Re: [Samba] getent not listing ADS users ctdb samba
Did you copy the libnss_winbind.so to /lib and make a libnss_winbind.so.2
link out of it ?
Hi,
I am setting up ctdb samba, and have hit a brick wall trying to solve the
following issue.
1.getent does not retrieve the list of domain users or groups (wbinfo
works fine)
I'm not sure what I'm missing but I've almost spent the whole day trying
to
resolve this one and haven't made any progress :-(
Any help or suggestions are appreciated
My configuration is as follows
Installed pre-built RHEL binaries from ctdb.samba
ctdb-1.0-41.src.rpm
ctdb-1.0-41.x86_64.rpm
ctdb-debuginfo-1.0-41.x86_64.rpm
samba-3.0.25-ctdb.16.src.rpm
samba-3.0.25-ctdb.16.x86_64.rpm
samba-client-3.0.25-ctdb.16.x86_64.rpm
samba-common-3.0.25-ctdb.16.x86_64.rpm
samba-debuginfo-3.0.25-ctdb.16.x86_64.rpm
samba-doc-3.0.25-ctdb.16.x86_64.rpm
samba-swat-3.0.25-ctdb.16.x86_64.rpm
samba-winbind-32bit-3.0.25-ctdb.16.i386.rpm
SMB.CONF
[global]
workgroup = PLANET
realm = PLANET.AD
netbios name = CTDBSAMBA
server string = CTDB Samba Server
security = ADS
private dir = /gpfs/gpfs0/SMBDconfig
log file = /usr/local/samba/var/log.%m
max log size = 50
clustering = Yes
dns proxy = No
ldap ssl = no
idmap backend = tdb2
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[GPFSGLOBAL]
comment = GPFS Global Share
path = /gpfs/gpfs0/GLOBALSHARE
read only = No
force unknown acl user = Yes
vfs objects = gpfs
nfs4:acedup = merge
nfs4:chown = yes
nfs4:mode = special
gpfs:sharemodes = No
fileid:mapping = fsname
KRB5.CONF
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = PLANET.AD
[realms]
PLANET.AD = {
kdc = msad2k3.planet.ad
admin_server = msad2k3
}
[domain_realm]
.msad2k3.planet.ad = PLANET.AD
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
NSSWITCH.CONF
passwd: files winbind
shadow: files
group: files winbind
SYSTEM-AUTH
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired pam_env.so
### WINBIND AUTH ###
authsufficient /lib/security/pam_winbind.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid = 500 quiet
authrequired pam_deny.so
### WINBIND AUTH ###
accountsufficient /lib/security/pam_winbind.so
account required pam_unix.so
account sufficientpam_succeed_if.so uid 500 quiet
account required pam_permit.so
passwordrequisite pam_cracklib.so try_first_pass retry=3
passwordsufficientpam_unix.so md5 shadow nullok try_first_pass
use_authtok
passwordrequired pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session required pam_unix.so
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Message scanned by ClamAV engine (http://www.clamav.net)
--
François Legal
Message scanned by ClamAV engine (http://www.clamav.net)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] getent not listing ADS users ctdb samba
this seems to have been created during the rpm install, see below
[EMAIL PROTECTED] samba]# rpm -ql samba-winbind-32bit-3.0.25-ctdb.16
/lib/libnss_winbind.so
/lib/libnss_winbind.so.2
/lib/libnss_wins.so
/lib/libnss_wins.so.2
/lib/security/pam_winbind.so
[EMAIL PROTECTED] samba]# ls -lasp /lib | grep libnss
40 -rwxr-xr-x 1 root root 36340 Jul 5 2007 libnss_compat-2.5.so
4 lrwxrwxrwx 1 root root 20 May 26 08:37 libnss_compat.so.2 -
libnss_compat-2.5.so
816 -rwxr-xr-x 1 root root 824900 Jul 13 2006 libnss_db-2.2.so
4 lrwxrwxrwx 1 root root 16 May 26 08:39 libnss_db.so.2 -
libnss_db-2.2.so
28 -rwxr-xr-x 1 root root 21848 Jul 5 2007 libnss_dns-2.5.so
4 lrwxrwxrwx 1 root root 17 May 26 08:37 libnss_dns.so.2 -
libnss_dns-2.5.so
52 -rwxr-xr-x 1 root root 46740 Jul 5 2007 libnss_files-2.5.so
4 lrwxrwxrwx 1 root root 19 May 26 08:37 libnss_files.so.2 -
libnss_files-2.5.so
28 -rwxr-xr-x 1 root root 22752 Jul 5 2007 libnss_hesiod-2.5.so
4 lrwxrwxrwx 1 root root 20 May 26 08:37 libnss_hesiod.so.2 -
libnss_hesiod-2.5.so
3036 -rwxr-xr-x 1 root root 3099444 Jul 6 2007 libnss_ldap-2.5.so
4 lrwxrwxrwx 1 root root 18 May 26 08:40 libnss_ldap.so.2 -
libnss_ldap-2.5.so
48 -rwxr-xr-x 1 root root 42368 Jul 5 2007 libnss_nis-2.5.so
60 -rwxr-xr-x 1 root root 51696 Jul 5 2007 libnss_nisplus-2.5.so
4 lrwxrwxrwx 1 root root 21 May 26 08:37 libnss_nisplus.so.2 -
libnss_nisplus-2.5.so
4 lrwxrwxrwx 1 root root 17 May 26 08:37 libnss_nis.so.2 -
libnss_nis-2.5.so
20 -rwxr-xr-x 1 root root 19408 Jan 31 10:30 libnss_winbind.so
0 lrwxrwxrwx 1 root root 17 Jun 3 18:36 libnss_winbind.so.2 -
libnss_winbind.so
1016 -rwxr-xr-x 1 root root 1032916 Jan 31 10:30 libnss_wins.so
0 lrwxrwxrwx 1 root root 14 Jun 3 18:36 libnss_wins.so.2 -
libnss_wins.so
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Evan Koutsandreou
Sent: Tuesday, 3 June 2008 7:09 PM
To: samba@lists.samba.org
Subject: [Samba] getent not listing ADS users ctdb samba
Hi,
I am setting up ctdb samba, and have hit a brick wall trying to solve the
following issue.
1. getent does not retrieve the list of domain users or groups (wbinfo
works fine)
I'm not sure what I'm missing but I've almost spent the whole day trying to
resolve this one and haven't made any progress :-(
Any help or suggestions are appreciated
My configuration is as follows
Installed pre-built RHEL binaries from ctdb.samba
ctdb-1.0-41.src.rpm
ctdb-1.0-41.x86_64.rpm
ctdb-debuginfo-1.0-41.x86_64.rpm
samba-3.0.25-ctdb.16.src.rpm
samba-3.0.25-ctdb.16.x86_64.rpm
samba-client-3.0.25-ctdb.16.x86_64.rpm
samba-common-3.0.25-ctdb.16.x86_64.rpm
samba-debuginfo-3.0.25-ctdb.16.x86_64.rpm
samba-doc-3.0.25-ctdb.16.x86_64.rpm
samba-swat-3.0.25-ctdb.16.x86_64.rpm
samba-winbind-32bit-3.0.25-ctdb.16.i386.rpm
SMB.CONF
[global]
workgroup = PLANET
realm = PLANET.AD
netbios name = CTDBSAMBA
server string = CTDB Samba Server
security = ADS
private dir = /gpfs/gpfs0/SMBDconfig
log file = /usr/local/samba/var/log.%m
max log size = 50
clustering = Yes
dns proxy = No
ldap ssl = no
idmap backend = tdb2
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[GPFSGLOBAL]
comment = GPFS Global Share
path = /gpfs/gpfs0/GLOBALSHARE
read only = No
force unknown acl user = Yes
vfs objects = gpfs
nfs4:acedup = merge
nfs4:chown = yes
nfs4:mode = special
gpfs:sharemodes = No
fileid:mapping = fsname
KRB5.CONF
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = PLANET.AD
[realms]
PLANET.AD = {
kdc = msad2k3.planet.ad
admin_server = msad2k3
}
[domain_realm]
.msad2k3.planet.ad = PLANET.AD
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
NSSWITCH.CONF
passwd: files winbind
shadow: files
group: files winbind
SYSTEM-AUTH
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired pam_env.so
### WINBIND AUTH ###
authsufficient /lib/security/pam_winbind.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid = 500 quiet
auth
Re: [Samba] getent not listing ADS users ctdb samba
On Tue, 3 Jun 2008, Evan Koutsandreou wrote: 1. getent does not retrieve the list of domain users or groups (wbinfo works fine) Do you mean getent passwd, or getent passwd foo? If you mean the former, then you need: winbind enum groups = yes winbind enum users = yes jh -- Woman was God's second mistake.-- Nietzsche -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] getent not listing ADS users ctdb samba
That's worked, thanks a million!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Hodrien Sent: Tuesday, 3 June 2008 8:11 PM Cc: samba@lists.samba.org Subject: Re: [Samba] getent not listing ADS users ctdb samba On Tue, 3 Jun 2008, Evan Koutsandreou wrote: 1.getent does not retrieve the list of domain users or groups (wbinfo works fine) Do you mean getent passwd, or getent passwd foo? If you mean the former, then you need: winbind enum groups = yes winbind enum users = yes jh -- Woman was God's second mistake.-- Nietzsche -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
