FW: [Samba] getent winbindd on FreeBSD 5.4
I posted my original post to FreeBSD-questions@freebsd.org and since then have had a running dialog with another poster. It now seems I am having trouble with the NSSWITCH function. I am now reporting back to the Samba list in hopes someone can help me out at this point. Can anyone help me out here? ~Doug -Original Message- Sent: Friday, September 16, 2005 12:48 PM To: 'Dan Nelson' Cc: 'freebsd-questions@freebsd.org' Subject: RE: [Samba] getent winbindd on FreeBSD 5.4 Yes, that getent command should suffice for printing users and groups, including any NSS-provided ones. You can also use the 'id' or 'pw user show' commands to print similar info. aries-root@/usr/local/etc: pw group show DSP-PRODUCTION pw: unknown group `DSP-PRODUCTION' aries-root@/usr/local/etc: PAM only handles authentication during login; looking up user/group names is handled by NSS. If your nsswitch.conf has passwd: compat winbind in it, you have a /usr/local/lib/nss_winbind.so.1 file, and getent can't find users that windbind should be providing, I'd start looking for nss_winbind debugging options. I don't know if this helps but here we go. I looked at /var/log/debug.log and I'm seeing lots of entries similar to the ones below: Sep 16 03:01:21 aries sendmail[6798]: NSSWITCH(nss_method_lookup): winbind, hosts, ghbyname, not found Sep 16 03:01:21 aries sendmail[6798]: NSSWITCH(nss_method_lookup): wins, hosts, ghbyname, not found Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): winbind, hosts, ghbyname, not found Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): wins, hosts, ghbyname, not found Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): winbind, hosts, ghbyaddr, not found Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): wins, hosts, ghbyaddr, not found Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): winbind, hosts, ghbyaddr, not found Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): wins, hosts, ghbyaddr, not found Sep 16 03:01:21 aries sendmail[6838]: NSSWITCH(nss_method_lookup): winbind, hosts, ghbyname, not found Sep 16 03:01:21 aries sendmail[6838]: NSSWITCH(nss_method_lookup): wins, hosts, ghbyname, not found Sep 16 03:01:21 aries sendmail[6843]: NSSWITCH(nss_method_lookup): winbind, hosts, ghbyname, not found Sep 16 03:01:21 aries sendmail[6843]: NSSWITCH(nss_method_lookup): wins, hosts, ghbyname, not found Sep 16 09:55:07 aries sshd[7716]: NSSWITCH(nss_method_lookup): winbind, hosts, ghbyaddr, not found Sep 16 09:55:07 aries sshd[7716]: NSSWITCH(nss_method_lookup): wins, hosts, ghbyaddr, not found Sep 16 09:55:09 aries sshd[7719]: NSSWITCH(nss_method_lookup): winbind, hosts, ghbyaddr, not found Sep 16 09:55:09 aries sshd[7719]: NSSWITCH(nss_method_lookup): wins, hosts, ghbyaddr, not found Sep 16 10:18:19 aries sshd[7771]: NSSWITCH(nss_method_lookup): winbind, hosts, ghbyaddr, not found Sep 16 10:18:19 aries sshd[7771]: NSSWITCH(nss_method_lookup): wins, hosts, ghbyaddr, not found Does this mean there is a problem with NSSWITCH? Please note that there are references to sshd and sendmail among other services but none related to winbindd as far as I can see. I ran winbindd -d4 per your suggestion to use debugging options and tried again by issuing getent passwd. Output of log.winbindd as follows: [2005/09/16 12:26:18, 1] nsswitch/winbindd.c:main(935) winbindd version 3.0.20 started. Copyright The Samba Team 2000-2004 [2005/09/16 12:26:18, 3] param/loadparm.c:lp_load(4082) lp_load: refreshing parameters [2005/09/16 12:26:18, 3] param/loadparm.c:init_globals(1366) Initialising global parameters [2005/09/16 12:26:18, 3] param/params.c:pm_process(574) params.c:pm_process() - Processing configuration file /usr/local/etc/smb.conf [2005/09/16 12:26:18, 3] param/loadparm.c:do_section(3542) Processing section [global] doing parameter workgroup = DSP doing parameter netbios name = Aries [2005/09/16 12:26:18, 4] param/loadparm.c:handle_netbios_name(2881) handle_netbios_name: set global_myname to: ARIES doing parameter server string = Samba Server doing parameter security = domain doing parameter hosts allow = 192.168.1. 192.168.2. 127. doing parameter encrypt passwords = yes doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter password server = * doing parameter passdb backend = tdbsam doing parameter auth methods = winbind doing parameter socket options = TCP_NODELAY doing parameter local master = no doing parameter os level = 33 doing parameter wins server = 192.168.1.1 doing parameter dns proxy = no doing parameter idmap uid = 15000-2 doing parameter idmap gid = 15000-2 doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind separator = - doing parameter template homedir = /usr/home/%D/%U doing parameter template shell = /bin/bash
Re: [Samba] getent winbindd on FreeBSD 5.4
