Hello again! Ok, I've gotten wbinfo -u and wbinfo -g working great Now I try to run getent passwd and getent group I get my local users/groups but not the ones on the Windows 2k Server Domain Controller and it just hangs after listing the local ones. I also tried authenticating a user and it worked I'm assuming wbinfo -a DOMAIN+ingless@DOMAIN%"password" (The usernames here have user@domain due to some M$ Active-Directory thing...) plaintext password authentication succeeded challenge/response password authentication failed Could not authenticate user DOMAIN+ingless@DOMAIN%"password" with challenge/response Do I need getent working, or is it safe to assume everything is functioning normally now? Thanks! -SP ==========================================================? ?? \??????? /?? ____/??? / Sean Patrick Ingles ??? \????? /?? /??????? / Jr. Network Engineer ???? \??? /?? ___ /??? /? ????? \? /?????? /??? /?Vision Systems, Inc. ????? __/?? ____/?? _/?142 State Street ???????????????????????Albany, NY 12207 ??? www.visionsys.com???Landline: +1 518.434.4300 x1406 ??ingless@visionsys.com??Fax: +1 518.434.4304 ? ==========================================================
Hello again! Ok, I've gotten wbinfo -u and wbinfo -g working great Now I try to run getent passwd and getent group I get my local users/groups but not the ones on the Windows 2k Server Domain Controller and it just hangs after listing the local ones. I also tried authenticating a user and it worked I'm assuming wbinfo -a DOMAIN+ingless@DOMAIN%"password" (The usernames here have user@domain due to some M$ Active-Directory thing...) plaintext password authentication succeeded challenge/response password authentication failed Could not authenticate user DOMAIN+ingless@DOMAIN%"password" with challenge/response Do I need getent working, or is it safe to assume everything is functioning normally now? Thanks! -SP ==========================================================? ?? \??????? /?? ____/??? / Sean Patrick Ingles ??? \????? /?? /??????? / Jr. Network Engineer ???? \??? /?? ___ /??? /? ????? \? /?????? /??? /?Vision Systems, Inc. ????? __/?? ____/?? _/?142 State Street ???????????????????????Albany, NY 12207 ??? www.visionsys.com???Landline: +1 518.434.4300 x1406 ??ingless@visionsys.com??Fax: +1 518.434.4304 ? ========================================================= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
You need getent to work. This is really how Unix actually does the authenticating - winbind is just the conduit to the M$ database. Have you edited your /etc/nsswitch.conf correctly? You need: passwd: files winbind nisplus shadow: files winbind nisplus group: files winbind nisplus This will make Unix call winbind when looking for users/groups (this the mechanism that getent passwd/group runs). HTH, Noel -----Original Message----- From: Sean Patrick Ingles [mailto:ingless@visionsys.com] Sent: 01 November 2002 15:41 To: samba@samba.org Subject: [Samba] getent not working correctly Hello again! Ok, I've gotten wbinfo -u and wbinfo -g working great Now I try to run getent passwd and getent group I get my local users/groups but not the ones on the Windows 2k Server Domain Controller and it just hangs after listing the local ones. I also tried authenticating a user and it worked I'm assuming wbinfo -a DOMAIN+ingless@DOMAIN%"password" (The usernames here have user@domain due to some M$ Active-Directory thing...) plaintext password authentication succeeded challenge/response password authentication failed Could not authenticate user DOMAIN+ingless@DOMAIN%"password" with challenge/response Do I need getent working, or is it safe to assume everything is functioning normally now? Thanks! -SP ==========================================================? ?? \??????? /?? ____/??? / Sean Patrick Ingles ??? \????? /?? /??????? / Jr. Network Engineer ???? \??? /?? ___ /??? /? ????? \? /?????? /??? /?Vision Systems, Inc. ????? __/?? ____/?? _/?142 State Street ???????????????????????Albany, NY 12207 ??? www.visionsys.com???Landline: +1 518.434.4300 x1406 ??ingless@visionsys.com??Fax: +1 518.434.4304 ? ========================================================= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.408 / Virus Database: 230 - Release Date: 24/10/2002
Did you reboot after starting winbindd? Either do that, or try looking for the nameserver cache daemons (nscd), and kill them all. (Don't worry, they'll restart.) I had the same problem with nss_ldap, and it drove me NUTS till I found out about the cache mechanism.> -----Original Message----- > From: Noel Kelly [mailto:nkelly@citrusnetworks.net] > Sent: Friday, November 01, 2002 12:46 PM > To: 'Sean Patrick Ingles'; samba@samba.org > Subject: RE: [Samba] getent not working correctly > > > You need getent to work. This is really how Unix actually does the > authenticating - winbind is just the conduit to the M$ database. > > Have you edited your /etc/nsswitch.conf correctly? You need: > > passwd: files winbind nisplus > shadow: files winbind nisplus > group: files winbind nisplus > > This will make Unix call winbind when looking for > users/groups (this the > mechanism that getent passwd/group runs). > > HTH, > Noel > > > -----Original Message----- > From: Sean Patrick Ingles [mailto:ingless@visionsys.com] > Sent: 01 November 2002 15:41 > To: samba@samba.org > Subject: [Samba] getent not working correctly > > > Hello again! > > Ok, I've gotten wbinfo -u and wbinfo -g working great > > Now I try to run getent passwd and getent group I get my > local users/groups > but not the ones on the Windows 2k Server Domain Controller > and it just > hangs after listing the local ones. > > I also tried authenticating a user and it worked I'm assuming > > wbinfo -a DOMAIN+ingless@DOMAIN%"password" (The usernames here have > user@domain due to some M$ Active-Directory thing...) > plaintext password > authentication succeeded challenge/response password > authentication failed > Could not authenticate user DOMAIN+ingless@DOMAIN%"password" with > challenge/response > > Do I need getent working, or is it safe to assume everything > is functioning > normally now? > > Thanks! > > -SP > > ==========================================================> ? > ?? \??????? /?? ____/??? / Sean Patrick Ingles > ??? \????? /?? /??????? / Jr. Network Engineer > ???? \??? /?? ___ /??? /? > ????? \? /?????? /??? /?Vision Systems, Inc. > ????? __/?? ____/?? _/?142 State Street > ???????????????????????Albany, NY 12207 > ??? www.visionsys.com???Landline: +1 518.434.4300 x1406 > ??ingless@visionsys.com??Fax: +1 518.434.4304 > ? > =========================================================> > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.408 / Virus Database: 230 - Release Date: 24/10/2002 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Here is my /etc/nsswitch.conf (abbreviated): passwd: files winbind shadow: files winbind group: files winbind I first start smbd -D and nmbd -D Then I start winbindd Then I join the domain (smbpasswd -j DOMAIN -r DOMAINCONTROLLER -U Administrator) It works Then I check my Secret (wbinfo -t) and it's good Then I list users and groups (wbinfo -u and wbinfo -g) and it works fine However I still cannot get "getent passwd" and "getent group" working. I am 100% stumped -SP -----Original Message----- From: Hall, Ken (ECSS) [mailto:KeHall@exchange.ml.com] Sent: Friday, November 01, 2002 12:55 PM To: samba@samba.org Subject: RE: [Samba] getent not working correctly Did you reboot after starting winbindd? Either do that, or try looking for the nameserver cache daemons (nscd), and kill them all. (Don't worry, they'll restart.) I had the same problem with nss_ldap, and it drove me NUTS till I found out about the cache mechanism.> -----Original Message----- > From: Noel Kelly [mailto:nkelly@citrusnetworks.net] > Sent: Friday, November 01, 2002 12:46 PM > To: 'Sean Patrick Ingles'; samba@samba.org > Subject: RE: [Samba] getent not working correctly > > > You need getent to work. This is really how Unix actually does the > authenticating - winbind is just the conduit to the M$ database. > > Have you edited your /etc/nsswitch.conf correctly? You need: > > passwd: files winbind nisplus > shadow: files winbind nisplus > group: files winbind nisplus > > This will make Unix call winbind when looking for > users/groups (this the > mechanism that getent passwd/group runs). > > HTH, > Noel > > > -----Original Message----- > From: Sean Patrick Ingles [mailto:ingless@visionsys.com] > Sent: 01 November 2002 15:41 > To: samba@samba.org > Subject: [Samba] getent not working correctly > > > Hello again! > > Ok, I've gotten wbinfo -u and wbinfo -g working great > > Now I try to run getent passwd and getent group I get my > local users/groups > but not the ones on the Windows 2k Server Domain Controller > and it just > hangs after listing the local ones. > > I also tried authenticating a user and it worked I'm assuming > > wbinfo -a DOMAIN+ingless@DOMAIN%"password" (The usernames here have > user@domain due to some M$ Active-Directory thing...) plaintext > password authentication succeeded challenge/response password > authentication failed > Could not authenticate user DOMAIN+ingless@DOMAIN%"password" with > challenge/response > > Do I need getent working, or is it safe to assume everything > is functioning > normally now? > > Thanks! > > -SP > > ==========================================================> ? > ?? \??????? /?? ____/??? / Sean Patrick Ingles > ??? \????? /?? /??????? / Jr. Network Engineer > ???? \??? /?? ___ /??? / > ????? \? /?????? /??? /?Vision Systems, Inc. > ????? __/?? ____/?? _/?142 State Street > ???????????????????????Albany, NY 12207 > ??? www.visionsys.com???Landline: +1 518.434.4300 x1406 > ??ingless@visionsys.com??Fax: +1 518.434.4304 > ? > =========================================================> > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.408 / Virus Database: 230 - Release Date: 24/10/2002 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Have you copied libnss_winbind.so from the nsswitch directory to /lib ? Also make a soft link to /lib/libnss_winbind.so.2 and then run 'ldconfig -v | grep winbind' to make sure the libraries are picked up. Restart winbind and watch your log.winbindd for messages as you run getent. HTH Noel -----Original Message----- From: Sean Patrick Ingles [mailto:ingless@visionsys.com] Sent: 04 November 2002 15:19 To: Hall, Ken (ECSS); samba@samba.org Subject: RE: [Samba] getent not working correctly Here is my /etc/nsswitch.conf (abbreviated): passwd: files winbind shadow: files winbind group: files winbind I first start smbd -D and nmbd -D Then I start winbindd Then I join the domain (smbpasswd -j DOMAIN -r DOMAINCONTROLLER -U Administrator) It works Then I check my Secret (wbinfo -t) and it's good Then I list users and groups (wbinfo -u and wbinfo -g) and it works fine However I still cannot get "getent passwd" and "getent group" working. I am 100% stumped -SP -----Original Message----- From: Hall, Ken (ECSS) [mailto:KeHall@exchange.ml.com] Sent: Friday, November 01, 2002 12:55 PM To: samba@samba.org Subject: RE: [Samba] getent not working correctly Did you reboot after starting winbindd? Either do that, or try looking for the nameserver cache daemons (nscd), and kill them all. (Don't worry, they'll restart.) I had the same problem with nss_ldap, and it drove me NUTS till I found out about the cache mechanism.> -----Original Message----- > From: Noel Kelly [mailto:nkelly@citrusnetworks.net] > Sent: Friday, November 01, 2002 12:46 PM > To: 'Sean Patrick Ingles'; samba@samba.org > Subject: RE: [Samba] getent not working correctly > > > You need getent to work. This is really how Unix actually does the > authenticating - winbind is just the conduit to the M$ database. > > Have you edited your /etc/nsswitch.conf correctly? You need: > > passwd: files winbind nisplus > shadow: files winbind nisplus > group: files winbind nisplus > > This will make Unix call winbind when looking for > users/groups (this the > mechanism that getent passwd/group runs). > > HTH, > Noel > > > -----Original Message----- > From: Sean Patrick Ingles [mailto:ingless@visionsys.com] > Sent: 01 November 2002 15:41 > To: samba@samba.org > Subject: [Samba] getent not working correctly > > > Hello again! > > Ok, I've gotten wbinfo -u and wbinfo -g working