Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
I think I've figured it out. It doesn't work if nsswitch.conf has got passwd: files nis winbind or passwd: files winbind nis But if it only has two modules listed: passwd: files winbind then passwd -r files works fine. -- Dan Nuffer MCCALL,DON (HP-USA,ex1) wrote: Hello Dan, Can you post the passwd line of your nsswitch.conf file? I am on 11.11, and passwd -r files username Works just fine for me, with winbind added to my passwd line in the /etc/nsswitch.conf file... Don -Original Message- From: Dan Nuffer [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 3:13 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help I've been trying to find a solution to passwd not working on HPUX 11 with a modified nsswitch.conf. (Interestingly, using the -r files switch works on Solaris, but not HPUX.) The two proposed workarounds I have seen (naming the module ldap and replacing the system one, or creating a wrapper for passwd that fiddles with the nsswitch.conf) aren't acceptable. I'm really hoping that HP has fixed this, but I wasn't able to locate an applicable patch on their site. If anyone knows of one, please point me to it! Thanks, Dan Nuffer MCCALL, DON (HP-USA,ex1) wrote: Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
You got it. I had Passwd: compat winbind don -Original Message- From: Dan Nuffer [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 11:07 AM To: MCCALL,DON (HP-USA,ex1) Cc: [EMAIL PROTECTED] Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help I think I've figured it out. It doesn't work if nsswitch.conf has got passwd: files nis winbind or passwd: files winbind nis But if it only has two modules listed: passwd: files winbind then passwd -r files works fine. -- Dan Nuffer MCCALL,DON (HP-USA,ex1) wrote: Hello Dan, Can you post the passwd line of your nsswitch.conf file? I am on 11.11, and passwd -r files username Works just fine for me, with winbind added to my passwd line in the /etc/nsswitch.conf file... Don -Original Message- From: Dan Nuffer [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 3:13 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help I've been trying to find a solution to passwd not working on HPUX 11 with a modified nsswitch.conf. (Interestingly, using the -r files switch works on Solaris, but not HPUX.) The two proposed workarounds I have seen (naming the module ldap and replacing the system one, or creating a wrapper for passwd that fiddles with the nsswitch.conf) aren't acceptable. I'm really hoping that HP has fixed this, but I wasn't able to locate an applicable patch on their site. If anyone knows of one, please point me to it! Thanks, Dan Nuffer MCCALL, DON (HP-USA,ex1) wrote: Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hello Dan, Can you post the passwd line of your nsswitch.conf file? I am on 11.11, and passwd -r files username Works just fine for me, with winbind added to my passwd line in the /etc/nsswitch.conf file... Don -Original Message- From: Dan Nuffer [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 3:13 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help I've been trying to find a solution to passwd not working on HPUX 11 with a modified nsswitch.conf. (Interestingly, using the -r files switch works on Solaris, but not HPUX.) The two proposed workarounds I have seen (naming the module ldap and replacing the system one, or creating a wrapper for passwd that fiddles with the nsswitch.conf) aren't acceptable. I'm really hoping that HP has fixed this, but I wasn't able to locate an applicable patch on their site. If anyone knows of one, please point me to it! Thanks, Dan Nuffer MCCALL, DON (HP-USA,ex1) wrote: Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi All, Thanks for your help, still no luck though. More info for you. with no debug statements in my /etc/pam.conf I get in sys log the following. Feb 2 14:43:02 coastdr pam_winbind[2832]: user 'traininguser' granted acces with debug turned on I get Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user `traininguser' Feb 2 14:47:49 coastdr pam_winbind[2839]: user 'traininguser' granted acces the user is still logging out. incidentlally, when I log in as a unix user, rather than a win2k user I don't get anything in sys log. I've included my pam.conf below. Also, I checked for /etc/shells, no such file, and I have set my smb.conf shell line to template shell = /sbin/sh and also tried template shell = /usr/bin/sh both files exist. # # PAM configuration # # Authentication management # loginauth sufficient/usr/lib/security/libpam_unix.1 debug loginauth sufficient/usr/lib/security/libpam_winbind.1 debug #login auth sufficient/usr/lib/security/libpam_smb.1 nolocal debug su auth required /usr/lib/security/libpam_unix.1 debug dtlogin auth required /usr/lib/security/libpam_unix.1 debug dtaction auth required /usr/lib/security/libpam_unix.1 debug ftp auth required /usr/lib/security/libpam_unix.1 debug OTHERauth required /usr/lib/security/libpam_unix.1 debug # # Account management # loginaccount sufficient /usr/lib/security/libpam_unix.1 debug loginaccount sufficient /usr/lib/security/libpam_winbind.1 debug su account required /usr/lib/security/libpam_unix.1 debug dtlogin account required /usr/lib/security/libpam_unix.1 debug dtaction account required /usr/lib/security/libpam_unix.1 debug ftp account required /usr/lib/security/libpam_unix.1 debug # OTHERaccount required /usr/lib/security/libpam_unix.1 debug # # Session management # loginsession sufficient /usr/lib/security/libpam_unix.1 debug loginsession sufficient /usr/lib/security/libpam_winbind.1 debug dtlogin session required /usr/lib/security/libpam_unix.1 debug dtaction session required /usr/lib/security/libpam_unix.1 debug OTHERsession required /usr/lib/security/libpam_unix.1 debug # # Password management # loginpassword sufficient/usr/lib/security/libpam_unix.1 debug loginpassword sufficient/usr/lib/security/libpam_winbind.1 debug passwd password required /usr/lib/security/libpam_unix.1 debug passwd password required /usr/lib/security/libpam_winbind.1 debug dtlogin password required /usr/lib/security/libpam_unix.1 debug dtaction password required /usr/lib/security/libpam_unix.1 debug OTHERpassword required /usr/lib/security/libpam_unix.1 debug Cheers Miles -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Saturday, 1 February 2003 04:53 a.m. To: 'John H Terpstra'; Miles Roper Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON (HP-USA,ex1); 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Hi, Miles, Actually on HP-UX, you will need to add the word 'debug' at the end of each of the lines in you /etc/pam.conf file, to enable more debugging to go into the /var/adm/syslog/syslog.log file. One thing that I have seen something like this happen on is if the /etc/shells file is corrupt, or if the shell that is defined for the user (since they don't have a /etc/passwd entry, this would be whatever you put in template in the smb.conf) does not exactly match one of the lines in /etc/shells, or the defaults, if this file does not exist. The defaults for 11.0 are: /sbin/sh /usr/bin/sh /usr/bin/rsh /usr/bin/ksh /usr/bin/rksh /usr/bin/csh /usr/bin/keysh Hope this helps, Don -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 1:36 To: Miles Roper Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'MCCALL,DON (HP-USA,ex1)'; 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help On Fri, 31 Jan 2003, Miles Roper wrote: Hi Everyone, I'm forgetting about the password one at the moment, thanks for all your input :o) I still don't have a clue how to solve my main problem. I'm assuming that its not actually winbind related now, as I've recently tried pam_smb and get the same basic problem. Basically, when I log into the UNIX box, the username/password of a NT user is being authenticated, but doesn't actually log in. It doesn't get past the password line. I know
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi All, Thanks for your help, still no luck though. More info for you. with no debug statements in my /etc/pam.conf I get in sys log the following. Feb 2 14:43:02 coastdr pam_winbind[2832]: user 'traininguser' granted acces with debug turned on I get Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user `traininguser' Feb 2 14:47:49 coastdr pam_winbind[2839]: user 'traininguser' granted acces the user is still logging out. incidentlally, when I log in as a unix user, rather than a win2k user I don't get anything in sys log. I've included my pam.conf below. Also, I checked for /etc/shells, no such file, and I have set my smb.conf shell line to template shell = /sbin/sh and also tried template shell = /usr/bin/sh both files exist. # # PAM configuration # # Authentication management # loginauth sufficient/usr/lib/security/libpam_unix.1 debug loginauth sufficient/usr/lib/security/libpam_winbind.1 debug #login auth sufficient/usr/lib/security/libpam_smb.1 nolocal debug su auth required /usr/lib/security/libpam_unix.1 debug dtlogin auth required /usr/lib/security/libpam_unix.1 debug dtaction auth required /usr/lib/security/libpam_unix.1 debug ftp auth required /usr/lib/security/libpam_unix.1 debug OTHERauth required /usr/lib/security/libpam_unix.1 debug # # Account management # loginaccount sufficient /usr/lib/security/libpam_unix.1 debug loginaccount sufficient /usr/lib/security/libpam_winbind.1 debug su account required /usr/lib/security/libpam_unix.1 debug dtlogin account required /usr/lib/security/libpam_unix.1 debug dtaction account required /usr/lib/security/libpam_unix.1 debug ftp account required /usr/lib/security/libpam_unix.1 debug # OTHERaccount required /usr/lib/security/libpam_unix.1 debug # # Session management # loginsession sufficient /usr/lib/security/libpam_unix.1 debug loginsession sufficient /usr/lib/security/libpam_winbind.1 debug dtlogin session required /usr/lib/security/libpam_unix.1 debug dtaction session required /usr/lib/security/libpam_unix.1 debug OTHERsession required /usr/lib/security/libpam_unix.1 debug # # Password management # loginpassword sufficient/usr/lib/security/libpam_unix.1 debug loginpassword sufficient/usr/lib/security/libpam_winbind.1 debug passwd password required /usr/lib/security/libpam_unix.1 debug passwd password required /usr/lib/security/libpam_winbind.1 debug dtlogin password required /usr/lib/security/libpam_unix.1 debug dtaction password required /usr/lib/security/libpam_unix.1 debug OTHERpassword required /usr/lib/security/libpam_unix.1 debug Cheers Miles -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Saturday, 1 February 2003 04:53 a.m. To: 'John H Terpstra'; Miles Roper Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON (HP-USA,ex1); 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Hi, Miles, Actually on HP-UX, you will need to add the word 'debug' at the end of each of the lines in you /etc/pam.conf file, to enable more debugging to go into the /var/adm/syslog/syslog.log file. One thing that I have seen something like this happen on is if the /etc/shells file is corrupt, or if the shell that is defined for the user (since they don't have a /etc/passwd entry, this would be whatever you put in template in the smb.conf) does not exactly match one of the lines in /etc/shells, or the defaults, if this file does not exist. The defaults for 11.0 are: /sbin/sh /usr/bin/sh /usr/bin/rsh /usr/bin/ksh /usr/bin/rksh /usr/bin/csh /usr/bin/keysh Hope this helps, Don -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 1:36 To: Miles Roper Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'MCCALL,DON (HP-USA,ex1)'; 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help On Fri, 31 Jan 2003, Miles Roper wrote: Hi Everyone, I'm forgetting about the password one at the moment, thanks for all your input :o) I still don't have a clue how to solve my main problem. I'm assuming that its not actually winbind related now, as I've recently tried pam_smb and get the same basic problem. Basically, when I log into the UNIX box, the username/password of a NT user is being authenticated, but doesn't actually log in. It doesn't get past the password line. I know
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi, Miles, Actually on HP-UX, you will need to add the word 'debug' at the end of each of the lines in you /etc/pam.conf file, to enable more debugging to go into the /var/adm/syslog/syslog.log file. One thing that I have seen something like this happen on is if the /etc/shells file is corrupt, or if the shell that is defined for the user (since they don't have a /etc/passwd entry, this would be whatever you put in template in the smb.conf) does not exactly match one of the lines in /etc/shells, or the defaults, if this file does not exist. The defaults for 11.0 are: /sbin/sh /usr/bin/sh /usr/bin/rsh /usr/bin/ksh /usr/bin/rksh /usr/bin/csh /usr/bin/keysh Hope this helps, Don -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 1:36 To: Miles Roper Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'MCCALL,DON (HP-USA,ex1)'; 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help On Fri, 31 Jan 2003, Miles Roper wrote: Hi Everyone, I'm forgetting about the password one at the moment, thanks for all your input :o) I still don't have a clue how to solve my main problem. I'm assuming that its not actually winbind related now, as I've recently tried pam_smb and get the same basic problem. Basically, when I log into the UNIX box, the username/password of a NT user is being authenticated, but doesn't actually log in. It doesn't get past the password line. I know it accepts the password. Its almost as if it can't find the shell. But the template variable is set within the smb.conf file. Permissions are fine. I have exactly the same problem with the pam_smb module. So what does PAM report into your /var/log files? Have you tried adding to each line in your /etc/pam.d/login (after the .so file name) the word 'audit' - this will increase the volume of debugging info spit out into /var/log/messages, or wherever PAM send this on your distro. - John T. If there is any further information I can send let me know. Ideas? Thanks Miles -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Friday, 31 January 2003 07:06 a.m. To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; '[EMAIL PROTECTED]'; 