: 08 January 2004 15:54 > To: Ganguly, Sapan > Cc: 'ww m-pubsyssamba'; '[EMAIL PROTECTED]' > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > On Thu, 8 Jan 2004, Ganguly, Sapan wrote: > > > > > I'm doing the same thing but with NT4 so I'm not using active > > directory. The only thing you haven't mentioned that I can think of is > > nsswitch.conf, you should have - > > > > Passwd: files winbind > > Group: files winbind > > > > Getent works for me, I'm stuck with getting log ons to the Solaris > > machine with NT usernames to work. > > If you want to log onto the Sun machine using Windows networking credentials > you must configure PAM to support the use of pam_winbind.so. Have you done > that? > > - John T. > > > > They seem to have changed something in Solaris 9, even Sun hasn't been > > able to help me! > > > > -----Original Message----- > > From: ww m-pubsyssamba [mailto:[EMAIL PROTECTED] > > Sent: 08 January 2004 13:45 > > To: Ganguly, Sapan ; [EMAIL PROTECTED] > > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > > > > Hi Sapan/All, > > > > ok this is all in my test/dev environment. I have a Sun Sparc > > workstation running Solaris 9 and an Intel server running Windows 2000 > > server acting as a Native mode AD DC. My Sparc system has Samba 3.0.1 > > installed and is successfully joined to the AD domain, I can > > authenticate via kerberos and wbinfo -u lists domain users etc. All I > > need LDAP for is centralising the IDMAP mappings across our > > theoretical Samba server infrastructure. > > > > On the same sparc system I also have SunONE DS 5.2 installed, this > > has the schema for Samba 3.0.1 successfully loaded. I have created the > > idamap OU in the directory and I have configured my smb.conf to use > > LDAP for idmap data, file attached. And I have set the LDAP admin > > account password with "smbpasswd -w". I have also disabled nscd from > > starting up & installed patch 113476-05 which is required for Solaris > > 9. I can also see winbindd establishing a connection to Sun LDAP in > > its access log. > > > > As I was writing this mail I have noticed that a getent for users > > and groups is not displaying any AD users/groups but is exiting with a > > status 0, this is despite the fact that wbinfo is correctly displaying > > all my AD users/groups!? I can see from a snoop and truss run on the > > getent that it is making LDAP calls to the AD DC but it's not > > returning anything!?! I have had this running on a Solaris 8 system in > > my test environment successfully and can't think of anything I've done > > differently. > > > > If anyone can help I'd greatly appreciate it, > > > > many thanks Andy. > > > > -----Original Message----- > > From: Ganguly, Sapan [mailto:[EMAIL PROTECTED] > > Posted At: 07 January 2004 16:44 > > Posted To: Samba > > Conversation: [Samba] How do I get Winbind accounts in LDAP? > > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > > > > > > Andy, > > > > Tell us a bit more, I'm doing a similar thing I think. I'm not using > > Sun's LDAP service, I have OpenLDAP running on a Redhat 9.0 box and > > I'm logging into my Solaris 9.0 machine running winbind, with my NT > > username and password which creates an idmap in the openldap database > > on the Redhat box....well, that's what it is supposed to do > > anyway...it works fine on Redhat, Solaris is proving to be a little > > more tricky. > > > > Is this what you are doing? > > > > -----Original Message----- > > From: ww m-pubsyssamba [mailto:[EMAIL PROTECTED] > > Sent: 07 January 2004 14:23 > > To: [EMAIL PROTECTED] > > Subject: RE: [Samba] How do I get Winbind accounts in LDAP? > > > > > > Hi John/List, > > > > I'm attemtpting this (idmap in LDAP) with samba3.0.1 and Sun DS 5.2 > > but without any success. I've tried what John T has suggested below > > but my idmap OU is still empty (adapted LDAP commnads for Sun DS). I > > cannot see any errors in either Samba or Sun DS logs, does anyone have > > any troubleshooting tips to help work out why this isn't working? > > > > many thanks Andy. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf > > Of John H Terpstra Posted At: 03 January 2004 23:54 Posted To: Samba > > Conversation: [Samba] How do I get Winbind accounts in LDAP? > > Subject: Re: [Samba] How do I get Winbind accounts in LDAP? > > > > > > Kent, > > > > Did you create the container for the ou=Idmap in your LDAP database? > > The IDMAP entries are automatically added to LDAP - IF the container > > exists, and so long as Samba can access that database. > > > > Also, I suggest you store your machine accounts in the Users container > > and not in the Computers container. Samba does not at this time search > > the Computers container correctly. > > > > Execute the following to find out if your LDAP database has an IDMAP > > container: > > slapcat | grep -i IDMAP > > > > > > If nothing is returned, execute this: > > > > ldapadd -x -D "cn=admin,dc=tow,dc=net" -w 'password' << EOR > > dn: ou=Idmap,dc=abmas,dc=biz > > objectClass: organizationalunit > > ou: idmap > > structuralObjectClass: organizationalunit > > EOR > > > > Now you must stop samba, delete the winbind*tdb files, restart samba, > > run: > > wbinfo -u > > And that should automatically populate your LDAP IDMAP database. > > > > Cheers, > > John T. > > > > > > > > BBCi at http://www.bbc.co.uk/ > > > > This e-mail (and any attachments) is confidential and may contain > > personal views which are not the views of the BBC unless specifically > > stated. If you have received it in error, please delete it from your > > system. Do not use, copy or disclose the information in any way nor > > act in reliance on it and notify the sender immediately. Please note > > that the BBC monitors e-mails sent or received. Further communication > > will signify your consent to this. > > > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba