Hi All,
Well, i've managed to enable some debugging in syslog, I had to put in
/etc/syslog.conf
;*.debug
on the syslog line.
So at least I have an error which is being returned into syslog from
winbind.
This is what I get from winbind
Feb 4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie'
Feb 4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie' granted acces
Feb 4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting with return code
13
This is what I get from pamsmb (ignore the dates, they are a bit funny for
some reason)
Feb 5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user
unix:trainingus
er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC:
Feb 5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry
Feb 4 20:53:55 coastdr : pamsmbd: Got something back... 0
Feb 4 20:53:55 coastdr : pam_smb: got back 0 username traininguser
Feb 4 20:53:55 coastdr : LOGIN: exiting with return code 13
So the error with pamsmb and winbind is the same. I've done a man on login
and can only find a description of errors, not the error codes. What is
error code 13? If I can find that out it will make looking for it a bit
easier. I thought it might be that the shell doens't exist, but I tried
making a user with a invalid shell and get back error code 1, so its not
that.
Ideas?
Cheers
Miles
-----Original Message-----
From: Miles Roper
Sent: Monday, 3 February 2003 08:54 a.m.
To: 'MCCALL,DON (HP-USA,ex1)'
Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org';
Esh,
Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard
Sharpe'; 'John H Terpstra'
Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Thanks for your help, still no luck though. More info for you.
with no debug statements in my /etc/pam.conf I get in sys log the following.
Feb 2 14:43:02 coastdr pam_winbind[2832]: user 'traininguser' granted
acces
with debug turned on I get
Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user `traininguser'
Feb 2 14:47:49 coastdr pam_winbind[2839]: user 'traininguser' granted
acces
the user is still logging out.
incidentlally, when I log in as a unix user, rather than a win2k user I
don't get anything in sys log. I've included my pam.conf below.
Also, I checked for /etc/shells, no such file, and I have set my smb.conf
shell line to
template shell = /sbin/sh
and also tried
template shell = /usr/bin/sh
both files exist.
#
# PAM configuration
#
# Authentication management
#
login auth sufficient /usr/lib/security/libpam_unix.1 debug
login auth sufficient /usr/lib/security/libpam_winbind.1
debug
#login auth sufficient /usr/lib/security/libpam_smb.1 nolocal
debug
su auth required /usr/lib/security/libpam_unix.1 debug
dtlogin auth required /usr/lib/security/libpam_unix.1 debug
dtaction auth required /usr/lib/security/libpam_unix.1 debug
ftp auth required /usr/lib/security/libpam_unix.1 debug
OTHER auth required /usr/lib/security/libpam_unix.1 debug
#
# Account management
#
login account sufficient /usr/lib/security/libpam_unix.1 debug
login account sufficient /usr/lib/security/libpam_winbind.1
debug
su account required /usr/lib/security/libpam_unix.1 debug
dtlogin account required /usr/lib/security/libpam_unix.1 debug
dtaction account required /usr/lib/security/libpam_unix.1 debug
ftp account required /usr/lib/security/libpam_unix.1 debug
#
OTHER account required /usr/lib/security/libpam_unix.1 debug
#
# Session management
#
login session sufficient /usr/lib/security/libpam_unix.1 debug
login session sufficient /usr/lib/security/libpam_winbind.1
debug
dtlogin session required /usr/lib/security/libpam_unix.1 debug
dtaction session required /usr/lib/security/libpam_unix.1 debug
OTHER session required /usr/lib/security/libpam_unix.1 debug
#
# Password management
#
login password sufficient /usr/lib/security/libpam_unix.1 debug
login password sufficient /usr/lib/security/libpam_winbind.1
debug
passwd password required /usr/lib/security/libpam_unix.1 debug
passwd password required /usr/lib/security/libpam_winbind.1
debug
dtlogin password required /usr/lib/security/libpam_unix.1 debug
dtaction password required /usr/lib/security/libpam_unix.1 debug
OTHER password required /usr/lib/security/libpam_unix.1 debug
Cheers
Miles
-----Original Message-----
From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com]
Sent: Saturday, 1 February 2003 04:53 a.m.
To: 'John H Terpstra'; Miles Roper
Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org';
Esh,
Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON
(HP-USA,ex1); 'Richard Sharpe'
Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
Hi, Miles,
Actually on HP-UX, you will need to add the word 'debug' at the end of
each
of
the lines in you /etc/pam.conf file, to enable more debugging to go into the
/var/adm/syslog/syslog.log file.
One thing that I have seen something like this happen on is if the
/etc/shells file is corrupt, or if the shell that is defined for the user
(since they don't have a /etc/passwd entry, this would be whatever you put
in
template in the smb.conf) does not exactly match one of the lines in
/etc/shells,
or the defaults, if this file does not exist.
The defaults for 11.0 are:
/sbin/sh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh
/usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh
Hope this helps,
Don> -----Original Message-----
> From: John H Terpstra [mailto:jht@samba.org]
> Sent: Friday, January 31, 2003 1:36
> To: Miles Roper
> Cc: 'samba-technical@lists.samba.org';
'samba@lists.samba.org'; Esh,
> Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'MCCALL,DON
> (HP-USA,ex1)'; 'Richard Sharpe'
> Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help
>
>
> On Fri, 31 Jan 2003, Miles Roper wrote:
>
> > Hi Everyone,
> >
> > I'm forgetting about the password one at the moment, thanks
> for all your
> > input :o)
> >
> > I still don't have a clue how to solve my main problem.
> I'm assuming that
> > its not actually winbind related now, as I've recently
> tried pam_smb and get
> > the same basic problem.
> >
> > Basically, when I log into the UNIX box, the
> username/password of a NT user
> > is being authenticated, but doesn't actually log in. It
> doesn't get past
> > the password line. I know it accepts the password. Its
> almost as if it
> > can't find the shell. But the template variable is set
> within the smb.conf
> > file. Permissions are fine. I have exactly the same
> problem with the
> > pam_smb module.
>
> So what does PAM report into your /var/log files?
>
> Have you tried adding to each line in your /etc/pam.d/login
> (after the .so
> file name) the word 'audit' - this will increase the volume
> of debugging
> info spit out into /var/log/messages, or wherever PAM send
> this on your
> distro.
>
> - John T.
>
> >
> > If there is any further information I can send let me know.
> >
> > Ideas?
> >
> > Thanks
> >
> > Miles
> >
> >
> > -----Original Message-----
> > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com]
> > Sent: Friday, 31 January 2003 07:06 a.m.
> > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide
> > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper;
> > 'samba-technical@lists.samba.org'; 'Richard Sharpe'
> > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> Please Help
> >
> >
> > Hi Everyone,
> > This whole problem with the password command not working
> when winbind
> > is included as a method in the nsswitch.conf can probably
> be worked around
> > by simply using the -r files (or -r nis or -r nisplus)
> switch. Take a look
> > at the man page for passwd on HP-UX 11.x and see if this
> won't help you
> > out.
> > Hope this helps,
> > Don
> >
> > > -----Original Message-----
> > > From: Michael Steffens [mailto:michael.steffens@hp.com]
> > > Sent: Tuesday, January 28, 2003 11:52
> > > To: Ronan Waide
> > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper;
> > > 'samba-technical@lists.samba.org'; 'Richard
Sharpe'
> > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally
> Stuck, Please Help
> > >
> > >
> > > Ronan Waide wrote:
> > > > On January 28, Andrew_Esh@adaptec.com said:
> > > >
> > > >>I don't have HPUX, so I don't know what to
suggest for
> > > that. I just know
> > > >>getent won't work without winbindd in nsswitch.conf
on Linux.
> > > >
> > > >
> > > > I think the point that was being made is that NSS support
> > > on HPUX only
> > > > supports a few known types, of which one is LDAP. The
> discussion was
> > > > basically about faking out the system so that what it
> thinks is LDAP
> > > > is actually winbind.
> > >
> > > Yep. It's a HP-UX specific workaround. Please ignore it
> > > everywhere else.
> > >
> > > Michael
> > >
> > >
> >
>
> --
> John H Terpstra
> Email: jht@samba.org
>
MCCALL,DON (HP-USA,ex1)
2003-Feb-05 16:53 UTC
[Samba] RE: Winbind on HPUX 11, some small progress
Hi Miles, This sounds like a PAM_USER_UNKNOWN 13 error. Which would indicate that winbind daemon did it's job (ie passed the username and password to the password server ,and got validation back that the user is authenticated, but then when it went thru the nsswitch stuff to 'look up' the user, that failed. Kinda wierd. I don't have your original post, but I'm assuming that you have passwd: files winbind group: files winbind in your /etc/nsswitch.conf file and that you have working links to the winbind nss code (look something like this): 46 Aug 27 11:16 /usr/lib/libnss_winbind.1 -> /usr/local/samba/lib/winbind/libnss_winbind.so To verify that your nsswitch code is working compile the getent.c program I have attached to this message, and then verify that you can get an appropriate uid/gid back for a user defined on your NT password server in the following manner; getent passwd <domainname><domainseparator><username> (for instance on my system, I use '+' as winbind domain separator, and my domain is atl-wtec, so: getent passwd atl-wtec+administrator returns me the 'passwd' entry faked up from the NT domain controller I am a member of. Just a thought, Don> -----Original Message----- > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz] > Sent: Tuesday, February 04, 2003 21:28 > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org; > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H Terpstra'; > Kim (E-mail) > Subject: Winbind on HPUX 11, some small progress > > > Hi All, > > Well, i've managed to enable some debugging in syslog, I had to put in > /etc/syslog.conf > > ;*.debug > > on the syslog line. > > So at least I have an error which is being returned into syslog from > winbind. > > This is what I get from winbind > > Feb 4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie' > Feb 4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie' > granted acces > Feb 4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting > with return code > 13 > > This is what I get from pamsmb (ignore the dates, they are a > bit funny for > some reason) > > Feb 5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user > unix:trainingus > er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC: > Feb 5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry > Feb 4 20:53:55 coastdr : pamsmbd: Got something back... 0 > Feb 4 20:53:55 coastdr : pam_smb: got back 0 username traininguser > Feb 4 20:53:55 coastdr : LOGIN: exiting with return code 13 > > So the error with pamsmb and winbind is the same. I've done > a man on login > and can only find a description of errors, not the error > codes. What is > error code 13? If I can find that out it will make looking > for it a bit > easier. I thought it might be that the shell doens't exist, > but I tried > making a user with a invalid shell and get back error code 1, > so its not > that. > > Ideas? > > Cheers > > Miles > > > -----Original Message----- > From: Miles Roper > Sent: Monday, 3 February 2003 08:54 a.m. > To: 'MCCALL,DON (HP-USA,ex1)' > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard > Sharpe'; 'John H Terpstra' > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > Thanks for your help, still no luck though. More info for you. > > with no debug statements in my /etc/pam.conf I get in sys log > the following. > > Feb 2 14:43:02 coastdr pam_winbind[2832]: user > 'traininguser' granted acces > > with debug turned on I get > > Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user `traininguser' > Feb 2 14:47:49 coastdr pam_winbind[2839]: user > 'traininguser' granted acces > > the user is still logging out. > > incidentlally, when I log in as a unix user, rather than a > win2k user I > don't get anything in sys log. I've included my pam.conf below. > > Also, I checked for /etc/shells, no such file, and I have set > my smb.conf > shell line to > > template shell = /sbin/sh > > and also tried > > template shell = /usr/bin/sh > > both files exist. > > # > # PAM configuration > # > # Authentication management > # > login auth sufficient /usr/lib/security/libpam_unix.1 debug > login auth sufficient /usr/lib/security/libpam_winbind.1 > debug > #login auth sufficient /usr/lib/security/libpam_smb.1 nolocal > debug > su auth required /usr/lib/security/libpam_unix.1 debug > dtlogin auth required /usr/lib/security/libpam_unix.1 debug > dtaction auth required /usr/lib/security/libpam_unix.1 debug > ftp auth required /usr/lib/security/libpam_unix.1 debug > OTHER auth required /usr/lib/security/libpam_unix.1 debug > # > # Account management > # > login account sufficient /usr/lib/security/libpam_unix.1 debug > login account sufficient /usr/lib/security/libpam_winbind.1 > debug > su account required /usr/lib/security/libpam_unix.1 debug > dtlogin account required /usr/lib/security/libpam_unix.1 debug > dtaction account required /usr/lib/security/libpam_unix.1 debug > ftp account required /usr/lib/security/libpam_unix.1 debug > # > OTHER account required /usr/lib/security/libpam_unix.1 debug > # > # Session management > # > login session sufficient /usr/lib/security/libpam_unix.1 debug > login session sufficient /usr/lib/security/libpam_winbind.1 > debug > dtlogin session required /usr/lib/security/libpam_unix.1 debug > dtaction session required /usr/lib/security/libpam_unix.1 debug > OTHER session required /usr/lib/security/libpam_unix.1 debug > # > # Password management > # > login password sufficient /usr/lib/security/libpam_unix.1 debug > login password sufficient /usr/lib/security/libpam_winbind.1 > debug > passwd password required /usr/lib/security/libpam_unix.1 debug > passwd password required /usr/lib/security/libpam_winbind.1 > debug > dtlogin password required /usr/lib/security/libpam_unix.1 debug > dtaction password required /usr/lib/security/libpam_unix.1 debug > OTHER password required /usr/lib/security/libpam_unix.1 debug > > Cheers > > Miles > > -----Original Message----- > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > Sent: Saturday, 1 February 2003 04:53 a.m. > To: 'John H Terpstra'; Miles Roper > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON > (HP-USA,ex1); 'Richard Sharpe' > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > Hi, Miles, > Actually on HP-UX, you will need to add the word 'debug' at > the end of each > of > the lines in you /etc/pam.conf file, to enable more debugging > to go into the > > /var/adm/syslog/syslog.log file. > > One thing that I have seen something like this happen on is if the > /etc/shells file is corrupt, or if the shell that is defined > for the user > (since they don't have a /etc/passwd entry, this would be > whatever you put > in > template in the smb.conf) does not exactly match one of the lines in > /etc/shells, > or the defaults, if this file does not exist. > The defaults for 11.0 are: > > > > /sbin/sh > /usr/bin/sh > /usr/bin/rsh > /usr/bin/ksh > /usr/bin/rksh > /usr/bin/csh > /usr/bin/keysh > > Hope this helps, > Don > > -----Original Message----- > > From: John H Terpstra [mailto:jht@samba.org] > > Sent: Friday, January 31, 2003 1:36 > > To: Miles Roper > > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'MCCALL,DON > > (HP-USA,ex1)'; 'Richard Sharpe' > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > Please Help > > > > > > On Fri, 31 Jan 2003, Miles Roper wrote: > > > > > Hi Everyone, > > > > > > I'm forgetting about the password one at the moment, thanks > > for all your > > > input :o) > > > > > > I still don't have a clue how to solve my main problem. > > I'm assuming that > > > its not actually winbind related now, as I've recently > > tried pam_smb and get > > > the same basic problem. > > > > > > Basically, when I log into the UNIX box, the > > username/password of a NT user > > > is being authenticated, but doesn't actually log in. It > > doesn't get past > > > the password line. I know it accepts the password. Its > > almost as if it > > > can't find the shell. But the template variable is set > > within the smb.conf > > > file. Permissions are fine. I have exactly the same > > problem with the > > > pam_smb module. > > > > So what does PAM report into your /var/log files? > > > > Have you tried adding to each line in your /etc/pam.d/login > > (after the .so > > file name) the word 'audit' - this will increase the volume > > of debugging > > info spit out into /var/log/messages, or wherever PAM send > > this on your > > distro. > > > > - John T. > > > > > > > > If there is any further information I can send let me know. > > > > > > Ideas? > > > > > > Thanks > > > > > > Miles > > > > > > > > > -----Original Message----- > > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > > > Sent: Friday, 31 January 2003 07:06 a.m. > > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > Please Help > > > > > > > > > Hi Everyone, > > > This whole problem with the password command not working > > when winbind > > > is included as a method in the nsswitch.conf can probably > > be worked around > > > by simply using the -r files (or -r nis or -r nisplus) > > switch. Take a look > > > at the man page for passwd on HP-UX 11.x and see if this > > won't help you > > > out. > > > Hope this helps, > > > Don > > > > > > > -----Original Message----- > > > > From: Michael Steffens [mailto:michael.steffens@hp.com] > > > > Sent: Tuesday, January 28, 2003 11:52 > > > > To: Ronan Waide > > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally > > Stuck, Please Help > > > > > > > > > > > > Ronan Waide wrote: > > > > > On January 28, Andrew_Esh@adaptec.com said: > > > > > > > > > >>I don't have HPUX, so I don't know what to suggest for > > > > that. I just know > > > > >>getent won't work without winbindd in nsswitch.conf on Linux. > > > > > > > > > > > > > > > I think the point that was being made is that NSS support > > > > on HPUX only > > > > > supports a few known types, of which one is LDAP. The > > discussion was > > > > > basically about faking out the system so that what it > > thinks is LDAP > > > > > is actually winbind. > > > > > > > > Yep. It's a HP-UX specific workaround. Please ignore it > > > > everywhere else. > > > > > > > > Michael > > > > > > > > > > > > > > > -- > > John H Terpstra > > Email: jht@samba.org > > >
Hi Don, Michael Steffens a while back sent me a compiled version of getent which I couldn't get to work. I compiled your version and it doesn't seem to produce any result either, seems to return immeditaly without doing anything. ie coastdr: /mnt/1/samba/test> ./getent passwd WESTCOASTDHB+mroper coastdr: /mnt/1/samba/test> If I run it without any parameters I get a core dump :o) Better tell you that I'm compiling winbind with gcc 3.01 on hpux. I compiled the getent program you sent me with. gcc -c -I. -g -O2 getent.c gcc -g getent.o -o getent>From what you have said it would seem like libnss_winbind.so itsn't working.Anyway to get any debug output? Here is my /usr/lib/libnss* -r-xr-xr-x 1 bin bin 28672 Mar 13 2001 libnss_compat.1 -r-xr-xr-x 1 bin bin 104536 Nov 6 1997 libnss_dns.1 -r-xr-xr-x 1 bin bin 40960 Mar 7 2001 libnss_files.1 lrwxrwxrwx 1 root sys 17 Jan 27 09:49 libnss_ldap.1 -> libns s_winbind.so -r-xr-xr-x 1 bin bin 40960 Mar 13 2001 libnss_nis.1 -r-xr-xr-x 1 bin bin 57344 Mar 13 2001 libnss_nisplus.1 -r-xr-xr-x 1 bin bin 28672 Jan 24 15:23 libnss_winbind.so lrwxrwxrwx 1 root sys 17 Jan 27 11:51 libnss_winbind.so.1 -> libnss_winbind.so lrwxrwxrwx 1 root sys 17 Oct 15 16:14 libnss_winbind.so.2 -> libnss_winbind.so Here is my /etc/nsswitch.conf hosts: dns [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] files [N OTFOUND=return UNAVAIL=continue TRYAGAIN=return] passwd: files winbind group: files winbind Here is the compile output from libnss_winbind.so Compiling nsswitch/winbind_nss.c with -fpic nsswitch/winbind_nss.c: In function `fill_pwent': nsswitch/winbind_nss.c:600: warning: passing arg 2 of `get_static' from incompatible pointer type nsswitch/winbind_nss.c:612: warning: passing arg 2 of `get_static' from incompatible pointer type nsswitch/winbind_nss.c:629: warning: passing arg 2 of `get_static' from incompatible pointer type nsswitch/winbind_nss.c:641: warning: passing arg 2 of `get_static' from incompatible pointer type nsswitch/winbind_nss.c:653: warning: passing arg 2 of `get_static' from incompatible pointer type nsswitch/winbind_nss.c: In function `fill_grent': nsswitch/winbind_nss.c:690: warning: passing arg 2 of `get_static' from incompatible pointer type nsswitch/winbind_nss.c:702: warning: passing arg 2 of `get_static' from incompatible pointer type nsswitch/winbind_nss.c:728: warning: passing arg 2 of `get_static' from incompatible pointer type nsswitch/winbind_nss.c:753: warning: passing arg 2 of `get_static' from incompatible pointer type nsswitch/winbind_nss.c: In function `_nss_winbind_getpwent_r': nsswitch/winbind_nss.c:870: warning: passing arg 4 of `fill_pwent' from incompatible pointer type nsswitch/winbind_nss.c: In function `_nss_winbind_getpwuid_r': nsswitch/winbind_nss.c:920: warning: passing arg 4 of `fill_pwent' from incompatible pointer type nsswitch/winbind_nss.c:933: warning: passing arg 4 of `fill_pwent' from incompatible pointer type nsswitch/winbind_nss.c: In function `_nss_winbind_getpwnam_r': nsswitch/winbind_nss.c:982: warning: passing arg 4 of `fill_pwent' from incompatible pointer type nsswitch/winbind_nss.c:995: warning: passing arg 4 of `fill_pwent' from incompatible pointer type nsswitch/winbind_nss.c: In function `_nss_winbind_getgrent_r': nsswitch/winbind_nss.c:1119: warning: passing arg 5 of `fill_grent' from incompatible pointer type nsswitch/winbind_nss.c: In function `_nss_winbind_getgrnam_r': nsswitch/winbind_nss.c:1179: warning: passing arg 5 of `fill_grent' from incompatible pointer type nsswitch/winbind_nss.c:1193: warning: passing arg 5 of `fill_grent' from incompatible pointer type nsswitch/winbind_nss.c: In function `_nss_winbind_getgrgid_r': nsswitch/winbind_nss.c:1242: warning: passing arg 5 of `fill_grent' from incompatible pointer type nsswitch/winbind_nss.c:1256: warning: passing arg 5 of `fill_grent' from incompatible pointer type Compiling nsswitch/winbind_nss_solaris.c with -fpic Linking nsswitch/libnss_winbind.so Any idea where to go from here? Cheers Miles -----Original Message----- From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] Sent: Thursday, 6 February 2003 05:53 a.m. To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1); samba-technical@lists.samba.org; 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe'; 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1) Subject: RE: Winbind on HPUX 11, some small progress Hi Miles, This sounds like a PAM_USER_UNKNOWN 13 error. Which would indicate that winbind daemon did it's job (ie passed the username and password to the password server ,and got validation back that the user is authenticated, but then when it went thru the nsswitch stuff to 'look up' the user, that failed. Kinda wierd. I don't have your original post, but I'm assuming that you have passwd: files winbind group: files winbind in your /etc/nsswitch.conf file and that you have working links to the winbind nss code (look something like this): 46 Aug 27 11:16 /usr/lib/libnss_winbind.1 -> /usr/local/samba/lib/winbind/libnss_winbind.so To verify that your nsswitch code is working compile the getent.c program I have attached to this message, and then verify that you can get an appropriate uid/gid back for a user defined on your NT password server in the following manner; getent passwd <domainname><domainseparator><username> (for instance on my system, I use '+' as winbind domain separator, and my domain is atl-wtec, so: getent passwd atl-wtec+administrator returns me the 'passwd' entry faked up from the NT domain controller I am a member of. Just a thought, Don> -----Original Message----- > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz] > Sent: Tuesday, February 04, 2003 21:28 > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org; > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H Terpstra'; > Kim (E-mail) > Subject: Winbind on HPUX 11, some small progress > > > Hi All, > > Well, i've managed to enable some debugging in syslog, I had to put in > /etc/syslog.conf > > ;*.debug > > on the syslog line. > > So at least I have an error which is being returned into syslog from > winbind. > > This is what I get from winbind > > Feb 4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie' > Feb 4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie' > granted acces > Feb 4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting > with return code > 13 > > This is what I get from pamsmb (ignore the dates, they are a > bit funny for > some reason) > > Feb 5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user > unix:trainingus > er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC: > Feb 5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry > Feb 4 20:53:55 coastdr : pamsmbd: Got something back... 0 > Feb 4 20:53:55 coastdr : pam_smb: got back 0 username traininguser > Feb 4 20:53:55 coastdr : LOGIN: exiting with return code 13 > > So the error with pamsmb and winbind is the same. I've done > a man on login > and can only find a description of errors, not the error > codes. What is > error code 13? If I can find that out it will make looking > for it a bit > easier. I thought it might be that the shell doens't exist, > but I tried > making a user with a invalid shell and get back error code 1, > so its not > that. > > Ideas? > > Cheers > > Miles > > > -----Original Message----- > From: Miles Roper > Sent: Monday, 3 February 2003 08:54 a.m. > To: 'MCCALL,DON (HP-USA,ex1)' > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard > Sharpe'; 'John H Terpstra' > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > Thanks for your help, still no luck though. More info for you. > > with no debug statements in my /etc/pam.conf I get in sys log > the following. > > Feb 2 14:43:02 coastdr pam_winbind[2832]: user > 'traininguser' granted acces > > with debug turned on I get > > Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user `traininguser' > Feb 2 14:47:49 coastdr pam_winbind[2839]: user > 'traininguser' granted acces > > the user is still logging out. > > incidentlally, when I log in as a unix user, rather than a > win2k user I > don't get anything in sys log. I've included my pam.conf below. > > Also, I checked for /etc/shells, no such file, and I have set > my smb.conf > shell line to > > template shell = /sbin/sh > > and also tried > > template shell = /usr/bin/sh > > both files exist. > > # > # PAM configuration > # > # Authentication management > # > login auth sufficient /usr/lib/security/libpam_unix.1 debug > login auth sufficient /usr/lib/security/libpam_winbind.1 > debug > #login auth sufficient /usr/lib/security/libpam_smb.1 nolocal > debug > su auth required /usr/lib/security/libpam_unix.1 debug > dtlogin auth required /usr/lib/security/libpam_unix.1 debug > dtaction auth required /usr/lib/security/libpam_unix.1 debug > ftp auth required /usr/lib/security/libpam_unix.1 debug > OTHER auth required /usr/lib/security/libpam_unix.1 debug > # > # Account management > # > login account sufficient /usr/lib/security/libpam_unix.1 debug > login account sufficient /usr/lib/security/libpam_winbind.1 > debug > su account required /usr/lib/security/libpam_unix.1 debug > dtlogin account required /usr/lib/security/libpam_unix.1 debug > dtaction account required /usr/lib/security/libpam_unix.1 debug > ftp account required /usr/lib/security/libpam_unix.1 debug > # > OTHER account required /usr/lib/security/libpam_unix.1 debug > # > # Session management > # > login session sufficient /usr/lib/security/libpam_unix.1 debug > login session sufficient /usr/lib/security/libpam_winbind.1 > debug > dtlogin session required /usr/lib/security/libpam_unix.1 debug > dtaction session required /usr/lib/security/libpam_unix.1 debug > OTHER session required /usr/lib/security/libpam_unix.1 debug > # > # Password management > # > login password sufficient /usr/lib/security/libpam_unix.1 debug > login password sufficient /usr/lib/security/libpam_winbind.1 > debug > passwd password required /usr/lib/security/libpam_unix.1 debug > passwd password required /usr/lib/security/libpam_winbind.1 > debug > dtlogin password required /usr/lib/security/libpam_unix.1 debug > dtaction password required /usr/lib/security/libpam_unix.1 debug > OTHER password required /usr/lib/security/libpam_unix.1 debug > > Cheers > > Miles > > -----Original Message----- > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > Sent: Saturday, 1 February 2003 04:53 a.m. > To: 'John H Terpstra'; Miles Roper > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON > (HP-USA,ex1); 'Richard Sharpe' > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, Please Help > > > Hi, Miles, > Actually on HP-UX, you will need to add the word 'debug' at > the end of each > of > the lines in you /etc/pam.conf file, to enable more debugging > to go into the > > /var/adm/syslog/syslog.log file. > > One thing that I have seen something like this happen on is if the > /etc/shells file is corrupt, or if the shell that is defined > for the user > (since they don't have a /etc/passwd entry, this would be > whatever you put > in > template in the smb.conf) does not exactly match one of the lines in > /etc/shells, > or the defaults, if this file does not exist. > The defaults for 11.0 are: > > > > /sbin/sh > /usr/bin/sh > /usr/bin/rsh > /usr/bin/ksh > /usr/bin/rksh > /usr/bin/csh > /usr/bin/keysh > > Hope this helps, > Don > > -----Original Message----- > > From: John H Terpstra [mailto:jht@samba.org] > > Sent: Friday, January 31, 2003 1:36 > > To: Miles Roper > > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'MCCALL,DON > > (HP-USA,ex1)'; 'Richard Sharpe' > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > Please Help > > > > > > On Fri, 31 Jan 2003, Miles Roper wrote: > > > > > Hi Everyone, > > > > > > I'm forgetting about the password one at the moment, thanks > > for all your > > > input :o) > > > > > > I still don't have a clue how to solve my main problem. > > I'm assuming that > > > its not actually winbind related now, as I've recently > > tried pam_smb and get > > > the same basic problem. > > > > > > Basically, when I log into the UNIX box, the > > username/password of a NT user > > > is being authenticated, but doesn't actually log in. It > > doesn't get past > > > the password line. I know it accepts the password. Its > > almost as if it > > > can't find the shell. But the template variable is set > > within the smb.conf > > > file. Permissions are fine. I have exactly the same > > problem with the > > > pam_smb module. > > > > So what does PAM report into your /var/log files? > > > > Have you tried adding to each line in your /etc/pam.d/login > > (after the .so > > file name) the word 'audit' - this will increase the volume > > of debugging > > info spit out into /var/log/messages, or wherever PAM send > > this on your > > distro. > > > > - John T. > > > > > > > > If there is any further information I can send let me know. > > > > > > Ideas? > > > > > > Thanks > > > > > > Miles > > > > > > > > > -----Original Message----- > > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > > > Sent: Friday, 31 January 2003 07:06 a.m. > > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > Please Help > > > > > > > > > Hi Everyone, > > > This whole problem with the password command not working > > when winbind > > > is included as a method in the nsswitch.conf can probably > > be worked around > > > by simply using the -r files (or -r nis or -r nisplus) > > switch. Take a look > > > at the man page for passwd on HP-UX 11.x and see if this > > won't help you > > > out. > > > Hope this helps, > > > Don > > > > > > > -----Original Message----- > > > > From: Michael Steffens [mailto:michael.steffens@hp.com] > > > > Sent: Tuesday, January 28, 2003 11:52 > > > > To: Ronan Waide > > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally > > Stuck, Please Help > > > > > > > > > > > > Ronan Waide wrote: > > > > > On January 28, Andrew_Esh@adaptec.com said: > > > > > > > > > >>I don't have HPUX, so I don't know what to suggest for > > > > that. I just know > > > > >>getent won't work without winbindd in nsswitch.conf on Linux. > > > > > > > > > > > > > > > I think the point that was being made is that NSS support > > > > on HPUX only > > > > > supports a few known types, of which one is LDAP. The > > discussion was > > > > > basically about faking out the system so that what it > > thinks is LDAP > > > > > is actually winbind. > > > > > > > > Yep. It's a HP-UX specific workaround. Please ignore it > > > > everywhere else. > > > > > > > > Michael > > > > > > > > > > > > > > > -- > > John H Terpstra > > Email: jht@samba.org > > >
MCCALL,DON (HP-USA,ex1)
2003-Feb-06 20:36 UTC
[Samba] RE: Winbind on HPUX 11, some small progress
Hi Miles, any reason you are compiling it yourself, instead of pulling the depot from the samba ftp site? That is what I am using successfully. Don> -----Original Message----- > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz] > Sent: Thursday, February 06, 2003 15:31 > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org; > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H Terpstra'; > GILCHRIST,KIM (HP-NewZealand,ex1) > Subject: RE: Winbind on HPUX 11, some small progress > > > Hi Don, > > Michael Steffens a while back sent me a compiled version of > getent which I > couldn't get to work. > > I compiled your version and it doesn't seem to produce any > result either, > seems to return immeditaly without doing anything. > > ie > coastdr: /mnt/1/samba/test> ./getent passwd WESTCOASTDHB+mroper > coastdr: /mnt/1/samba/test> > > If I run it without any parameters I get a core dump :o) > > Better tell you that I'm compiling winbind with gcc 3.01 on hpux. I > compiled the getent program you sent me with. > > gcc -c -I. -g -O2 getent.c > gcc -g getent.o -o getent > > >From what you have said it would seem like libnss_winbind.so > itsn't working. > Anyway to get any debug output? > > Here is my /usr/lib/libnss* > > -r-xr-xr-x 1 bin bin 28672 Mar 13 2001 > libnss_compat.1 > -r-xr-xr-x 1 bin bin 104536 Nov 6 1997 libnss_dns.1 > -r-xr-xr-x 1 bin bin 40960 Mar 7 2001 > libnss_files.1 > lrwxrwxrwx 1 root sys 17 Jan 27 09:49 > libnss_ldap.1 -> > libns > s_winbind.so > -r-xr-xr-x 1 bin bin 40960 Mar 13 2001 libnss_nis.1 > -r-xr-xr-x 1 bin bin 57344 Mar 13 2001 > libnss_nisplus.1 > -r-xr-xr-x 1 bin bin 28672 Jan 24 15:23 > libnss_winbind.so > lrwxrwxrwx 1 root sys 17 Jan 27 11:51 > libnss_winbind.so.1 -> > libnss_winbind.so > lrwxrwxrwx 1 root sys 17 Oct 15 16:14 > libnss_winbind.so.2 -> > libnss_winbind.so > > Here is my /etc/nsswitch.conf > > hosts: dns [NOTFOUND=continue UNAVAIL=continue > TRYAGAIN=continue] files > [N > OTFOUND=return UNAVAIL=continue TRYAGAIN=return] > passwd: files winbind > group: files winbind > > Here is the compile output from libnss_winbind.so > > Compiling nsswitch/winbind_nss.c with -fpic > nsswitch/winbind_nss.c: In function `fill_pwent': > nsswitch/winbind_nss.c:600: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:612: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:629: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:641: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:653: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `fill_grent': > nsswitch/winbind_nss.c:690: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:702: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:728: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:753: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwent_r': > nsswitch/winbind_nss.c:870: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwuid_r': > nsswitch/winbind_nss.c:920: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c:933: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwnam_r': > nsswitch/winbind_nss.c:982: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c:995: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrent_r': > nsswitch/winbind_nss.c:1119: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrnam_r': > nsswitch/winbind_nss.c:1179: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c:1193: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrgid_r': > nsswitch/winbind_nss.c:1242: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c:1256: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > Compiling nsswitch/winbind_nss_solaris.c with -fpic > Linking nsswitch/libnss_winbind.so > > Any idea where to go from here? > > Cheers > > Miles > > -----Original Message----- > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > Sent: Thursday, 6 February 2003 05:53 a.m. > To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1); > samba-technical@lists.samba.org; 'samba@lists.samba.org'; > 'Esh, Andrew'; > 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe'; > 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1) > Subject: RE: Winbind on HPUX 11, some small progress > > > Hi Miles, > This sounds like a > PAM_USER_UNKNOWN 13 > error. Which would indicate that winbind daemon did it's job > (ie passed the > username and > password to the password server ,and got validation back that > the user is > authenticated, > but then when it went thru the nsswitch stuff to 'look up' > the user, that > failed. > Kinda wierd. I don't have your original post, but I'm > assuming that you > have > passwd: files winbind > group: files winbind > > in your /etc/nsswitch.conf file > and that you have working links to the winbind nss code > (look something > like this): > > 46 Aug 27 11:16 /usr/lib/libnss_winbind.1 -> > /usr/local/samba/lib/winbind/libnss_winbind.so > > > To verify that your nsswitch code is working compile the > getent.c program I > have attached to this message, and then verify that you can get an > appropriate uid/gid back for a user > defined on your NT password server in the following manner; > > getent passwd <domainname><domainseparator><username> > (for instance on my system, I use '+' as winbind domain > separator, and my > domain is atl-wtec, > so: getent passwd atl-wtec+administrator returns me the > 'passwd' entry > faked up from the > NT domain controller I am a member of. > > Just a thought, > Don > > > -----Original Message----- > > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz] > > Sent: Tuesday, February 04, 2003 21:28 > > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org; > > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; > > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H > Terpstra'; > > Kim (E-mail) > > Subject: Winbind on HPUX 11, some small progress > > > > > > Hi All, > > > > Well, i've managed to enable some debugging in syslog, I > had to put in > > /etc/syslog.conf > > > > ;*.debug > > > > on the syslog line. > > > > So at least I have an error which is being returned into syslog from > > winbind. > > > > This is what I get from winbind > > > > Feb 4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie' > > Feb 4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie' > > granted acces > > Feb 4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting > > with return code > > 13 > > > > This is what I get from pamsmb (ignore the dates, they are a > > bit funny for > > some reason) > > > > Feb 5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user > > unix:trainingus > > er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC: > > Feb 5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry > > Feb 4 20:53:55 coastdr : pamsmbd: Got something back... 0 > > Feb 4 20:53:55 coastdr : pam_smb: got back 0 username traininguser > > Feb 4 20:53:55 coastdr : LOGIN: exiting with return code 13 > > > > So the error with pamsmb and winbind is the same. I've done > > a man on login > > and can only find a description of errors, not the error > > codes. What is > > error code 13? If I can find that out it will make looking > > for it a bit > > easier. I thought it might be that the shell doens't exist, > > but I tried > > making a user with a invalid shell and get back error code 1, > > so its not > > that. > > > > Ideas? > > > > Cheers > > > > Miles > > > > > > -----Original Message----- > > From: Miles Roper > > Sent: Monday, 3 February 2003 08:54 a.m. > > To: 'MCCALL,DON (HP-USA,ex1)' > > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard > > Sharpe'; 'John H Terpstra' > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > Please Help > > > > > > Thanks for your help, still no luck though. More info for you. > > > > with no debug statements in my /etc/pam.conf I get in sys log > > the following. > > > > Feb 2 14:43:02 coastdr pam_winbind[2832]: user > > 'traininguser' granted acces > > > > with debug turned on I get > > > > Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user > `traininguser' > > Feb 2 14:47:49 coastdr pam_winbind[2839]: user > > 'traininguser' granted acces > > > > the user is still logging out. > > > > incidentlally, when I log in as a unix user, rather than a > > win2k user I > > don't get anything in sys log. I've included my pam.conf below. > > > > Also, I checked for /etc/shells, no such file, and I have set > > my smb.conf > > shell line to > > > > template shell = /sbin/sh > > > > and also tried > > > > template shell = /usr/bin/sh > > > > both files exist. > > > > # > > # PAM configuration > > # > > # Authentication management > > # > > login auth sufficient > /usr/lib/security/libpam_unix.1 debug > > login auth sufficient /usr/lib/security/libpam_winbind.1 > > debug > > #login auth sufficient > /usr/lib/security/libpam_smb.1 nolocal > > debug > > su auth required /usr/lib/security/libpam_unix.1 debug > > dtlogin auth required /usr/lib/security/libpam_unix.1 debug > > dtaction auth required /usr/lib/security/libpam_unix.1 debug > > ftp auth required /usr/lib/security/libpam_unix.1 debug > > OTHER auth required /usr/lib/security/libpam_unix.1 debug > > # > > # Account management > > # > > login account sufficient > /usr/lib/security/libpam_unix.1 debug > > login account sufficient /usr/lib/security/libpam_winbind.1 > > debug > > su account required > /usr/lib/security/libpam_unix.1 debug > > dtlogin account required > /usr/lib/security/libpam_unix.1 debug > > dtaction account required > /usr/lib/security/libpam_unix.1 debug > > ftp account required > /usr/lib/security/libpam_unix.1 debug > > # > > OTHER account required > /usr/lib/security/libpam_unix.1 debug > > # > > # Session management > > # > > login session sufficient > /usr/lib/security/libpam_unix.1 debug > > login session sufficient /usr/lib/security/libpam_winbind.1 > > debug > > dtlogin session required > /usr/lib/security/libpam_unix.1 debug > > dtaction session required > /usr/lib/security/libpam_unix.1 debug > > OTHER session required > /usr/lib/security/libpam_unix.1 debug > > # > > # Password management > > # > > login password sufficient > /usr/lib/security/libpam_unix.1 debug > > login password sufficient /usr/lib/security/libpam_winbind.1 > > debug > > passwd password required > /usr/lib/security/libpam_unix.1 debug > > passwd password required /usr/lib/security/libpam_winbind.1 > > debug > > dtlogin password required > /usr/lib/security/libpam_unix.1 debug > > dtaction password required > /usr/lib/security/libpam_unix.1 debug > > OTHER password required > /usr/lib/security/libpam_unix.1 debug > > > > Cheers > > > > Miles > > > > -----Original Message----- > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > > Sent: Saturday, 1 February 2003 04:53 a.m. > > To: 'John H Terpstra'; Miles Roper > > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON > > (HP-USA,ex1); 'Richard Sharpe' > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > Please Help > > > > > > Hi, Miles, > > Actually on HP-UX, you will need to add the word 'debug' at > > the end of each > > of > > the lines in you /etc/pam.conf file, to enable more debugging > > to go into the > > > > /var/adm/syslog/syslog.log file. > > > > One thing that I have seen something like this happen on is if the > > /etc/shells file is corrupt, or if the shell that is defined > > for the user > > (since they don't have a /etc/passwd entry, this would be > > whatever you put > > in > > template in the smb.conf) does not exactly match one of the lines in > > /etc/shells, > > or the defaults, if this file does not exist. > > The defaults for 11.0 are: > > > > > > > > /sbin/sh > > /usr/bin/sh > > /usr/bin/rsh > > /usr/bin/ksh > > /usr/bin/rksh > > /usr/bin/csh > > /usr/bin/keysh > > > > Hope this helps, > > Don > > > -----Original Message----- > > > From: John H Terpstra [mailto:jht@samba.org] > > > Sent: Friday, January 31, 2003 1:36 > > > To: Miles Roper > > > Cc: 'samba-technical@lists.samba.org'; > 'samba@lists.samba.org'; Esh, > > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); > 'MCCALL,DON > > > (HP-USA,ex1)'; 'Richard Sharpe' > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > Please Help > > > > > > > > > On Fri, 31 Jan 2003, Miles Roper wrote: > > > > > > > Hi Everyone, > > > > > > > > I'm forgetting about the password one at the moment, thanks > > > for all your > > > > input :o) > > > > > > > > I still don't have a clue how to solve my main problem. > > > I'm assuming that > > > > its not actually winbind related now, as I've recently > > > tried pam_smb and get > > > > the same basic problem. > > > > > > > > Basically, when I log into the UNIX box, the > > > username/password of a NT user > > > > is being authenticated, but doesn't actually log in. It > > > doesn't get past > > > > the password line. I know it accepts the password. Its > > > almost as if it > > > > can't find the shell. But the template variable is set > > > within the smb.conf > > > > file. Permissions are fine. I have exactly the same > > > problem with the > > > > pam_smb module. > > > > > > So what does PAM report into your /var/log files? > > > > > > Have you tried adding to each line in your /etc/pam.d/login > > > (after the .so > > > file name) the word 'audit' - this will increase the volume > > > of debugging > > > info spit out into /var/log/messages, or wherever PAM send > > > this on your > > > distro. > > > > > > - John T. > > > > > > > > > > > If there is any further information I can send let me know. > > > > > > > > Ideas? > > > > > > > > Thanks > > > > > > > > Miles > > > > > > > > > > > > -----Original Message----- > > > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > > > > Sent: Friday, 31 January 2003 07:06 a.m. > > > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide > > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > > Please Help > > > > > > > > > > > > Hi Everyone, > > > > This whole problem with the password command not working > > > when winbind > > > > is included as a method in the nsswitch.conf can probably > > > be worked around > > > > by simply using the -r files (or -r nis or -r nisplus) > > > switch. Take a look > > > > at the man page for passwd on HP-UX 11.x and see if this > > > won't help you > > > > out. > > > > Hope this helps, > > > > Don > > > > > > > > > -----Original Message----- > > > > > From: Michael Steffens [mailto:michael.steffens@hp.com] > > > > > Sent: Tuesday, January 28, 2003 11:52 > > > > > To: Ronan Waide > > > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally > > > Stuck, Please Help > > > > > > > > > > > > > > > Ronan Waide wrote: > > > > > > On January 28, Andrew_Esh@adaptec.com said: > > > > > > > > > > > >>I don't have HPUX, so I don't know what to suggest for > > > > > that. I just know > > > > > >>getent won't work without winbindd in nsswitch.conf > on Linux. > > > > > > > > > > > > > > > > > > I think the point that was being made is that NSS support > > > > > on HPUX only > > > > > > supports a few known types, of which one is LDAP. The > > > discussion was > > > > > > basically about faking out the system so that what it > > > thinks is LDAP > > > > > > is actually winbind. > > > > > > > > > > Yep. It's a HP-UX specific workaround. Please ignore it > > > > > everywhere else. > > > > > > > > > > Michael > > > > > > > > > > > > > > > > > > > > -- > > > John H Terpstra > > > Email: jht@samba.org > > > > > >
MCCALL,DON (HP-USA,ex1)
2003-Feb-06 20:37 UTC
[Samba] RE: Winbind on HPUX 11, some small progress
ps, the fact that get getpwent and getent programs that you are running do NOT return any output indicate that the issue is probably with the libnss_winbind.so on your system.. Don> -----Original Message----- > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz] > Sent: Thursday, February 06, 2003 15:31 > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org; > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H Terpstra'; > GILCHRIST,KIM (HP-NewZealand,ex1) > Subject: RE: Winbind on HPUX 11, some small progress > > > Hi Don, > > Michael Steffens a while back sent me a compiled version of > getent which I > couldn't get to work. > > I compiled your version and it doesn't seem to produce any > result either, > seems to return immeditaly without doing anything. > > ie > coastdr: /mnt/1/samba/test> ./getent passwd WESTCOASTDHB+mroper > coastdr: /mnt/1/samba/test> > > If I run it without any parameters I get a core dump :o) > > Better tell you that I'm compiling winbind with gcc 3.01 on hpux. I > compiled the getent program you sent me with. > > gcc -c -I. -g -O2 getent.c > gcc -g getent.o -o getent > > >From what you have said it would seem like libnss_winbind.so > itsn't working. > Anyway to get any debug output? > > Here is my /usr/lib/libnss* > > -r-xr-xr-x 1 bin bin 28672 Mar 13 2001 > libnss_compat.1 > -r-xr-xr-x 1 bin bin 104536 Nov 6 1997 libnss_dns.1 > -r-xr-xr-x 1 bin bin 40960 Mar 7 2001 > libnss_files.1 > lrwxrwxrwx 1 root sys 17 Jan 27 09:49 > libnss_ldap.1 -> > libns > s_winbind.so > -r-xr-xr-x 1 bin bin 40960 Mar 13 2001 libnss_nis.1 > -r-xr-xr-x 1 bin bin 57344 Mar 13 2001 > libnss_nisplus.1 > -r-xr-xr-x 1 bin bin 28672 Jan 24 15:23 > libnss_winbind.so > lrwxrwxrwx 1 root sys 17 Jan 27 11:51 > libnss_winbind.so.1 -> > libnss_winbind.so > lrwxrwxrwx 1 root sys 17 Oct 15 16:14 > libnss_winbind.so.2 -> > libnss_winbind.so > > Here is my /etc/nsswitch.conf > > hosts: dns [NOTFOUND=continue UNAVAIL=continue > TRYAGAIN=continue] files > [N > OTFOUND=return UNAVAIL=continue TRYAGAIN=return] > passwd: files winbind > group: files winbind > > Here is the compile output from libnss_winbind.so > > Compiling nsswitch/winbind_nss.c with -fpic > nsswitch/winbind_nss.c: In function `fill_pwent': > nsswitch/winbind_nss.c:600: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:612: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:629: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:641: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:653: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `fill_grent': > nsswitch/winbind_nss.c:690: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:702: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:728: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:753: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwent_r': > nsswitch/winbind_nss.c:870: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwuid_r': > nsswitch/winbind_nss.c:920: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c:933: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwnam_r': > nsswitch/winbind_nss.c:982: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c:995: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrent_r': > nsswitch/winbind_nss.c:1119: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrnam_r': > nsswitch/winbind_nss.c:1179: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c:1193: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrgid_r': > nsswitch/winbind_nss.c:1242: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c:1256: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > Compiling nsswitch/winbind_nss_solaris.c with -fpic > Linking nsswitch/libnss_winbind.so > > Any idea where to go from here? > > Cheers > > Miles > > -----Original Message----- > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > Sent: Thursday, 6 February 2003 05:53 a.m. > To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1); > samba-technical@lists.samba.org; 'samba@lists.samba.org'; > 'Esh, Andrew'; > 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe'; > 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1) > Subject: RE: Winbind on HPUX 11, some small progress > > > Hi Miles, > This sounds like a > PAM_USER_UNKNOWN 13 > error. Which would indicate that winbind daemon did it's job > (ie passed the > username and > password to the password server ,and got validation back that > the user is > authenticated, > but then when it went thru the nsswitch stuff to 'look up' > the user, that > failed. > Kinda wierd. I don't have your original post, but I'm > assuming that you > have > passwd: files winbind > group: files winbind > > in your /etc/nsswitch.conf file > and that you have working links to the winbind nss code > (look something > like this): > > 46 Aug 27 11:16 /usr/lib/libnss_winbind.1 -> > /usr/local/samba/lib/winbind/libnss_winbind.so > > > To verify that your nsswitch code is working compile the > getent.c program I > have attached to this message, and then verify that you can get an > appropriate uid/gid back for a user > defined on your NT password server in the following manner; > > getent passwd <domainname><domainseparator><username> > (for instance on my system, I use '+' as winbind domain > separator, and my > domain is atl-wtec, > so: getent passwd atl-wtec+administrator returns me the > 'passwd' entry > faked up from the > NT domain controller I am a member of. > > Just a thought, > Don > > > -----Original Message----- > > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz] > > Sent: Tuesday, February 04, 2003 21:28 > > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org; > > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; > > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H > Terpstra'; > > Kim (E-mail) > > Subject: Winbind on HPUX 11, some small progress > > > > > > Hi All, > > > > Well, i've managed to enable some debugging in syslog, I > had to put in > > /etc/syslog.conf > > > > ;*.debug > > > > on the syslog line. > > > > So at least I have an error which is being returned into syslog from > > winbind. > > > > This is what I get from winbind > > > > Feb 4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie' > > Feb 4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie' > > granted acces > > Feb 4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting > > with return code > > 13 > > > > This is what I get from pamsmb (ignore the dates, they are a > > bit funny for > > some reason) > > > > Feb 5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user > > unix:trainingus > > er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC: > > Feb 5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry > > Feb 4 20:53:55 coastdr : pamsmbd: Got something back... 0 > > Feb 4 20:53:55 coastdr : pam_smb: got back 0 username traininguser > > Feb 4 20:53:55 coastdr : LOGIN: exiting with return code 13 > > > > So the error with pamsmb and winbind is the same. I've done > > a man on login > > and can only find a description of errors, not the error > > codes. What is > > error code 13? If I can find that out it will make looking > > for it a bit > > easier. I thought it might be that the shell doens't exist, > > but I tried > > making a user with a invalid shell and get back error code 1, > > so its not > > that. > > > > Ideas? > > > > Cheers > > > > Miles > > > > > > -----Original Message----- > > From: Miles Roper > > Sent: Monday, 3 February 2003 08:54 a.m. > > To: 'MCCALL,DON (HP-USA,ex1)' > > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard > > Sharpe'; 'John H Terpstra' > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > Please Help > > > > > > Thanks for your help, still no luck though. More info for you. > > > > with no debug statements in my /etc/pam.conf I get in sys log > > the following. > > > > Feb 2 14:43:02 coastdr pam_winbind[2832]: user > > 'traininguser' granted acces > > > > with debug turned on I get > > > > Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user > `traininguser' > > Feb 2 14:47:49 coastdr pam_winbind[2839]: user > > 'traininguser' granted acces > > > > the user is still logging out. > > > > incidentlally, when I log in as a unix user, rather than a > > win2k user I > > don't get anything in sys log. I've included my pam.conf below. > > > > Also, I checked for /etc/shells, no such file, and I have set > > my smb.conf > > shell line to > > > > template shell = /sbin/sh > > > > and also tried > > > > template shell = /usr/bin/sh > > > > both files exist. > > > > # > > # PAM configuration > > # > > # Authentication management > > # > > login auth sufficient > /usr/lib/security/libpam_unix.1 debug > > login auth sufficient /usr/lib/security/libpam_winbind.1 > > debug > > #login auth sufficient > /usr/lib/security/libpam_smb.1 nolocal > > debug > > su auth required /usr/lib/security/libpam_unix.1 debug > > dtlogin auth required /usr/lib/security/libpam_unix.1 debug > > dtaction auth required /usr/lib/security/libpam_unix.1 debug > > ftp auth required /usr/lib/security/libpam_unix.1 debug > > OTHER auth required /usr/lib/security/libpam_unix.1 debug > > # > > # Account management > > # > > login account sufficient > /usr/lib/security/libpam_unix.1 debug > > login account sufficient /usr/lib/security/libpam_winbind.1 > > debug > > su account required > /usr/lib/security/libpam_unix.1 debug > > dtlogin account required > /usr/lib/security/libpam_unix.1 debug > > dtaction account required > /usr/lib/security/libpam_unix.1 debug > > ftp account required > /usr/lib/security/libpam_unix.1 debug > > # > > OTHER account required > /usr/lib/security/libpam_unix.1 debug > > # > > # Session management > > # > > login session sufficient > /usr/lib/security/libpam_unix.1 debug > > login session sufficient /usr/lib/security/libpam_winbind.1 > > debug > > dtlogin session required > /usr/lib/security/libpam_unix.1 debug > > dtaction session required > /usr/lib/security/libpam_unix.1 debug > > OTHER session required > /usr/lib/security/libpam_unix.1 debug > > # > > # Password management > > # > > login password sufficient > /usr/lib/security/libpam_unix.1 debug > > login password sufficient /usr/lib/security/libpam_winbind.1 > > debug > > passwd password required > /usr/lib/security/libpam_unix.1 debug > > passwd password required /usr/lib/security/libpam_winbind.1 > > debug > > dtlogin password required > /usr/lib/security/libpam_unix.1 debug > > dtaction password required > /usr/lib/security/libpam_unix.1 debug > > OTHER password required > /usr/lib/security/libpam_unix.1 debug > > > > Cheers > > > > Miles > > > > -----Original Message----- > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > > Sent: Saturday, 1 February 2003 04:53 a.m. > > To: 'John H Terpstra'; Miles Roper > > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON > > (HP-USA,ex1); 'Richard Sharpe' > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > Please Help > > > > > > Hi, Miles, > > Actually on HP-UX, you will need to add the word 'debug' at > > the end of each > > of > > the lines in you /etc/pam.conf file, to enable more debugging > > to go into the > > > > /var/adm/syslog/syslog.log file. > > > > One thing that I have seen something like this happen on is if the > > /etc/shells file is corrupt, or if the shell that is defined > > for the user > > (since they don't have a /etc/passwd entry, this would be > > whatever you put > > in > > template in the smb.conf) does not exactly match one of the lines in > > /etc/shells, > > or the defaults, if this file does not exist. > > The defaults for 11.0 are: > > > > > > > > /sbin/sh > > /usr/bin/sh > > /usr/bin/rsh > > /usr/bin/ksh > > /usr/bin/rksh > > /usr/bin/csh > > /usr/bin/keysh > > > > Hope this helps, > > Don > > > -----Original Message----- > > > From: John H Terpstra [mailto:jht@samba.org] > > > Sent: Friday, January 31, 2003 1:36 > > > To: Miles Roper > > > Cc: 'samba-technical@lists.samba.org'; > 'samba@lists.samba.org'; Esh, > > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); > 'MCCALL,DON > > > (HP-USA,ex1)'; 'Richard Sharpe' > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > Please Help > > > > > > > > > On Fri, 31 Jan 2003, Miles Roper wrote: > > > > > > > Hi Everyone, > > > > > > > > I'm forgetting about the password one at the moment, thanks > > > for all your > > > > input :o) > > > > > > > > I still don't have a clue how to solve my main problem. > > > I'm assuming that > > > > its not actually winbind related now, as I've recently > > > tried pam_smb and get > > > > the same basic problem. > > > > > > > > Basically, when I log into the UNIX box, the > > > username/password of a NT user > > > > is being authenticated, but doesn't actually log in. It > > > doesn't get past > > > > the password line. I know it accepts the password. Its > > > almost as if it > > > > can't find the shell. But the template variable is set > > > within the smb.conf > > > > file. Permissions are fine. I have exactly the same > > > problem with the > > > > pam_smb module. > > > > > > So what does PAM report into your /var/log files? > > > > > > Have you tried adding to each line in your /etc/pam.d/login > > > (after the .so > > > file name) the word 'audit' - this will increase the volume > > > of debugging > > > info spit out into /var/log/messages, or wherever PAM send > > > this on your > > > distro. > > > > > > - John T. > > > > > > > > > > > If there is any further information I can send let me know. > > > > > > > > Ideas? > > > > > > > > Thanks > > > > > > > > Miles > > > > > > > > > > > > -----Original Message----- > > > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > > > > Sent: Friday, 31 January 2003 07:06 a.m. > > > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide > > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > > Please Help > > > > > > > > > > > > Hi Everyone, > > > > This whole problem with the password command not working > > > when winbind > > > > is included as a method in the nsswitch.conf can probably > > > be worked around > > > > by simply using the -r files (or -r nis or -r nisplus) > > > switch. Take a look > > > > at the man page for passwd on HP-UX 11.x and see if this > > > won't help you > > > > out. > > > > Hope this helps, > > > > Don > > > > > > > > > -----Original Message----- > > > > > From: Michael Steffens [mailto:michael.steffens@hp.com] > > > > > Sent: Tuesday, January 28, 2003 11:52 > > > > > To: Ronan Waide > > > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally > > > Stuck, Please Help > > > > > > > > > > > > > > > Ronan Waide wrote: > > > > > > On January 28, Andrew_Esh@adaptec.com said: > > > > > > > > > > > >>I don't have HPUX, so I don't know what to suggest for > > > > > that. I just know > > > > > >>getent won't work without winbindd in nsswitch.conf > on Linux. > > > > > > > > > > > > > > > > > > I think the point that was being made is that NSS support > > > > > on HPUX only > > > > > > supports a few known types, of which one is LDAP. The > > > discussion was > > > > > > basically about faking out the system so that what it > > > thinks is LDAP > > > > > > is actually winbind. > > > > > > > > > > Yep. It's a HP-UX specific workaround. Please ignore it > > > > > everywhere else. > > > > > > > > > > Michael > > > > > > > > > > > > > > > > > > > > -- > > > John H Terpstra > > > Email: jht@samba.org > > > > > >
had the same problem, I thought compiling it from scratch may fix it,
although I've only just recently worked out how to get the extra debugging
from pam, but symptoms were exactly the same.
has taken me a long time to work out how to compile it on hpux with gcc, had
to change a include file and the configure script, i've included it for you
interest :o)
in configure find
if test $ac_cv_prog_cc_Ae = yes; then
BLDSHARED="true"
SHLD="/usr/bin/ld"
LDSHFLAGS="-B symbolic -b -z"
PICFLAG="+z"
fi
change to
#if test $ac_cv_prog_cc_Ae = yes; then
BLDSHARED="true"
SHLD="/usr/bin/ld"
LDSHFLAGS="-B symbolic -b -z"
# PICFLAG="+z"
#fi
find
/usr/local/lib/gcc-lib/hppa2.0n-hp-hpux11.00/3.1/include/stdio.h
BEFORE
extern int snprintf(char *, _hpux_size_t, char *,...);
AFTER
extern int snprintf(char *, _hpux_size_t, const char *,...);
ps, that was quick :o)
-----Original Message-----
From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com]
Sent: Friday, 7 February 2003 09:36 a.m.
To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1);
samba-technical@lists.samba.org; 'samba@lists.samba.org'; 'Esh,
Andrew';
'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard
Sharpe';
'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1)
Subject: RE: Winbind on HPUX 11, some small progress
Hi Miles,
any reason you are compiling it yourself, instead of pulling the depot from
the samba ftp site?
That is what I am using successfully.
Don
> -----Original Message-----
> From: Miles Roper [mailto:mroper@westcoastdhb.org.nz]
> Sent: Thursday, February 06, 2003 15:31
> To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org;
> 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan
Waide';
> michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H
Terpstra';
> GILCHRIST,KIM (HP-NewZealand,ex1)
> Subject: RE: Winbind on HPUX 11, some small progress
>
>
> Hi Don,
>
> Michael Steffens a while back sent me a compiled version of
> getent which I
> couldn't get to work.
>
> I compiled your version and it doesn't seem to produce any
> result either,
> seems to return immeditaly without doing anything.
>
> ie
> coastdr: /mnt/1/samba/test> ./getent passwd WESTCOASTDHB+mroper
> coastdr: /mnt/1/samba/test>
>
> If I run it without any parameters I get a core dump :o)
>
> Better tell you that I'm compiling winbind with gcc 3.01 on hpux. I
> compiled the getent program you sent me with.
>
> gcc -c -I. -g -O2 getent.c
> gcc -g getent.o -o getent
>
> >From what you have said it would seem like libnss_winbind.so
> itsn't working.
> Anyway to get any debug output?
>
> Here is my /usr/lib/libnss*
>
> -r-xr-xr-x 1 bin bin 28672 Mar 13 2001
> libnss_compat.1
> -r-xr-xr-x 1 bin bin 104536 Nov 6 1997 libnss_dns.1
> -r-xr-xr-x 1 bin bin 40960 Mar 7 2001
> libnss_files.1
> lrwxrwxrwx 1 root sys 17 Jan 27 09:49
> libnss_ldap.1 ->
> libns
> s_winbind.so
> -r-xr-xr-x 1 bin bin 40960 Mar 13 2001 libnss_nis.1
> -r-xr-xr-x 1 bin bin 57344 Mar 13 2001
> libnss_nisplus.1
> -r-xr-xr-x 1 bin bin 28672 Jan 24 15:23
> libnss_winbind.so
> lrwxrwxrwx 1 root sys 17 Jan 27 11:51
> libnss_winbind.so.1 ->
> libnss_winbind.so
> lrwxrwxrwx 1 root sys 17 Oct 15 16:14
> libnss_winbind.so.2 ->
> libnss_winbind.so
>
> Here is my /etc/nsswitch.conf
>
> hosts: dns [NOTFOUND=continue UNAVAIL=continue
> TRYAGAIN=continue] files
> [N
> OTFOUND=return UNAVAIL=continue TRYAGAIN=return]
> passwd: files winbind
> group: files winbind
>
> Here is the compile output from libnss_winbind.so
>
> Compiling nsswitch/winbind_nss.c with -fpic
> nsswitch/winbind_nss.c: In function `fill_pwent':
> nsswitch/winbind_nss.c:600: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:612: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:629: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:641: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:653: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `fill_grent':
> nsswitch/winbind_nss.c:690: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:702: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:728: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c:753: warning: passing arg 2 of
> `get_static' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getpwent_r':
> nsswitch/winbind_nss.c:870: warning: passing arg 4 of
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getpwuid_r':
> nsswitch/winbind_nss.c:920: warning: passing arg 4 of
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:933: warning: passing arg 4 of
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getpwnam_r':
> nsswitch/winbind_nss.c:982: warning: passing arg 4 of
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:995: warning: passing arg 4 of
> `fill_pwent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getgrent_r':
> nsswitch/winbind_nss.c:1119: warning: passing arg 5 of
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getgrnam_r':
> nsswitch/winbind_nss.c:1179: warning: passing arg 5 of
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:1193: warning: passing arg 5 of
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c: In function `_nss_winbind_getgrgid_r':
> nsswitch/winbind_nss.c:1242: warning: passing arg 5 of
> `fill_grent' from
> incompatible pointer type
> nsswitch/winbind_nss.c:1256: warning: passing arg 5 of
> `fill_grent' from
> incompatible pointer type
> Compiling nsswitch/winbind_nss_solaris.c with -fpic
> Linking nsswitch/libnss_winbind.so
>
> Any idea where to go from here?
>
> Cheers
>
> Miles
>
> -----Original Message-----
> From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com]
> Sent: Thursday, 6 February 2003 05:53 a.m.
> To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1);
> samba-technical@lists.samba.org; 'samba@lists.samba.org';
> 'Esh, Andrew';
> 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard
Sharpe';
> 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1)
> Subject: RE: Winbind on HPUX 11, some small progress
>
>
> Hi Miles,
> This sounds like a
> PAM_USER_UNKNOWN 13
> error. Which would indicate that winbind daemon did it's job
> (ie passed the
> username and
> password to the password server ,and got validation back that
> the user is
> authenticated,
> but then when it went thru the nsswitch stuff to 'look up'
> the user, that
> failed.
> Kinda wierd. I don't have your original post, but I'm
> assuming that you
> have
> passwd: files winbind
> group: files winbind
>
> in your /etc/nsswitch.conf file
> and that you have working links to the winbind nss code
> (look something
> like this):
>
> 46 Aug 27 11:16 /usr/lib/libnss_winbind.1 ->
> /usr/local/samba/lib/winbind/libnss_winbind.so
>
>
> To verify that your nsswitch code is working compile the
> getent.c program I
> have attached to this message, and then verify that you can get an
> appropriate uid/gid back for a user
> defined on your NT password server in the following manner;
>
> getent passwd <domainname><domainseparator><username>
> (for instance on my system, I use '+' as winbind domain
> separator, and my
> domain is atl-wtec,
> so: getent passwd atl-wtec+administrator returns me the
> 'passwd' entry
> faked up from the
> NT domain controller I am a member of.
>
> Just a thought,
> Don
>
> > -----Original Message-----
> > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz]
> > Sent: Tuesday, February 04, 2003 21:28
> > To: 'MCCALL,DON (HP-USA,ex1)';
samba-technical@lists.samba.org;
> > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan
Waide';
> > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John
H
> Terpstra';
> > Kim (E-mail)
> > Subject: Winbind on HPUX 11, some small progress
> >
> >
> > Hi All,
> >
> > Well, i've managed to enable some debugging in syslog, I
> had to put in
> > /etc/syslog.conf
> >
> > ;*.debug
> >
> > on the syslog line.
> >
> > So at least I have an error which is being returned into syslog from
> > winbind.
> >
> > This is what I get from winbind
> >
> > Feb 4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie'
> > Feb 4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie'
> > granted acces
> > Feb 4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting
> > with return code
> > 13
> >
> > This is what I get from pamsmb (ignore the dates, they are a
> > bit funny for
> > some reason)
> >
> > Feb 5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user
> > unix:trainingus
> > er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC:
> > Feb 5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry
> > Feb 4 20:53:55 coastdr : pamsmbd: Got something back... 0
> > Feb 4 20:53:55 coastdr : pam_smb: got back 0 username traininguser
> > Feb 4 20:53:55 coastdr : LOGIN: exiting with return code 13
> >
> > So the error with pamsmb and winbind is the same. I've done
> > a man on login
> > and can only find a description of errors, not the error
> > codes. What is
> > error code 13? If I can find that out it will make looking
> > for it a bit
> > easier. I thought it might be that the shell doens't exist,
> > but I tried
> > making a user with a invalid shell and get back error code 1,
> > so its not
> > that.
> >
> > Ideas?
> >
> > Cheers
> >
> > Miles
> >
> >
> > -----Original Message-----
> > From: Miles Roper
> > Sent: Monday, 3 February 2003 08:54 a.m.
> > To: 'MCCALL,DON (HP-USA,ex1)'
> > Cc: 'samba-technical@lists.samba.org';
'samba@lists.samba.org'; Esh,
> > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard
> > Sharpe'; 'John H Terpstra'
> > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> Please Help
> >
> >
> > Thanks for your help, still no luck though. More info for you.
> >
> > with no debug statements in my /etc/pam.conf I get in sys log
> > the following.
> >
> > Feb 2 14:43:02 coastdr pam_winbind[2832]: user
> > 'traininguser' granted acces
> >
> > with debug turned on I get
> >
> > Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user
> `traininguser'
> > Feb 2 14:47:49 coastdr pam_winbind[2839]: user
> > 'traininguser' granted acces
> >
> > the user is still logging out.
> >
> > incidentlally, when I log in as a unix user, rather than a
> > win2k user I
> > don't get anything in sys log. I've included my pam.conf
below.
> >
> > Also, I checked for /etc/shells, no such file, and I have set
> > my smb.conf
> > shell line to
> >
> > template shell = /sbin/sh
> >
> > and also tried
> >
> > template shell = /usr/bin/sh
> >
> > both files exist.
> >
> > #
> > # PAM configuration
> > #
> > # Authentication management
> > #
> > login auth sufficient
> /usr/lib/security/libpam_unix.1 debug
> > login auth sufficient /usr/lib/security/libpam_winbind.1
> > debug
> > #login auth sufficient
> /usr/lib/security/libpam_smb.1 nolocal
> > debug
> > su auth required /usr/lib/security/libpam_unix.1 debug
> > dtlogin auth required /usr/lib/security/libpam_unix.1 debug
> > dtaction auth required /usr/lib/security/libpam_unix.1 debug
> > ftp auth required /usr/lib/security/libpam_unix.1 debug
> > OTHER auth required /usr/lib/security/libpam_unix.1 debug
> > #
> > # Account management
> > #
> > login account sufficient
> /usr/lib/security/libpam_unix.1 debug
> > login account sufficient /usr/lib/security/libpam_winbind.1
> > debug
> > su account required
> /usr/lib/security/libpam_unix.1 debug
> > dtlogin account required
> /usr/lib/security/libpam_unix.1 debug
> > dtaction account required
> /usr/lib/security/libpam_unix.1 debug
> > ftp account required
> /usr/lib/security/libpam_unix.1 debug
> > #
> > OTHER account required
> /usr/lib/security/libpam_unix.1 debug
> > #
> > # Session management
> > #
> > login session sufficient
> /usr/lib/security/libpam_unix.1 debug
> > login session sufficient /usr/lib/security/libpam_winbind.1
> > debug
> > dtlogin session required
> /usr/lib/security/libpam_unix.1 debug
> > dtaction session required
> /usr/lib/security/libpam_unix.1 debug
> > OTHER session required
> /usr/lib/security/libpam_unix.1 debug
> > #
> > # Password management
> > #
> > login password sufficient
> /usr/lib/security/libpam_unix.1 debug
> > login password sufficient /usr/lib/security/libpam_winbind.1
> > debug
> > passwd password required
> /usr/lib/security/libpam_unix.1 debug
> > passwd password required /usr/lib/security/libpam_winbind.1
> > debug
> > dtlogin password required
> /usr/lib/security/libpam_unix.1 debug
> > dtaction password required
> /usr/lib/security/libpam_unix.1 debug
> > OTHER password required
> /usr/lib/security/libpam_unix.1 debug
> >
> > Cheers
> >
> > Miles
> >
> > -----Original Message-----
> > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com]
> > Sent: Saturday, 1 February 2003 04:53 a.m.
> > To: 'John H Terpstra'; Miles Roper
> > Cc: 'samba-technical@lists.samba.org';
'samba@lists.samba.org'; Esh,
> > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON
> > (HP-USA,ex1); 'Richard Sharpe'
> > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> Please Help
> >
> >
> > Hi, Miles,
> > Actually on HP-UX, you will need to add the word 'debug' at
> > the end of each
> > of
> > the lines in you /etc/pam.conf file, to enable more debugging
> > to go into the
> >
> > /var/adm/syslog/syslog.log file.
> >
> > One thing that I have seen something like this happen on is if the
> > /etc/shells file is corrupt, or if the shell that is defined
> > for the user
> > (since they don't have a /etc/passwd entry, this would be
> > whatever you put
> > in
> > template in the smb.conf) does not exactly match one of the lines in
> > /etc/shells,
> > or the defaults, if this file does not exist.
> > The defaults for 11.0 are:
> >
> >
> >
> > /sbin/sh
> > /usr/bin/sh
> > /usr/bin/rsh
> > /usr/bin/ksh
> > /usr/bin/rksh
> > /usr/bin/csh
> > /usr/bin/keysh
> >
> > Hope this helps,
> > Don
> > > -----Original Message-----
> > > From: John H Terpstra [mailto:jht@samba.org]
> > > Sent: Friday, January 31, 2003 1:36
> > > To: Miles Roper
> > > Cc: 'samba-technical@lists.samba.org';
> 'samba@lists.samba.org'; Esh,
> > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1);
> 'MCCALL,DON
> > > (HP-USA,ex1)'; 'Richard Sharpe'
> > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> > Please Help
> > >
> > >
> > > On Fri, 31 Jan 2003, Miles Roper wrote:
> > >
> > > > Hi Everyone,
> > > >
> > > > I'm forgetting about the password one at the moment,
thanks
> > > for all your
> > > > input :o)
> > > >
> > > > I still don't have a clue how to solve my main problem.
> > > I'm assuming that
> > > > its not actually winbind related now, as I've recently
> > > tried pam_smb and get
> > > > the same basic problem.
> > > >
> > > > Basically, when I log into the UNIX box, the
> > > username/password of a NT user
> > > > is being authenticated, but doesn't actually log in. It
> > > doesn't get past
> > > > the password line. I know it accepts the password. Its
> > > almost as if it
> > > > can't find the shell. But the template variable is set
> > > within the smb.conf
> > > > file. Permissions are fine. I have exactly the same
> > > problem with the
> > > > pam_smb module.
> > >
> > > So what does PAM report into your /var/log files?
> > >
> > > Have you tried adding to each line in your /etc/pam.d/login
> > > (after the .so
> > > file name) the word 'audit' - this will increase the
volume
> > > of debugging
> > > info spit out into /var/log/messages, or wherever PAM send
> > > this on your
> > > distro.
> > >
> > > - John T.
> > >
> > > >
> > > > If there is any further information I can send let me know.
> > > >
> > > > Ideas?
> > > >
> > > > Thanks
> > > >
> > > > Miles
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com]
> > > > Sent: Friday, 31 January 2003 07:06 a.m.
> > > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide
> > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles
Roper;
> > > > 'samba-technical@lists.samba.org'; 'Richard
Sharpe'
> > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck,
> > > Please Help
> > > >
> > > >
> > > > Hi Everyone,
> > > > This whole problem with the password command not working
> > > when winbind
> > > > is included as a method in the nsswitch.conf can probably
> > > be worked around
> > > > by simply using the -r files (or -r nis or -r nisplus)
> > > switch. Take a look
> > > > at the man page for passwd on HP-UX 11.x and see if this
> > > won't help you
> > > > out.
> > > > Hope this helps,
> > > > Don
> > > >
> > > > > -----Original Message-----
> > > > > From: Michael Steffens [mailto:michael.steffens@hp.com]
> > > > > Sent: Tuesday, January 28, 2003 11:52
> > > > > To: Ronan Waide
> > > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles
Roper;
> > > > > 'samba-technical@lists.samba.org'; 'Richard
Sharpe'
> > > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally
> > > Stuck, Please Help
> > > > >
> > > > >
> > > > > Ronan Waide wrote:
> > > > > > On January 28, Andrew_Esh@adaptec.com said:
> > > > > >
> > > > > >>I don't have HPUX, so I don't know what
to suggest for
> > > > > that. I just know
> > > > > >>getent won't work without winbindd in
nsswitch.conf
> on Linux.
> > > > > >
> > > > > >
> > > > > > I think the point that was being made is that NSS
support
> > > > > on HPUX only
> > > > > > supports a few known types, of which one is LDAP.
The
> > > discussion was
> > > > > > basically about faking out the system so that what
it
> > > thinks is LDAP
> > > > > > is actually winbind.
> > > > >
> > > > > Yep. It's a HP-UX specific workaround. Please
ignore it
> > > > > everywhere else.
> > > > >
> > > > > Michael
> > > > >
> > > > >
> > > >
> > >
> > > --
> > > John H Terpstra
> > > Email: jht@samba.org
> > >
> >
>
so where to from now? do you think it would be useful to install the compiled one for HPUX one from samba ftp? just a note, I've been tring to get this to work for at least a year, since winbind was first included in winbind, this time I'm determined I'm going to get it working :o) -----Original Message----- From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] Sent: Friday, 7 February 2003 09:37 a.m. To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1); samba-technical@lists.samba.org; 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe'; 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1) Subject: RE: Winbind on HPUX 11, some small progress ps, the fact that get getpwent and getent programs that you are running do NOT return any output indicate that the issue is probably with the libnss_winbind.so on your system.. Don> -----Original Message----- > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz] > Sent: Thursday, February 06, 2003 15:31 > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org; > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H Terpstra'; > GILCHRIST,KIM (HP-NewZealand,ex1) > Subject: RE: Winbind on HPUX 11, some small progress > > > Hi Don, > > Michael Steffens a while back sent me a compiled version of > getent which I > couldn't get to work. > > I compiled your version and it doesn't seem to produce any > result either, > seems to return immeditaly without doing anything. > > ie > coastdr: /mnt/1/samba/test> ./getent passwd WESTCOASTDHB+mroper > coastdr: /mnt/1/samba/test> > > If I run it without any parameters I get a core dump :o) > > Better tell you that I'm compiling winbind with gcc 3.01 on hpux. I > compiled the getent program you sent me with. > > gcc -c -I. -g -O2 getent.c > gcc -g getent.o -o getent > > >From what you have said it would seem like libnss_winbind.so > itsn't working. > Anyway to get any debug output? > > Here is my /usr/lib/libnss* > > -r-xr-xr-x 1 bin bin 28672 Mar 13 2001 > libnss_compat.1 > -r-xr-xr-x 1 bin bin 104536 Nov 6 1997 libnss_dns.1 > -r-xr-xr-x 1 bin bin 40960 Mar 7 2001 > libnss_files.1 > lrwxrwxrwx 1 root sys 17 Jan 27 09:49 > libnss_ldap.1 -> > libns > s_winbind.so > -r-xr-xr-x 1 bin bin 40960 Mar 13 2001 libnss_nis.1 > -r-xr-xr-x 1 bin bin 57344 Mar 13 2001 > libnss_nisplus.1 > -r-xr-xr-x 1 bin bin 28672 Jan 24 15:23 > libnss_winbind.so > lrwxrwxrwx 1 root sys 17 Jan 27 11:51 > libnss_winbind.so.1 -> > libnss_winbind.so > lrwxrwxrwx 1 root sys 17 Oct 15 16:14 > libnss_winbind.so.2 -> > libnss_winbind.so > > Here is my /etc/nsswitch.conf > > hosts: dns [NOTFOUND=continue UNAVAIL=continue > TRYAGAIN=continue] files > [N > OTFOUND=return UNAVAIL=continue TRYAGAIN=return] > passwd: files winbind > group: files winbind > > Here is the compile output from libnss_winbind.so > > Compiling nsswitch/winbind_nss.c with -fpic > nsswitch/winbind_nss.c: In function `fill_pwent': > nsswitch/winbind_nss.c:600: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:612: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:629: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:641: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:653: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `fill_grent': > nsswitch/winbind_nss.c:690: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:702: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:728: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c:753: warning: passing arg 2 of > `get_static' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwent_r': > nsswitch/winbind_nss.c:870: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwuid_r': > nsswitch/winbind_nss.c:920: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c:933: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwnam_r': > nsswitch/winbind_nss.c:982: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c:995: warning: passing arg 4 of > `fill_pwent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrent_r': > nsswitch/winbind_nss.c:1119: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrnam_r': > nsswitch/winbind_nss.c:1179: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c:1193: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrgid_r': > nsswitch/winbind_nss.c:1242: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > nsswitch/winbind_nss.c:1256: warning: passing arg 5 of > `fill_grent' from > incompatible pointer type > Compiling nsswitch/winbind_nss_solaris.c with -fpic > Linking nsswitch/libnss_winbind.so > > Any idea where to go from here? > > Cheers > > Miles > > -----Original Message----- > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > Sent: Thursday, 6 February 2003 05:53 a.m. > To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1); > samba-technical@lists.samba.org; 'samba@lists.samba.org'; > 'Esh, Andrew'; > 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe'; > 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1) > Subject: RE: Winbind on HPUX 11, some small progress > > > Hi Miles, > This sounds like a > PAM_USER_UNKNOWN 13 > error. Which would indicate that winbind daemon did it's job > (ie passed the > username and > password to the password server ,and got validation back that > the user is > authenticated, > but then when it went thru the nsswitch stuff to 'look up' > the user, that > failed. > Kinda wierd. I don't have your original post, but I'm > assuming that you > have > passwd: files winbind > group: files winbind > > in your /etc/nsswitch.conf file > and that you have working links to the winbind nss code > (look something > like this): > > 46 Aug 27 11:16 /usr/lib/libnss_winbind.1 -> > /usr/local/samba/lib/winbind/libnss_winbind.so > > > To verify that your nsswitch code is working compile the > getent.c program I > have attached to this message, and then verify that you can get an > appropriate uid/gid back for a user > defined on your NT password server in the following manner; > > getent passwd <domainname><domainseparator><username> > (for instance on my system, I use '+' as winbind domain > separator, and my > domain is atl-wtec, > so: getent passwd atl-wtec+administrator returns me the > 'passwd' entry > faked up from the > NT domain controller I am a member of. > > Just a thought, > Don > > > -----Original Message----- > > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz] > > Sent: Tuesday, February 04, 2003 21:28 > > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org; > > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; > > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H > Terpstra'; > > Kim (E-mail) > > Subject: Winbind on HPUX 11, some small progress > > > > > > Hi All, > > > > Well, i've managed to enable some debugging in syslog, I > had to put in > > /etc/syslog.conf > > > > ;*.debug > > > > on the syslog line. > > > > So at least I have an error which is being returned into syslog from > > winbind. > > > > This is what I get from winbind > > > > Feb 4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie' > > Feb 4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie' > > granted acces > > Feb 4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting > > with return code > > 13 > > > > This is what I get from pamsmb (ignore the dates, they are a > > bit funny for > > some reason) > > > > Feb 5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user > > unix:trainingus > > er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC: > > Feb 5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry > > Feb 4 20:53:55 coastdr : pamsmbd: Got something back... 0 > > Feb 4 20:53:55 coastdr : pam_smb: got back 0 username traininguser > > Feb 4 20:53:55 coastdr : LOGIN: exiting with return code 13 > > > > So the error with pamsmb and winbind is the same. I've done > > a man on login > > and can only find a description of errors, not the error > > codes. What is > > error code 13? If I can find that out it will make looking > > for it a bit > > easier. I thought it might be that the shell doens't exist, > > but I tried > > making a user with a invalid shell and get back error code 1, > > so its not > > that. > > > > Ideas? > > > > Cheers > > > > Miles > > > > > > -----Original Message----- > > From: Miles Roper > > Sent: Monday, 3 February 2003 08:54 a.m. > > To: 'MCCALL,DON (HP-USA,ex1)' > > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard > > Sharpe'; 'John H Terpstra' > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > Please Help > > > > > > Thanks for your help, still no luck though. More info for you. > > > > with no debug statements in my /etc/pam.conf I get in sys log > > the following. > > > > Feb 2 14:43:02 coastdr pam_winbind[2832]: user > > 'traininguser' granted acces > > > > with debug turned on I get > > > > Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user > `traininguser' > > Feb 2 14:47:49 coastdr pam_winbind[2839]: user > > 'traininguser' granted acces > > > > the user is still logging out. > > > > incidentlally, when I log in as a unix user, rather than a > > win2k user I > > don't get anything in sys log. I've included my pam.conf below. > > > > Also, I checked for /etc/shells, no such file, and I have set > > my smb.conf > > shell line to > > > > template shell = /sbin/sh > > > > and also tried > > > > template shell = /usr/bin/sh > > > > both files exist. > > > > # > > # PAM configuration > > # > > # Authentication management > > # > > login auth sufficient > /usr/lib/security/libpam_unix.1 debug > > login auth sufficient /usr/lib/security/libpam_winbind.1 > > debug > > #login auth sufficient > /usr/lib/security/libpam_smb.1 nolocal > > debug > > su auth required /usr/lib/security/libpam_unix.1 debug > > dtlogin auth required /usr/lib/security/libpam_unix.1 debug > > dtaction auth required /usr/lib/security/libpam_unix.1 debug > > ftp auth required /usr/lib/security/libpam_unix.1 debug > > OTHER auth required /usr/lib/security/libpam_unix.1 debug > > # > > # Account management > > # > > login account sufficient > /usr/lib/security/libpam_unix.1 debug > > login account sufficient /usr/lib/security/libpam_winbind.1 > > debug > > su account required > /usr/lib/security/libpam_unix.1 debug > > dtlogin account required > /usr/lib/security/libpam_unix.1 debug > > dtaction account required > /usr/lib/security/libpam_unix.1 debug > > ftp account required > /usr/lib/security/libpam_unix.1 debug > > # > > OTHER account required > /usr/lib/security/libpam_unix.1 debug > > # > > # Session management > > # > > login session sufficient > /usr/lib/security/libpam_unix.1 debug > > login session sufficient /usr/lib/security/libpam_winbind.1 > > debug > > dtlogin session required > /usr/lib/security/libpam_unix.1 debug > > dtaction session required > /usr/lib/security/libpam_unix.1 debug > > OTHER session required > /usr/lib/security/libpam_unix.1 debug > > # > > # Password management > > # > > login password sufficient > /usr/lib/security/libpam_unix.1 debug > > login password sufficient /usr/lib/security/libpam_winbind.1 > > debug > > passwd password required > /usr/lib/security/libpam_unix.1 debug > > passwd password required /usr/lib/security/libpam_winbind.1 > > debug > > dtlogin password required > /usr/lib/security/libpam_unix.1 debug > > dtaction password required > /usr/lib/security/libpam_unix.1 debug > > OTHER password required > /usr/lib/security/libpam_unix.1 debug > > > > Cheers > > > > Miles > > > > -----Original Message----- > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > > Sent: Saturday, 1 February 2003 04:53 a.m. > > To: 'John H Terpstra'; Miles Roper > > Cc: 'samba-technical@lists.samba.org'; 'samba@lists.samba.org'; Esh, > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON > > (HP-USA,ex1); 'Richard Sharpe' > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > Please Help > > > > > > Hi, Miles, > > Actually on HP-UX, you will need to add the word 'debug' at > > the end of each > > of > > the lines in you /etc/pam.conf file, to enable more debugging > > to go into the > > > > /var/adm/syslog/syslog.log file. > > > > One thing that I have seen something like this happen on is if the > > /etc/shells file is corrupt, or if the shell that is defined > > for the user > > (since they don't have a /etc/passwd entry, this would be > > whatever you put > > in > > template in the smb.conf) does not exactly match one of the lines in > > /etc/shells, > > or the defaults, if this file does not exist. > > The defaults for 11.0 are: > > > > > > > > /sbin/sh > > /usr/bin/sh > > /usr/bin/rsh > > /usr/bin/ksh > > /usr/bin/rksh > > /usr/bin/csh > > /usr/bin/keysh > > > > Hope this helps, > > Don > > > -----Original Message----- > > > From: John H Terpstra [mailto:jht@samba.org] > > > Sent: Friday, January 31, 2003 1:36 > > > To: Miles Roper > > > Cc: 'samba-technical@lists.samba.org'; > 'samba@lists.samba.org'; Esh, > > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); > 'MCCALL,DON > > > (HP-USA,ex1)'; 'Richard Sharpe' > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > Please Help > > > > > > > > > On Fri, 31 Jan 2003, Miles Roper wrote: > > > > > > > Hi Everyone, > > > > > > > > I'm forgetting about the password one at the moment, thanks > > > for all your > > > > input :o) > > > > > > > > I still don't have a clue how to solve my main problem. > > > I'm assuming that > > > > its not actually winbind related now, as I've recently > > > tried pam_smb and get > > > > the same basic problem. > > > > > > > > Basically, when I log into the UNIX box, the > > > username/password of a NT user > > > > is being authenticated, but doesn't actually log in. It > > > doesn't get past > > > > the password line. I know it accepts the password. Its > > > almost as if it > > > > can't find the shell. But the template variable is set > > > within the smb.conf > > > > file. Permissions are fine. I have exactly the same > > > problem with the > > > > pam_smb module. > > > > > > So what does PAM report into your /var/log files? > > > > > > Have you tried adding to each line in your /etc/pam.d/login > > > (after the .so > > > file name) the word 'audit' - this will increase the volume > > > of debugging > > > info spit out into /var/log/messages, or wherever PAM send > > > this on your > > > distro. > > > > > > - John T. > > > > > > > > > > > If there is any further information I can send let me know. > > > > > > > > Ideas? > > > > > > > > Thanks > > > > > > > > Miles > > > > > > > > > > > > -----Original Message----- > > > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > > > > Sent: Friday, 31 January 2003 07:06 a.m. > > > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide > > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > > Please Help > > > > > > > > > > > > Hi Everyone, > > > > This whole problem with the password command not working > > > when winbind > > > > is included as a method in the nsswitch.conf can probably > > > be worked around > > > > by simply using the -r files (or -r nis or -r nisplus) > > > switch. Take a look > > > > at the man page for passwd on HP-UX 11.x and see if this > > > won't help you > > > > out. > > > > Hope this helps, > > > > Don > > > > > > > > > -----Original Message----- > > > > > From: Michael Steffens [mailto:michael.steffens@hp.com] > > > > > Sent: Tuesday, January 28, 2003 11:52 > > > > > To: Ronan Waide > > > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally > > > Stuck, Please Help > > > > > > > > > > > > > > > Ronan Waide wrote: > > > > > > On January 28, Andrew_Esh@adaptec.com said: > > > > > > > > > > > >>I don't have HPUX, so I don't know what to suggest for > > > > > that. I just know > > > > > >>getent won't work without winbindd in nsswitch.conf > on Linux. > > > > > > > > > > > > > > > > > > I think the point that was being made is that NSS support > > > > > on HPUX only > > > > > > supports a few known types, of which one is LDAP. The > > > discussion was > > > > > > basically about faking out the system so that what it > > > thinks is LDAP > > > > > > is actually winbind. > > > > > > > > > > Yep. It's a HP-UX specific workaround. Please ignore it > > > > > everywhere else. > > > > > > > > > > Michael > > > > > > > > > > > > > > > > > > > > -- > > > John H Terpstra > > > Email: jht@samba.org > > > > > >
MCCALL,DON (HP-USA,ex1)
2003-Feb-06 20:49 UTC
[Samba] RE: Winbind on HPUX 11, some small progress
Hi Miles, reading further; change you link to the following: lrwxr-xr-x 1 root sys 46 Aug 27 11:16 /usr/lib/libnss_winbin d.1 -> libnss_winbind.so We (HP-UX) don't know from .so files... So winbind in nsswitch.conf entries is going to trigger looking for a libnss_winbind.1 NOT a libnss_winbind.so.1 See if that doesn't help, Don> -----Original Message----- > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz] > Sent: Thursday, February 06, 2003 15:41 > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org; > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H Terpstra'; > GILCHRIST,KIM (HP-NewZealand,ex1) > Subject: RE: Winbind on HPUX 11, some small progress > > > had the same problem, I thought compiling it from scratch may fix it, > although I've only just recently worked out how to get the > extra debugging > from pam, but symptoms were exactly the same. > > has taken me a long time to work out how to compile it on > hpux with gcc, had > to change a include file and the configure script, i've > included it for you > interest :o) > > in configure find > > if test $ac_cv_prog_cc_Ae = yes; then > BLDSHARED="true" > SHLD="/usr/bin/ld" > LDSHFLAGS="-B symbolic -b -z" > PICFLAG="+z" > fi > > change to > > #if test $ac_cv_prog_cc_Ae = yes; then > BLDSHARED="true" > SHLD="/usr/bin/ld" > LDSHFLAGS="-B symbolic -b -z" > # PICFLAG="+z" > #fi > > find > /usr/local/lib/gcc-lib/hppa2.0n-hp-hpux11.00/3.1/include/stdio.h > BEFORE > extern int snprintf(char *, _hpux_size_t, char *,...); > AFTER > extern int snprintf(char *, _hpux_size_t, const char *,...); > > ps, that was quick :o) > > -----Original Message----- > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > Sent: Friday, 7 February 2003 09:36 a.m. > To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1); > samba-technical@lists.samba.org; 'samba@lists.samba.org'; > 'Esh, Andrew'; > 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe'; > 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1) > Subject: RE: Winbind on HPUX 11, some small progress > > > Hi Miles, > any reason you are compiling it yourself, instead of pulling > the depot from > the samba ftp site? > That is what I am using successfully. > Don > > > -----Original Message----- > > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz] > > Sent: Thursday, February 06, 2003 15:31 > > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org; > > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; > > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H > Terpstra'; > > GILCHRIST,KIM (HP-NewZealand,ex1) > > Subject: RE: Winbind on HPUX 11, some small progress > > > > > > Hi Don, > > > > Michael Steffens a while back sent me a compiled version of > > getent which I > > couldn't get to work. > > > > I compiled your version and it doesn't seem to produce any > > result either, > > seems to return immeditaly without doing anything. > > > > ie > > coastdr: /mnt/1/samba/test> ./getent passwd WESTCOASTDHB+mroper > > coastdr: /mnt/1/samba/test> > > > > If I run it without any parameters I get a core dump :o) > > > > Better tell you that I'm compiling winbind with gcc 3.01 on hpux. I > > compiled the getent program you sent me with. > > > > gcc -c -I. -g -O2 getent.c > > gcc -g getent.o -o getent > > > > >From what you have said it would seem like libnss_winbind.so > > itsn't working. > > Anyway to get any debug output? > > > > Here is my /usr/lib/libnss* > > > > -r-xr-xr-x 1 bin bin 28672 Mar 13 2001 > > libnss_compat.1 > > -r-xr-xr-x 1 bin bin 104536 Nov 6 1997 > libnss_dns.1 > > -r-xr-xr-x 1 bin bin 40960 Mar 7 2001 > > libnss_files.1 > > lrwxrwxrwx 1 root sys 17 Jan 27 09:49 > > libnss_ldap.1 -> > > libns > > s_winbind.so > > -r-xr-xr-x 1 bin bin 40960 Mar 13 2001 > libnss_nis.1 > > -r-xr-xr-x 1 bin bin 57344 Mar 13 2001 > > libnss_nisplus.1 > > -r-xr-xr-x 1 bin bin 28672 Jan 24 15:23 > > libnss_winbind.so > > lrwxrwxrwx 1 root sys 17 Jan 27 11:51 > > libnss_winbind.so.1 -> > > libnss_winbind.so > > lrwxrwxrwx 1 root sys 17 Oct 15 16:14 > > libnss_winbind.so.2 -> > > libnss_winbind.so > > > > Here is my /etc/nsswitch.conf > > > > hosts: dns [NOTFOUND=continue UNAVAIL=continue > > TRYAGAIN=continue] files > > [N > > OTFOUND=return UNAVAIL=continue TRYAGAIN=return] > > passwd: files winbind > > group: files winbind > > > > Here is the compile output from libnss_winbind.so > > > > Compiling nsswitch/winbind_nss.c with -fpic > > nsswitch/winbind_nss.c: In function `fill_pwent': > > nsswitch/winbind_nss.c:600: warning: passing arg 2 of > > `get_static' from > > incompatible pointer type > > nsswitch/winbind_nss.c:612: warning: passing arg 2 of > > `get_static' from > > incompatible pointer type > > nsswitch/winbind_nss.c:629: warning: passing arg 2 of > > `get_static' from > > incompatible pointer type > > nsswitch/winbind_nss.c:641: warning: passing arg 2 of > > `get_static' from > > incompatible pointer type > > nsswitch/winbind_nss.c:653: warning: passing arg 2 of > > `get_static' from > > incompatible pointer type > > nsswitch/winbind_nss.c: In function `fill_grent': > > nsswitch/winbind_nss.c:690: warning: passing arg 2 of > > `get_static' from > > incompatible pointer type > > nsswitch/winbind_nss.c:702: warning: passing arg 2 of > > `get_static' from > > incompatible pointer type > > nsswitch/winbind_nss.c:728: warning: passing arg 2 of > > `get_static' from > > incompatible pointer type > > nsswitch/winbind_nss.c:753: warning: passing arg 2 of > > `get_static' from > > incompatible pointer type > > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwent_r': > > nsswitch/winbind_nss.c:870: warning: passing arg 4 of > > `fill_pwent' from > > incompatible pointer type > > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwuid_r': > > nsswitch/winbind_nss.c:920: warning: passing arg 4 of > > `fill_pwent' from > > incompatible pointer type > > nsswitch/winbind_nss.c:933: warning: passing arg 4 of > > `fill_pwent' from > > incompatible pointer type > > nsswitch/winbind_nss.c: In function `_nss_winbind_getpwnam_r': > > nsswitch/winbind_nss.c:982: warning: passing arg 4 of > > `fill_pwent' from > > incompatible pointer type > > nsswitch/winbind_nss.c:995: warning: passing arg 4 of > > `fill_pwent' from > > incompatible pointer type > > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrent_r': > > nsswitch/winbind_nss.c:1119: warning: passing arg 5 of > > `fill_grent' from > > incompatible pointer type > > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrnam_r': > > nsswitch/winbind_nss.c:1179: warning: passing arg 5 of > > `fill_grent' from > > incompatible pointer type > > nsswitch/winbind_nss.c:1193: warning: passing arg 5 of > > `fill_grent' from > > incompatible pointer type > > nsswitch/winbind_nss.c: In function `_nss_winbind_getgrgid_r': > > nsswitch/winbind_nss.c:1242: warning: passing arg 5 of > > `fill_grent' from > > incompatible pointer type > > nsswitch/winbind_nss.c:1256: warning: passing arg 5 of > > `fill_grent' from > > incompatible pointer type > > Compiling nsswitch/winbind_nss_solaris.c with -fpic > > Linking nsswitch/libnss_winbind.so > > > > Any idea where to go from here? > > > > Cheers > > > > Miles > > > > -----Original Message----- > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > > Sent: Thursday, 6 February 2003 05:53 a.m. > > To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1); > > samba-technical@lists.samba.org; 'samba@lists.samba.org'; > > 'Esh, Andrew'; > > 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe'; > > 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1) > > Subject: RE: Winbind on HPUX 11, some small progress > > > > > > Hi Miles, > > This sounds like a > > PAM_USER_UNKNOWN 13 > > error. Which would indicate that winbind daemon did it's job > > (ie passed the > > username and > > password to the password server ,and got validation back that > > the user is > > authenticated, > > but then when it went thru the nsswitch stuff to 'look up' > > the user, that > > failed. > > Kinda wierd. I don't have your original post, but I'm > > assuming that you > > have > > passwd: files winbind > > group: files winbind > > > > in your /etc/nsswitch.conf file > > and that you have working links to the winbind nss code > > (look something > > like this): > > > > 46 Aug 27 11:16 /usr/lib/libnss_winbind.1 -> > > /usr/local/samba/lib/winbind/libnss_winbind.so > > > > > > To verify that your nsswitch code is working compile the > > getent.c program I > > have attached to this message, and then verify that you can get an > > appropriate uid/gid back for a user > > defined on your NT password server in the following manner; > > > > getent passwd <domainname><domainseparator><username> > > (for instance on my system, I use '+' as winbind domain > > separator, and my > > domain is atl-wtec, > > so: getent passwd atl-wtec+administrator returns me the > > 'passwd' entry > > faked up from the > > NT domain controller I am a member of. > > > > Just a thought, > > Don > > > > > -----Original Message----- > > > From: Miles Roper [mailto:mroper@westcoastdhb.org.nz] > > > Sent: Tuesday, February 04, 2003 21:28 > > > To: 'MCCALL,DON (HP-USA,ex1)'; samba-technical@lists.samba.org; > > > 'samba@lists.samba.org'; 'Esh, Andrew'; 'Ronan Waide'; > > > michael_steffens@bbn.exch.hp.com; 'Richard Sharpe'; 'John H > > Terpstra'; > > > Kim (E-mail) > > > Subject: Winbind on HPUX 11, some small progress > > > > > > > > > Hi All, > > > > > > Well, i've managed to enable some debugging in syslog, I > > had to put in > > > /etc/syslog.conf > > > > > > ;*.debug > > > > > > on the syslog line. > > > > > > So at least I have an error which is being returned into > syslog from > > > winbind. > > > > > > This is what I get from winbind > > > > > > Feb 4 21:13:17 coastdr pam_winbind[20753]: Verify user `lonnie' > > > Feb 4 21:13:18 coastdr pam_winbind[20753]: user 'lonnie' > > > granted acces > > > Feb 4 21:13:18 coastdr pam_winbind[20753]: LOGIN: exiting > > > with return code > > > 13 > > > > > > This is what I get from pamsmb (ignore the dates, they are a > > > bit funny for > > > some reason) > > > > > > Feb 5 14:53:55 coastdr pamsmbd[20119]: server: remote auth user > > > unix:trainingus > > > er nt:traininguser NTDOM:WESTCOASTDHB PDC:COASTDB BDC: > > > Feb 5 14:53:55 coastdr pamsmbd[20119]: cache_add: inserted entry > > > Feb 4 20:53:55 coastdr : pamsmbd: Got something back... 0 > > > Feb 4 20:53:55 coastdr : pam_smb: got back 0 username > traininguser > > > Feb 4 20:53:55 coastdr : LOGIN: exiting with return code 13 > > > > > > So the error with pamsmb and winbind is the same. I've done > > > a man on login > > > and can only find a description of errors, not the error > > > codes. What is > > > error code 13? If I can find that out it will make looking > > > for it a bit > > > easier. I thought it might be that the shell doens't exist, > > > but I tried > > > making a user with a invalid shell and get back error code 1, > > > so its not > > > that. > > > > > > Ideas? > > > > > > Cheers > > > > > > Miles > > > > > > > > > -----Original Message----- > > > From: Miles Roper > > > Sent: Monday, 3 February 2003 08:54 a.m. > > > To: 'MCCALL,DON (HP-USA,ex1)' > > > Cc: 'samba-technical@lists.samba.org'; > 'samba@lists.samba.org'; Esh, > > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard > > > Sharpe'; 'John H Terpstra' > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > Please Help > > > > > > > > > Thanks for your help, still no luck though. More info for you. > > > > > > with no debug statements in my /etc/pam.conf I get in sys log > > > the following. > > > > > > Feb 2 14:43:02 coastdr pam_winbind[2832]: user > > > 'traininguser' granted acces > > > > > > with debug turned on I get > > > > > > Feb 2 14:47:49 coastdr pam_winbind[2839]: Verify user > > `traininguser' > > > Feb 2 14:47:49 coastdr pam_winbind[2839]: user > > > 'traininguser' granted acces > > > > > > the user is still logging out. > > > > > > incidentlally, when I log in as a unix user, rather than a > > > win2k user I > > > don't get anything in sys log. I've included my pam.conf below. > > > > > > Also, I checked for /etc/shells, no such file, and I have set > > > my smb.conf > > > shell line to > > > > > > template shell = /sbin/sh > > > > > > and also tried > > > > > > template shell = /usr/bin/sh > > > > > > both files exist. > > > > > > # > > > # PAM configuration > > > # > > > # Authentication management > > > # > > > login auth sufficient > > /usr/lib/security/libpam_unix.1 debug > > > login auth sufficient /usr/lib/security/libpam_winbind.1 > > > debug > > > #login auth sufficient > > /usr/lib/security/libpam_smb.1 nolocal > > > debug > > > su auth required /usr/lib/security/libpam_unix.1 debug > > > dtlogin auth required /usr/lib/security/libpam_unix.1 debug > > > dtaction auth required /usr/lib/security/libpam_unix.1 debug > > > ftp auth required /usr/lib/security/libpam_unix.1 debug > > > OTHER auth required /usr/lib/security/libpam_unix.1 debug > > > # > > > # Account management > > > # > > > login account sufficient > > /usr/lib/security/libpam_unix.1 debug > > > login account sufficient /usr/lib/security/libpam_winbind.1 > > > debug > > > su account required > > /usr/lib/security/libpam_unix.1 debug > > > dtlogin account required > > /usr/lib/security/libpam_unix.1 debug > > > dtaction account required > > /usr/lib/security/libpam_unix.1 debug > > > ftp account required > > /usr/lib/security/libpam_unix.1 debug > > > # > > > OTHER account required > > /usr/lib/security/libpam_unix.1 debug > > > # > > > # Session management > > > # > > > login session sufficient > > /usr/lib/security/libpam_unix.1 debug > > > login session sufficient /usr/lib/security/libpam_winbind.1 > > > debug > > > dtlogin session required > > /usr/lib/security/libpam_unix.1 debug > > > dtaction session required > > /usr/lib/security/libpam_unix.1 debug > > > OTHER session required > > /usr/lib/security/libpam_unix.1 debug > > > # > > > # Password management > > > # > > > login password sufficient > > /usr/lib/security/libpam_unix.1 debug > > > login password sufficient /usr/lib/security/libpam_winbind.1 > > > debug > > > passwd password required > > /usr/lib/security/libpam_unix.1 debug > > > passwd password required /usr/lib/security/libpam_winbind.1 > > > debug > > > dtlogin password required > > /usr/lib/security/libpam_unix.1 debug > > > dtaction password required > > /usr/lib/security/libpam_unix.1 debug > > > OTHER password required > > /usr/lib/security/libpam_unix.1 debug > > > > > > Cheers > > > > > > Miles > > > > > > -----Original Message----- > > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > > > Sent: Saturday, 1 February 2003 04:53 a.m. > > > To: 'John H Terpstra'; Miles Roper > > > Cc: 'samba-technical@lists.samba.org'; > 'samba@lists.samba.org'; Esh, > > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); MCCALL,DON > > > (HP-USA,ex1); 'Richard Sharpe' > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > Please Help > > > > > > > > > Hi, Miles, > > > Actually on HP-UX, you will need to add the word 'debug' at > > > the end of each > > > of > > > the lines in you /etc/pam.conf file, to enable more debugging > > > to go into the > > > > > > /var/adm/syslog/syslog.log file. > > > > > > One thing that I have seen something like this happen on > is if the > > > /etc/shells file is corrupt, or if the shell that is defined > > > for the user > > > (since they don't have a /etc/passwd entry, this would be > > > whatever you put > > > in > > > template in the smb.conf) does not exactly match one of > the lines in > > > /etc/shells, > > > or the defaults, if this file does not exist. > > > The defaults for 11.0 are: > > > > > > > > > > > > /sbin/sh > > > /usr/bin/sh > > > /usr/bin/rsh > > > /usr/bin/ksh > > > /usr/bin/rksh > > > /usr/bin/csh > > > /usr/bin/keysh > > > > > > Hope this helps, > > > Don > > > > -----Original Message----- > > > > From: John H Terpstra [mailto:jht@samba.org] > > > > Sent: Friday, January 31, 2003 1:36 > > > > To: Miles Roper > > > > Cc: 'samba-technical@lists.samba.org'; > > 'samba@lists.samba.org'; Esh, > > > > Andrew; Ronan Waide; STEFFENS,MICHAEL (HP-Germany,ex1); > > 'MCCALL,DON > > > > (HP-USA,ex1)'; 'Richard Sharpe' > > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > > Please Help > > > > > > > > > > > > On Fri, 31 Jan 2003, Miles Roper wrote: > > > > > > > > > Hi Everyone, > > > > > > > > > > I'm forgetting about the password one at the moment, thanks > > > > for all your > > > > > input :o) > > > > > > > > > > I still don't have a clue how to solve my main problem. > > > > I'm assuming that > > > > > its not actually winbind related now, as I've recently > > > > tried pam_smb and get > > > > > the same basic problem. > > > > > > > > > > Basically, when I log into the UNIX box, the > > > > username/password of a NT user > > > > > is being authenticated, but doesn't actually log in. It > > > > doesn't get past > > > > > the password line. I know it accepts the password. Its > > > > almost as if it > > > > > can't find the shell. But the template variable is set > > > > within the smb.conf > > > > > file. Permissions are fine. I have exactly the same > > > > problem with the > > > > > pam_smb module. > > > > > > > > So what does PAM report into your /var/log files? > > > > > > > > Have you tried adding to each line in your /etc/pam.d/login > > > > (after the .so > > > > file name) the word 'audit' - this will increase the volume > > > > of debugging > > > > info spit out into /var/log/messages, or wherever PAM send > > > > this on your > > > > distro. > > > > > > > > - John T. > > > > > > > > > > > > > > If there is any further information I can send let me know. > > > > > > > > > > Ideas? > > > > > > > > > > Thanks > > > > > > > > > > Miles > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] > > > > > Sent: Friday, 31 January 2003 07:06 a.m. > > > > > To: STEFFENS,MICHAEL (HP-Germany,ex1); Ronan Waide > > > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > > > Subject: RE: [Samba] RE: Winbind on HPUX11, Totally Stuck, > > > > Please Help > > > > > > > > > > > > > > > Hi Everyone, > > > > > This whole problem with the password command not working > > > > when winbind > > > > > is included as a method in the nsswitch.conf can probably > > > > be worked around > > > > > by simply using the -r files (or -r nis or -r nisplus) > > > > switch. Take a look > > > > > at the man page for passwd on HP-UX 11.x and see if this > > > > won't help you > > > > > out. > > > > > Hope this helps, > > > > > Don > > > > > > > > > > > -----Original Message----- > > > > > > From: Michael Steffens [mailto:michael.steffens@hp.com] > > > > > > Sent: Tuesday, January 28, 2003 11:52 > > > > > > To: Ronan Waide > > > > > > Cc: 'samba@lists.samba.org'; Esh, Andrew; Miles Roper; > > > > > > 'samba-technical@lists.samba.org'; 'Richard Sharpe' > > > > > > Subject: Re: [Samba] RE: Winbind on HPUX11, Totally > > > > Stuck, Please Help > > > > > > > > > > > > > > > > > > Ronan Waide wrote: > > > > > > > On January 28, Andrew_Esh@adaptec.com said: > > > > > > > > > > > > > >>I don't have HPUX, so I don't know what to suggest for > > > > > > that. I just know > > > > > > >>getent won't work without winbindd in nsswitch.conf > > on Linux. > > > > > > > > > > > > > > > > > > > > > I think the point that was being made is that NSS support > > > > > > on HPUX only > > > > > > > supports a few known types, of which one is LDAP. The > > > > discussion was > > > > > > > basically about faking out the system so that what it > > > > thinks is LDAP > > > > > > > is actually winbind. > > > > > > > > > > > > Yep. It's a HP-UX specific workaround. Please ignore it > > > > > > everywhere else. > > > > > > > > > > > > Michael > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > John H Terpstra > > > > Email: jht@samba.org > > > > > > > > > >