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don -Original Message- From: Michael Steffens [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 11:52 To: Ronan Waide Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; '[EMAIL PROTECTED]'; 'Richard Sharpe' Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Ronan Waide wrote: On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Yep. It's a HP-UX specific workaround. Please ignore it everywhere else. Michael -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi, Miles, Actually on HP-UX, you will need to add the word 'debug' at the end of each of the lines in you /etc/pam.conf file, to enable more debugging to go into the /var/adm/syslog/syslog.log file. One thing that I have seen something like this happen on is if the /etc/shells file is corrupt, or if the shell that is defined for the user (since they don't have a /etc/passwd entry, this would be whatever you put in template in the smb.conf) does not exactly match one of the lines in /etc/shells, or the defaults, if this file does not exist. The defaults for 11.0 are: /sbin/sh /usr/bin/sh /usr/bin/rsh /usr/bin/ksh /usr/bin/rksh /usr/bin/csh /usr/bin/keysh Hope this helps, Don -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 1:36 To: Miles Roper Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Esh, Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'MCCALL,DON (HP-USA,ex1)'; 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help On Fri, 31 Jan 2003, Miles Roper wrote: Hi Everyone, I'm forgetting about the password one at the moment, thanks for all your input :o) I still don't have a clue how to solve my main problem. I'm assuming that its not actually winbind related now, as I've recently tried pam_smb and get the same basic problem. Basically, when I log into the UNIX box, the username/password of a NT user is being authenticated, but doesn't actually log in. It doesn't get past the password line. I know it accepts the password. Its almost as if it can't find the shell. But the template variable is set within the smb.conf file. Permissions are fine. I have exactly the same problem with the pam_smb module. So what does PAM report into your /var/log files? Have you tried adding to each line in your /etc/pam.d/login (after the .so file name) the word 'audit' - this will increase the volume of debugging info spit out into /var/log/messages, or wherever PAM send this on your distro. - John T. If there is any further information I can send let me know. Ideas? Thanks Miles -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Friday, 31 January 2003 07:06 a.m. To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; '[EMAIL PROTECTED]'; 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don -Original Message- From: Michael Steffens [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 11:52 To: Ronan Waide Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; '[EMAIL PROTECTED]'; 'Richard Sharpe' Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Ronan Waide wrote: On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Yep. It's a HP-UX specific workaround. Please ignore it everywhere else. Michael -- John H Terpstra Email: [EMAIL PROTECTED]
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi Everyone, I'm forgetting about the password one at the moment, thanks for all your input :o) I still don't have a clue how to solve my main problem. I'm assuming that its not actually winbind related now, as I've recently tried pam_smb and get the same basic problem. Basically, when I log into the UNIX box, the username/password of a NT user is being authenticated, but doesn't actually log in. It doesn't get past the password line. I know it accepts the password. Its almost as if it can't find the shell. But the template variable is set within the smb.conf file. Permissions are fine. I have exactly the same problem with the pam_smb module. If there is any further information I can send let me know. Ideas? Thanks Miles -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Friday, 31 January 2003 07:06 a.m. To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; '[EMAIL PROTECTED]'; 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don -Original Message- From: Michael Steffens [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 11:52 To: Ronan Waide Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; '[EMAIL PROTECTED]'; 'Richard Sharpe' Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Ronan Waide wrote: On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Yep. It's a HP-UX specific workaround. Please ignore it everywhere else. Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don -Original Message- From: Michael Steffens [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 11:52 To: Ronan Waide Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; '[EMAIL PROTECTED]'; 'Richard Sharpe' Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Ronan Waide wrote: On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Yep. It's a HP-UX specific workaround. Please ignore it everywhere else. Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
On Fri, 31 Jan 2003, Miles Roper wrote: Hi Everyone, I'm forgetting about the password one at the moment, thanks for all your input :o) I still don't have a clue how to solve my main problem. I'm assuming that its not actually winbind related now, as I've recently tried pam_smb and get the same basic problem. Basically, when I log into the UNIX box, the username/password of a NT user is being authenticated, but doesn't actually log in. It doesn't get past the password line. I know it accepts the password. Its almost as if it can't find the shell. But the template variable is set within the smb.conf file. Permissions are fine. I have exactly the same problem with the pam_smb module. So what does PAM report into your /var/log files? Have you tried adding to each line in your /etc/pam.d/login (after the .so file name) the word 'audit' - this will increase the volume of debugging info spit out into /var/log/messages, or wherever PAM send this on your distro. - John T. If there is any further information I can send let me know. Ideas? Thanks Miles -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Friday, 31 January 2003 07:06 a.m. To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; '[EMAIL PROTECTED]'; 'Richard Sharpe' Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Hi Everyone, This whole problem with the password command not working when winbind is included as a method in the nsswitch.conf can probably be worked around by simply using the -r files (or -r nis or -r nisplus) switch. Take a look at the man page for passwd on HP-UX 11.x and see if this won't help you out. Hope this helps, Don -Original Message- From: Michael Steffens [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 11:52 To: Ronan Waide Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; '[EMAIL PROTECTED]'; 'Richard Sharpe' Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Ronan Waide wrote: On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Yep. It's a HP-UX specific workaround. Please ignore it everywhere else. Michael -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Love wouldn't be blind if the braille wasn't so damned much fun. - Armistead Maupin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Ronan Waide wrote: On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Yep. It's a HP-UX specific workaround. Please ignore it everywhere else. Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi Everyone, Been following this a bit; faking out nsswitch with the ldap stuff seems like a HIGH and complicated price to pay for getting a passwd program that will work to change passwords for standard unix users. One of the other things I have seen is a simple script that moved and replaced the winbind enabled nsswitch.conf with a standard one before executing the passwd command, then moved it back. Or even hack a c program together that 'gets' the username,password from the user BEFORE it exec's the actual passwd program, so you could minimize the amount of time the nsswitch.conf file would be in place WITHOUT the winbind support. Either way, this is an issue both on SUN and HP-UX systems. For the HP-UX customers, I'd like to see them submit enhancement requests through their support channel tochange the behavior of the nsswitch stuff so that we could have a code change in the OS where it belongs to deal with this. It's the squeaky wheel that gets the grease Hope this helps, Don -Original Message- From: Michael Steffens [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 11:52 To: Ronan Waide Cc: '[EMAIL PROTECTED]'; Esh, Andrew; Miles Roper; '[EMAIL PROTECTED]'; 'Richard Sharpe' Subject: Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help Ronan Waide wrote: On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Yep. It's a HP-UX specific workaround. Please ignore it everywhere else. Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
On January 28, [EMAIL PROTECTED] said: I don't have HPUX, so I don't know what to suggest for that. I just know getent won't work without winbindd in nsswitch.conf on Linux. I think the point that was being made is that NSS support on HPUX only supports a few known types, of which one is LDAP. The discussion was basically about faking out the system so that what it thinks is LDAP is actually winbind. Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. Love wouldn't be blind if the braille wasn't so damned much fun. - Armistead Maupin
