Hi giuseppe
after some more investigation ive found the following sequence to be
100% repeatable.
2 users, dave & elina. dave has a local account, elina does not. After
reboot or restart of the winbindd daemon, dave can login but elina can
not. After logging in as dave, "wbinfo -n dave" returns "Could not
lookup name
dave". Huh !! it just logged me in but now cant find my details ?? Same
with "wbinfo -n elina". Now run "getent passwd", result of which kind of
looks like the passwd file with the AD domain users tacked onto the end.
After
this "wbinfo -n dave" returns the windows SID. Now run "wbinfo -n elina"
which again should show the Windows SID for elina. log out as dave and
TRA-LA I can log in as elina.
as to why "wbinfo -n" cannot get the Windows SID ?? and does the "getent
passwd" result in the SID being cached ??
giuseppe panei wrote:
Hi dave
I have found the following items in the htmldocs:
"The pam_winbind module in the 2.2.2 release only supports the auth
and account module-types. The latter simply performs a getpwnam() to
verify that the system can obtain a uid for the user. If the
libnss_winbind library has been correctly installed, this should
always succeed."
Well, then is failing the account module ?
??
From Using Samba, cap 9:
"Be careful when adding local users after domain users have started
accessing the Samba server. The domain users will have entries created
for them by winbind in /etc/passwd, with UIDs in the range you specify.
................
................"
In my /etc/passwd there are no entities for domain users.
I dont believe this is true, it does not add teh AD users to the local
passwd file. Although "getent passwd" produces a list that looks like a
cat of passwd + the AD users
I apologize for my bad english.
Giuseppe
much better than my non-existant italian
dave
David Rigler wrote:
Hi Giuseppe
I was thinking that getpwnam should fail, that user doesnt exist
locally.
But the pam_unix and/or pam stack should be able to cope with that ?
dave
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