great > > Now I try to run getent passwd and getent group I get my > local users/groups > but not the ones on the Windows 2k Server Domain Controller > and it just > hangs after listing the local ones. > > I also tried authenticating a user and it worked I'm assuming > > wbinfo -a DOMAIN+ingless@DOMAIN%"password" (The usernames here have > user@domain due to some M$ Active-Directory thing...) plaintext > password authentication succeeded challenge/response password > authentication failed > Could not authenticate user DOMAIN+ingless@DOMAIN%"password" with > challenge/response > > Do I need getent working, or is it safe to assume everything > is functioning > normally now? > > Thanks! > > -SP > > ==========================================================> ? > ?? \??????? /?? ____/??? / Sean Patrick Ingles > ??? \????? /?? /??????? / Jr. Network Engineer > ???? \??? /?? ___ /??? / > ????? \? /?????? /??? /?Vision Systems, Inc. > ????? __/?? ____/?? _/?142 State Street > ???????????????????????Albany, NY 12207 > ??? www.visionsys.com???Landline: +1 518.434.4300 x1406 > ??ingless@visionsys.com??Fax: +1 518.434.4304 > ? > =========================================================> > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.408 / Virus Database: 230 - Release Date: 24/10/2002 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
I verified that the libraries were in the /lib folder and symlinked, and here is the output from ldconfig: [root@tux samba]# ldconfig -v | grep winbind libnss_winbind.so -> libnss_winbind.so I restarted winbindd and typed "getent passwd" and it just lists my local passwords and hangs. Nothing is generated in my log.winbindd when I do this either. I am also noticing that _occasionally_ the box will not allow anyone to login until after I kill winbindd... For reference, here is my /etc/pam.d/login: [root@tux pam.d]# cat login #%PAM-1.0 auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so [root@tux pam.d]# Here is what I have for my smb.conf as well: [root@tux pam.d]# cat /usr/local/samba/lib/smb.conf [global] workgroup = VSIONLINE server string = Samba %v -- TEST -- security = domain password server = vsi-vsi-albany winbind uid = 10000-20000 winbind gid = 10000-20000 winbind separator = + winbind cache time = 10 winbind enum users = Yes winbind enum groups = Yes [root@tux pam.d]# -SP -----Original Message----- From: Noel Kelly [mailto:nkelly@citrusnetworks.net] Sent: Monday, November 04, 2002 10:39 AM To: Sean Patrick Ingles; Hall, Ken (ECSS); samba@samba.org Subject: RE: [Samba] getent not working correctly Have you copied libnss_winbind.so from the nsswitch directory to /lib ? Also make a soft link to /lib/libnss_winbind.so.2 and then run 'ldconfig -v | grep winbind' to make sure the libraries are picked up. Restart winbind and watch your log.winbindd for messages as you run getent. HTH Noel -----Original Message----- From: Sean Patrick Ingles [mailto:ingless@visionsys.com] Sent: 04 November 2002 15:19 To: Hall, Ken (ECSS); samba@samba.org Subject: RE: [Samba] getent not working correctly Here is my /etc/nsswitch.conf (abbreviated): passwd: files winbind shadow: files winbind group: files winbind I first start smbd -D and nmbd -D Then I start winbindd Then I join the domain (smbpasswd -j DOMAIN -r DOMAINCONTROLLER -U Administrator) It works Then I check my Secret (wbinfo -t) and it's good Then I list users and groups (wbinfo -u and wbinfo -g) and it works fine However I still cannot get "getent passwd" and "getent group" working. I am 100% stumped -SP -----Original Message----- From: Hall, Ken (ECSS) [mailto:KeHall@exchange.ml.com] Sent: Friday, November 01, 2002 12:55 PM To: samba@samba.org Subject: RE: [Samba] getent not working correctly Did you reboot after starting winbindd? Either do that, or try looking for the nameserver cache daemons (nscd), and kill them all. (Don't worry, they'll restart.) I had the same problem with nss_ldap, and it drove me NUTS till I found out about the cache mechanism.> -----Original Message----- > From: Noel Kelly [mailto:nkelly@citrusnetworks.net] > Sent: Friday, November 01, 2002 12:46 PM > To: 'Sean Patrick Ingles'; samba@samba.org > Subject: RE: [Samba] getent not working correctly > > > You need getent to work. This is really how Unix actually does the > authenticating - winbind is just the conduit to the M$ database. > > Have you edited your /etc/nsswitch.conf correctly? You need: > > passwd: files winbind nisplus > shadow: files winbind nisplus > group: files winbind nisplus > > This will make Unix call winbind when looking for users/groups (this > the mechanism that getent passwd/group runs). > > HTH, > Noel > > > -----Original Message----- > From: Sean Patrick Ingles [mailto:ingless@visionsys.com] > Sent: 01 November 2002 15:41 > To: samba@samba.org > Subject: [Samba] getent not working correctly > > > Hello again! > > Ok, I've gotten wbinfo -u and wbinfo -g working great > > Now I try to run getent passwd and getent group I get my local > users/groups but not the ones on the Windows 2k Server Domain > Controller and it just > hangs after listing the local ones. > > I also tried authenticating a user and it worked I'm assuming > > wbinfo -a DOMAIN+ingless@DOMAIN%"password" (The usernames here have > user@domain due to some M$ Active-Directory thing...) plaintext > password authentication succeeded challenge/response password > authentication failed > Could not authenticate user DOMAIN+ingless@DOMAIN%"password" with > challenge/response > > Do I need getent working, or is it safe to assume everything is > functioning normally now? > > Thanks! > > -SP > > ==========================================================> ? > ?? \??????? /?? ____/??? / Sean Patrick Ingles > ??? \????? /?? /??????? / Jr. Network Engineer > ???? \??? /?? ___ /??? / > ????? \? /?????? /??? /?Vision Systems, Inc. > ????? __/?? ____/?? _/?142 State Street > ???????????????????????Albany, NY 12207 > ??? www.visionsys.com???Landline: +1 518.434.4300 x1406 > ??ingless@visionsys.com??Fax: +1 518.434.4304 > ? > =========================================================> > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.408 / Virus Database: 230 - Release Date: 24/10/2002 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002
All looks fine, but did you reboot after changing nsswitch.conf? When I was testing both winbind and ldap nsswitch, I found that the mechanism caches lookups, so changes to the config weren't always recognized. It would work, not work, work, etc., and it drove me crazy till I found out about the nscd daemons. I'm not sure this is your problem, but it sounds a lot like what I saw, so I thought I'd ask.> -----Original Message----- > From: Sean Patrick Ingles [mailto:ingless@visionsys.com] > Sent: Monday, November 04, 2002 10:19 AM > To: Hall, Ken (ECSS); samba@samba.org > Subject: RE: [Samba] getent not working correctly > > > Here is my /etc/nsswitch.conf (abbreviated): > > passwd: files winbind > shadow: files winbind > group: files winbind > > I first start smbd -D and nmbd -D > > Then I start winbindd > > Then I join the domain (smbpasswd -j DOMAIN -r > DOMAINCONTROLLER -U Administrator) It works > > Then I check my Secret (wbinfo -t) and it's good > > Then I list users and groups (wbinfo -u and wbinfo -g) and it > works fine > > However I still cannot get "getent passwd" and "getent group" working. > > I am 100% stumped > > -SP > > -----Original Message----- > From: Hall, Ken (ECSS) [mailto:KeHall@exchange.ml.com] > Sent: Friday, November 01, 2002 12:55 PM > To: samba@samba.org > Subject: RE: [Samba] getent not working correctly > > > Did you reboot after starting winbindd? > > Either do that, or try looking for the nameserver cache > daemons (nscd), and kill them all. (Don't worry, they'll restart.) > > I had the same problem with nss_ldap, and it drove me NUTS > till I found out about the cache mechanism. > > > -----Original Message----- > > From: Noel Kelly [mailto:nkelly@citrusnetworks.net] > > Sent: Friday, November 01, 2002 12:46 PM > > To: 'Sean Patrick Ingles'; samba@samba.org > > Subject: RE: [Samba] getent not working correctly > > > > > > You need getent to work. This is really how Unix actually does the > > authenticating - winbind is just the conduit to the M$ database. > > > > Have you edited your /etc/nsswitch.conf correctly? You need: > > > > passwd: files winbind nisplus > > shadow: files winbind nisplus > > group: files winbind nisplus > > > > This will make Unix call winbind when looking for > > users/groups (this the > > mechanism that getent passwd/group runs). > > > > HTH, > > Noel > > > > > > -----Original Message----- > > From: Sean Patrick Ingles [mailto:ingless@visionsys.com] > > Sent: 01 November 2002 15:41 > > To: samba@samba.org > > Subject: [Samba] getent not working correctly > > > > > > Hello again! > > > > Ok, I've gotten wbinfo -u and wbinfo -g working great > > > > Now I try to run getent passwd and getent group I get my > > local users/groups > > but not the ones on the Windows 2k Server Domain Controller > > and it just > > hangs after listing the local ones. > > > > I also tried authenticating a user and it worked I'm assuming > > > > wbinfo -a DOMAIN+ingless@DOMAIN%"password" (The usernames here have > > user@domain due to some M$ Active-Directory thing...) plaintext > > password authentication succeeded challenge/response password > > authentication failed > > Could not authenticate user DOMAIN+ingless@DOMAIN%"password" with > > challenge/response > > > > Do I need getent working, or is it safe to assume everything > > is functioning > > normally now? > > > > Thanks! > > > > -SP > > > > ==========================================================> > ? > > ?? \??????? /?? ____/??? / Sean Patrick Ingles > > ??? \????? /?? /??????? / Jr. Network Engineer > > ???? \??? /?? ___ /??? / > > ????? \? /?????? /??? /?Vision Systems, Inc. > > ????? __/?? ____/?? _/?142 State Street > > ???????????????????????Albany, NY 12207 > > ??? www.visionsys.com???Landline: +1 518.434.4300 x1406 > > ??ingless@visionsys.com??Fax: +1 518.434.4304 > > ? > > =========================================================> > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > --- > > Incoming mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 > > > > > > --- > > Outgoing mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.408 / Virus Database: 230 - Release Date: 24/10/2002 > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Ken - I have rebooted, still the same. I don't notice any nscd daemons running at anytime as well Thanks for your help! -SP -----Original Message----- From: Hall, Ken (ECSS) [mailto:KeHall@exchange.ml.com] Sent: Monday, November 04, 2002 11:10 AM To: Sean Patrick Ingles; samba@samba.org Subject: RE: [Samba] getent not working correctly All looks fine, but did you reboot after changing nsswitch.conf? When I was testing both winbind and ldap nsswitch, I found that the mechanism caches lookups, so changes to the config weren't always recognized. It would work, not work, work, etc., and it drove me crazy till I found out about the nscd daemons. I'm not sure this is your problem, but it sounds a lot like what I saw, so I thought I'd ask.> -----Original Message----- > From: Sean Patrick Ingles [mailto:ingless@visionsys.com] > Sent: Monday, November 04, 2002 10:19 AM > To: Hall, Ken (ECSS); samba@samba.org > Subject: RE: [Samba] getent not working correctly > > > Here is my /etc/nsswitch.conf (abbreviated): > > passwd: files winbind > shadow: files winbind > group: files winbind > > I first start smbd -D and nmbd -D > > Then I start winbindd > > Then I join the domain (smbpasswd -j DOMAIN -r > DOMAINCONTROLLER -U Administrator) It works > > Then I check my Secret (wbinfo -t) and it's good > > Then I list users and groups (wbinfo -u and wbinfo -g) and it > works fine > > However I still cannot get "getent passwd" and "getent group" working. > > I am 100% stumped > > -SP > > -----Original Message----- > From: Hall, Ken (ECSS) [mailto:KeHall@exchange.ml.com] > Sent: Friday, November 01, 2002 12:55 PM > To: samba@samba.org > Subject: RE: [Samba] getent not working correctly > > > Did you reboot after starting winbindd? > > Either do that, or try looking for the nameserver cache > daemons (nscd), and kill them all. (Don't worry, they'll restart.) > > I had the same problem with nss_ldap, and it drove me NUTS > till I found out about the cache mechanism. > > > -----Original Message----- > > From: Noel Kelly [mailto:nkelly@citrusnetworks.net] > > Sent: Friday, November 01, 2002 12:46 PM > > To: 'Sean Patrick Ingles'; samba@samba.org > > Subject: RE: [Samba] getent not working correctly > > > > > > You need getent to work. This is really how Unix actually does the > > authenticating - winbind is just the conduit to the M$ database. > > > > Have you edited your /etc/nsswitch.conf correctly? You need: > > > > passwd: files winbind nisplus > > shadow: files winbind nisplus > > group: files winbind nisplus > > > > This will make Unix call winbind when looking for users/groups (this > > the mechanism that getent passwd/group runs). > > > > HTH, > > Noel > > > > > > -----Original Message----- > > From: Sean Patrick Ingles [mailto:ingless@visionsys.com] > > Sent: 01 November 2002 15:41 > > To: samba@samba.org > > Subject: [Samba] getent not working correctly > > > > > > Hello again! > > > > Ok, I've gotten wbinfo -u and wbinfo -g working great > > > > Now I try to run getent passwd and getent group I get my local > > users/groups but not the ones on the Windows 2k Server Domain > > Controller and it just > > hangs after listing the local ones. > > > > I also tried authenticating a user and it worked I'm assuming > > > > wbinfo -a DOMAIN+ingless@DOMAIN%"password" (The usernames here have > > user@domain due to some M$ Active-Directory thing...) plaintext > > password authentication succeeded challenge/response password > > authentication failed > > Could not authenticate user DOMAIN+ingless@DOMAIN%"password" with > > challenge/response > > > > Do I need getent working, or is it safe to assume everything is > > functioning normally now? > > > > Thanks! > > > > -SP > > > > ==========================================================> > ? > > ?? \??????? /?? ____/??? / Sean Patrick Ingles > > ??? \????? /?? /??????? / Jr. Network Engineer > > ???? \??? /?? ___ /??? / > > ????? \? /?????? /??? /?Vision Systems, Inc. > > ????? __/?? ____/?? _/?142 State Street > > ???????????????????????Albany, NY 12207 > > ??? www.visionsys.com???Landline: +1 518.434.4300 x1406 > > ??ingless@visionsys.com??Fax: +1 518.434.4304 > > ? > > =========================================================> > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > --- > > Incoming mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 > > > > > > --- > > Outgoing mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.408 / Virus Database: 230 - Release Date: 24/10/2002 > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Ah - just noticed you say that 'getent passwd' doesn't terminate but hangs. So clearly the trigger is working but the mechanism is failing somewhere. How long do you leave it for? If you have a very large NT user base it could take a while to list it. Have a look at 'top' when it hangs and see if winbind is gobbling up some processor time. Otherwise, I would recompile new binaries and libraries afresh - I'm out of ideas, sorry. Maybe someone else has a suggestion? Noel -----Original Message----- From: Sean Patrick Ingles [mailto:ingless@visionsys.com] Sent: 04 November 2002 15:57 To: Noel Kelly; Hall, Ken (ECSS); samba@samba.org Subject: RE: [Samba] getent not working correctly I verified that the libraries were in the /lib folder and symlinked, and here is the output from ldconfig: [root@tux samba]# ldconfig -v | grep winbind libnss_winbind.so -> libnss_winbind.so I restarted winbindd and typed "getent passwd" and it just lists my local passwords and hangs. Nothing is generated in my log.winbindd when I do this either. I am also noticing that _occasionally_ the box will not allow anyone to login until after I kill winbindd... For reference, here is my /etc/pam.d/login: [root@tux pam.d]# cat login #%PAM-1.0 auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so [root@tux pam.d]# Here is what I have for my smb.conf as well: [root@tux pam.d]# cat /usr/local/samba/lib/smb.conf [global] workgroup = VSIONLINE server string = Samba %v -- TEST -- security = domain password server = vsi-vsi-albany winbind uid = 10000-20000 winbind gid = 10000-20000 winbind separator = + winbind cache time = 10 winbind enum users = Yes winbind enum groups = Yes [root@tux pam.d]# -SP -----Original Message----- From: Noel Kelly [mailto:nkelly@citrusnetworks.net] Sent: Monday, November 04, 2002 10:39 AM To: Sean Patrick Ingles; Hall, Ken (ECSS); samba@samba.org Subject: RE: [Samba] getent not working correctly Have you copied libnss_winbind.so from the nsswitch directory to /lib ? Also make a soft link to /lib/libnss_winbind.so.2 and then run 'ldconfig -v | grep winbind' to make sure the libraries are picked up. Restart winbind and watch your log.winbindd for messages as you run getent. HTH Noel -----Original Message----- From: Sean Patrick Ingles [mailto:ingless@visionsys.com] Sent: 04 November 2002 15:19 To: Hall, Ken (ECSS); samba@samba.org Subject: RE: [Samba] getent not working correctly Here is my /etc/nsswitch.conf (abbreviated): passwd: files winbind shadow: files winbind group: files winbind I first start smbd -D and nmbd -D Then I start winbindd Then I join the domain (smbpasswd -j DOMAIN -r DOMAINCONTROLLER -U Administrator) It works Then I check my Secret (wbinfo -t) and it's good Then I list users and groups (wbinfo -u and wbinfo -g) and it works fine However I still cannot get "getent passwd" and "getent group" working. I am 100% stumped -SP -----Original Message----- From: Hall, Ken (ECSS) [mailto:KeHall@exchange.ml.com] Sent: Friday, November 01, 2002 12:55 PM To: samba@samba.org Subject: RE: [Samba] getent not working correctly Did you reboot after starting winbindd? Either do that, or try looking for the nameserver cache daemons (nscd), and kill them all. (Don't worry, they'll restart.) I had the same problem with nss_ldap, and it drove me NUTS till I found out about the cache mechanism.> -----Original Message----- > From: Noel Kelly [mailto:nkelly@citrusnetworks.net] > Sent: Friday, November 01, 2002 12:46 PM > To: 'Sean Patrick Ingles'; samba@samba.org > Subject: RE: [Samba] getent not working correctly > > > You need getent to work. This is really how Unix actually does the > authenticating - winbind is just the conduit to the M$ database. > > Have you edited your /etc/nsswitch.conf correctly? You need: > > passwd: files winbind nisplus > shadow: files winbind nisplus > group: files winbind nisplus > > This will make Unix call winbind when looking for users/groups (this > the mechanism that getent passwd/group runs). > > HTH, > Noel > > > -----Original Message----- > From: Sean Patrick Ingles [mailto:ingless@visionsys.com] > Sent: 01 November 2002 15:41 > To: samba@samba.org > Subject: [Samba] getent not working correctly > > > Hello again! > > Ok, I've gotten wbinfo -u and wbinfo -g working great > > Now I try to run getent passwd and getent group I get my local > users/groups but not the ones on the Windows 2k Server Domain > Controller and it just > hangs after listing the local ones. > > I also tried authenticating a user and it worked I'm assuming > > wbinfo -a DOMAIN+ingless@DOMAIN%"password" (The usernames here have > user@domain due to some M$ Active-Directory thing...) plaintext > password authentication succeeded challenge/response password > authentication failed > Could not authenticate user DOMAIN+ingless@DOMAIN%"password" with > challenge/response > > Do I need getent working, or is it safe to assume everything is > functioning normally now? > > Thanks! > > -SP > > ==========================================================> ? > ?? \??????? /?? ____/??? / Sean Patrick Ingles > ??? \????? /?? /??????? / Jr. Network Engineer > ???? \??? /?? ___ /??? / > ????? \? /?????? /??? /?Vision Systems, Inc. > ????? __/?? ____/?? _/?142 State Street > ???????????????????????Albany, NY 12207 > ??? www.visionsys.com???Landline: +1 518.434.4300 x1406 > ??ingless@visionsys.com??Fax: +1 518.434.4304 > ? > =========================================================> > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.408 / Virus Database: 230 - Release Date: 24/10/2002 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002