On Thursday 15 September 2005 17:44, Doug Sampson wrote: ... # /etc/nsswitch.conf passwd: compat winbind group: compat winbind hosts: files winbind wins dns Change to: hosts: fils dns wins networks: files shells: files ... # smb.conf [global] workgroup = DSP server string = Samba Server security = DOMAIN passdb backend = tdbsam Remove the passdb backend = tdbsam parameter - this is a domain member and will obtain SAM information using MS RPC via winbind. log file = /var/log/samba/log.%m max log size = 50 os level = 33 local master = No dns proxy = No wins server = 192.168.1.1 idmap uid = 15000-2 idmap gid = 15000-2 template homedir = /usr/home/%D/%U template shell = /bin/bash winbind separator = + hosts allow = 192.168.1., 192.168.2., 127. [homes] comment = Home Directories read only = No browseable = No [MacData] comment = Production Data path = /data valid users = @DSP+PRODUCTION read only = No create mask = 0765 The odd thing is- there's no /etc/pam.d/samba file even though I specified that the PAM samba module be installed. Is my PAM whacked? You need PAM only to log into your BSD system using a Windows account - if that is what you want to do. Also, I am unsure if I need to map users to NT account using a text file You do not need to map NT accounts to UNIX local accounts. That is all handled by winbind. similar to /etc/smb/smbusers or some file similar to that? When I execute 'pw groupshow DSP+PRODUCTION', the log.smbd shows this: [2005/09/15 16:17:24, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(195) Unable to open/create TDB passwd [2005/09/15 16:17:24, 0] passdb/pdb_tdb.c:tdbsam_getsampwrid(488) pdb_getsampwrid: Unable to open TDB rid database! This will go away when you get rid of passdb backend = tdbsam. - John T. -- John H Terpstra, CTO PrimaStasys Inc. Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] getent winbindd on FreeBSD 5.4
I'm trying to get a FreeBSD 5.4 server to join a NT4 domain as a member domain server using winbindd. I've compiled Samba with WinBIND support, ACL Support, Syslog support, UTMP support, SMB PAM module, and with installed POPT library. I've reviewed Chapter 20 of TOSHARG and implemented a good portion of it into our smb.conf file but am having trouble making the 'getent' command work. Running Samba 3.0.20.1. The 'getent' command is found in /usr/compat/linux/usr/bin/. I can join the domain fine and execute 'wbinfo -u' with the expected domain user listing as well as with the 'wbinfo -g' command. However when I attempt to execute 'getent passwd' it shows only the local user accounts. Executing 'getent group' also produces only the local groups. It seems the getent command that comes with the linux_base port on FreeBSD 5.4 may or may not be working. I am unable to verify it though. Doing a 'tdbdump winbind_cache.tdb' reveals that the users are being enumerated but without a corresponding *nix user id. I don't know if the tdbsam is supposed to reveal such information. TOSHARG states that for getent to work, the nsswitch.conf must be properly configured. Mine is as follows: # /etc/nsswitch.conf passwd: compat winbind group: compat winbind hosts: files winbind wins dns networks: files shells: files NSSwitch depends on PAM modules for authentications so here's my login file: # # $FreeBSD: src/etc/pam.d/login,v 1.16 2003/06/14 12:35:05 des Exp $ # # PAM configuration for the login service # # auth authsufficient pam_winbind.so authsufficient pam_unix.so use_first_pass authrequiredpam_stack.soservice=system-auth authrequiredpam_nologin.so no_warn authsufficient pam_self.so no_warn authinclude system # account account sufficient pam_winbind.so account requiredpam_stack.soservice=system-auth account include system # session session requiredpam_stack.soservice=system-auth session include system # password passwordrequiredpam_stack.soservice=system-auth passwordinclude system # smb.conf [global] workgroup = DSP server string = Samba Server security = DOMAIN passdb backend = tdbsam log file = /var/log/samba/log.%m max log size = 50 os level = 33 local master = No dns proxy = No wins server = 192.168.1.1 idmap uid = 15000-2 idmap gid = 15000-2 template homedir = /usr/home/%D/%U template shell = /bin/bash winbind separator = + hosts allow = 192.168.1., 192.168.2., 127. [homes] comment = Home Directories read only = No browseable = No [MacData] comment = Production Data path = /data valid users = @DSP+PRODUCTION read only = No create mask = 0765 The odd thing is- there's no /etc/pam.d/samba file even though I specified that the PAM samba module be installed. Is my PAM whacked? Also, I am unsure if I need to map users to NT account using a text file similar to /etc/smb/smbusers or some file similar to that? When I execute 'pw groupshow DSP+PRODUCTION', the log.smbd shows this: [2005/09/15 16:17:24, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(195) Unable to open/create TDB passwd [2005/09/15 16:17:24, 0] passdb/pdb_tdb.c:tdbsam_getsampwrid(488) pdb_getsampwrid: Unable to open TDB rid database! log.wb-DSP shows this: [2005/09/15 16:17:24, 0] rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700) rpc_pipe_bind failed I'm a newb so would appreciate any advice! ~Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba