Hi Jan, Basically the second situation there, pam authentication via winbind (eg. netatalk or SSH) is working OK.
My smb.conf file is: [global] workgroup = DOMAIN realm = DOMAIN.CORP security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /usr/bin/bash map untrusted to domain = yes load printers = no server string = server01 dns proxy = no winbind cache time = 300 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind trusted domains only = No winbind nested groups = Yes winbind expand groups = 5 winbind refresh tickets = No winbind offline logon = No winbind normalize names = No password server = server03.domain.corp template homedir = /export/home/%U log file = /var/samba/samba.log log level = 5 [FileShare] path = /shared/FileShare comment = FileShare read only = No [STUDIO] path = /shared/STUDIO comment = STUDIO read only = No Thanks very much James On 21 Jun 2013, at 09:54, Jan Holzhueter <[email protected]> wrote: > > Hi, > just do make sure what are you trying: > > login with an AD user as in ssh username@whatever. > Or mount a share from the OI sever via smb? > > For first one please post /etc/pam.conf > > for the second please post /etc/opt/csw/samba/smb.conf > > Greetings > Jan > > > > Am 21.06.13 10:43, schrieb James Relph: >> Hi Jan, >> >> Yes, that's the one I had found, and I already have that link there. I >> don't think winbind worked at all until that was in place. It's samba >> that doesn't seem to be working with winbind properly. >> >> James >> >> On 21 Jun 2013, at 09:00, Jan Holzhueter <[email protected] >> <mailto:[email protected]>> wrote: >> >>> Hi, >>> ok I looked up the old bug about that: >>> https://www.opencsw.org/mantis/view.php?id=5020 >>> >>> acroding to this you need this: >>> ln -s /opt/csw/lib/libnss_winbind.so.1 /lib/nss_winbind.so.1 >>> >>> Greetings >>> Jan >>> >>> >>> Am 21.06.13 07:30, schrieb James Relph: >>>> Thanks for the speedy reply. I think I found where you'd already >>>> mentioned that online anyway, I've got: >>>> >>>> libnss_winbind.so -> /opt/csw/lib/libnss_winbind.so.1 >>>> nss_winbind.so.1 -> /opt/csw/lib/libnss_winbind.so.1 >>>> >>>> In /lib. Winbind itself seems to be working fine, I've got netatalk >>>> using that happily, it's the cswsamba version that won't seem to use >>>> winbind (it's either not using it properly, or it's using the wrong >>>> winbind somehow). Netatalk, using winbind, is fine. >>>> >>>> Best regards, >>>> >>>> James. >>>> >>>> >>>> On 21 Jun 2013, at 06:24, Jan Holzhueter <[email protected] >>>> <mailto:[email protected]> >>>> <mailto:[email protected]>> wrote: >>>> >>>>> Hi, >>>>> if you use the auth via pam you must symlink the nss_winbind to a >>>>> special place. I'm not sure which one atm. Check the orginal OI samba >>>>> package that should put it in the right place. >>>>> We can't add this to our package as this would brake install on sparse >>>>> zones. >>>>> I wanted to write a short notice about it put did not have the time yet. >>>>> It might be that you even need to copy and not symlink the lib. Not sure >>>>> here. >>>>> >>>>> Greetings >>>>> Jan >>>>> >>>>> >>>>> >>>>> Am 21.06.13 07:15, schrieb James Relph: >>>>>> Hi, >>>>>> >>>>>> Apologies for cross posting, but I'm not sure if this is an Oi issue or >>>>>> a cswsamba issue. I've installed cswsamba (3.6.15) and >>>>>> cswsamba_winbind >>>>>> on an OI box (151a7). I've got it bound to AD fine, and winbind itself >>>>>> seems to be operating perfectly (I've actually got netatalk happily >>>>>> authenticating AD users via winbind). If I run wbinfo -u or getent >>>>>> passwd, I get the expected information back. >>>>>> >>>>>> Oddly though Samba itself isn't authenticating users. If I try and >>>>>> login (with a few variations of DOMAIN\username or username@DOMAIN) it >>>>>> just kicks it back as an unknown user (see below). The only thing that >>>>>> I can think of is that the cswsamba is actually still calling the >>>>>> previously installed (but turned off) winbind that I installed with the >>>>>> original OI samba install. With that not running though I wouldn't >>>>>> have >>>>>> thought that would have happened (but if that could be it - how do I >>>>>> make sure that cswsamba uses cswsamba_winbind). I have symlinked the >>>>>> csw nss_winbind libraries into /lib, I just don't know if there's >>>>>> anything else that could cause this. >>>>>> >>>>>> Thanks for any help. >>>>>> >>>>>> James >>>>>> >>>>>> Principal Consultant >>>>>> >>>>>> >>>>>> Mapping user [DOMAIN]\[james] from workstation [server03] >>>>>> attempting to make a user_info for james (james) >>>>>> making strings for james's user_info struct >>>>>> making blobs for james's user_info struct >>>>>> check_ntlm_password: Checking password for unmapped user >>>>>> [DOMAIN]\[james]@[server03] with the new password interface >>>>>> check_ntlm_password: mapped user is: [DOMAIN]\[james]@[server03] >>>>>> Finding user DOMAIN\james >>>>>> Trying _Get_Pwnam(), username as lowercase is DOMAIN\james >>>>>> Trying _Get_Pwnam(), username as given is DOMAIN\james >>>>>> Checking combinations of 0 uppercase letters in DOMAIN\james >>>>>> Get_Pwnam_internals didn't find user [DOMAIN\james]! >>>>>> Finding user james >>>>>> Trying _Get_Pwnam(), username as lowercase is james >>>>>> Checking combinations of 0 uppercase letters in james >>>>>> Get_Pwnam_internals didn't find user [james]! >>>>>> Failed to find authenticated user DOMAIN\james via getpwnam(), denying >>>>>> access. >>>>>> check_ntlm_password: winbind authentication for user [james] FAILED >>>>>> with error NT_STATUS_NO_SUCH_USER >>>>>> check_ntlm_password: Authentication for user [james] -> [james] >>>>>> FAILED with error NT_STATUS_NO_SUCH_USER >>>>>> Got user=[[email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>] >>>>>> domain=[DOMAIN] workstation=[server03] len1=24 len2=124 >>>>>> Mapping user [DOMAIN]\[[email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>] >>>>>> from workstation [server03] >>>>>> attempting to make a user_info for [email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> ([email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>) >>>>>> making strings for [email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>'s >>>>>> user_info struct >>>>>> making blobs for [email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>'s >>>>>> user_info struct >>>>>> check_ntlm_password: Checking password for unmapped user >>>>>> [DOMAIN]\[[email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>]@[server03] with >>>>>> the new password interface >>>>>> check_ntlm_password: mapped user is: [DOMAIN]\[[email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]>]@[server03] >>>>>> check_ntlm_password: winbind authentication for user >>>>>> [[email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>] FAILED with >>>>>> error >>>>>> NT_STATUS_NO_SUCH_USER >>>>>> check_ntlm_password: Authentication for user [[email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]>] -> [[email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]>] FAILED with error NT_STATUS_NO_SUCH_USER >>>>>> Got user=[[email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>] >>>>>> domain=[DOMAIN] workstation=[server03] len1=24 len2=124 >>>>>> Mapping user [DOMAIN]\[[email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>] >>>>>> from workstation [server03] >>>>>> attempting to make a user_info for [email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> ([email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>) >>>>>> making strings for [email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>'s >>>>>> user_info struct >>>>>> making blobs for [email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>'s >>>>>> user_info struct >>>>>> check_ntlm_password: Checking password for unmapped user >>>>>> [DOMAIN]\[[email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>]@[server03] with >>>>>> the new password interface >>>>>> check_ntlm_password: mapped user is: [DOMAIN]\[[email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]>]@[server03] >>>>>> check_ntlm_password: winbind authentication for user >>>>>> [[email protected] <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>] FAILED with >>>>>> error >>>>>> NT_STATUS_NO_SUCH_USER >>>>>> check_ntlm_password: Authentication for user [[email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]>] -> [[email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]>] FAILED with error NT_STATUS_NO_SUCH_USER >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> users mailing list >>>>>> [email protected] >>>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>>> https://lists.opencsw.org/mailman/listinfo/users >>>>>> >>>>> >>>>> _______________________________________________ >>>>> users mailing list >>>>> [email protected] >>>>> <mailto:[email protected]> <mailto:[email protected]> >>>>> https://lists.opencsw.org/mailman/listinfo/users >>>> >>> >>> _______________________________________________ >>> users mailing list >>> [email protected] <mailto:[email protected]> >>> https://lists.opencsw.org/mailman/listinfo/users >> > > _______________________________________________ > users mailing list > [email protected] > https://lists.opencsw.org/mailman/listinfo/users
_______________________________________________ users mailing list [email protected] https://lists.opencsw.org/mailman/listinfo/users
