samba - Aug 2003 - Finally winbind on RH9 working, but why ?

Hi,

maybe (probably ??) it's me, but it took me more than a week to
get winbindd working on Redhat 9. It works now after changing a 
parameter in smb.conf, but I have NO idea why. Maybe some of you
already had the same problem. If so, PLEASE clearify ! Thanks...
PS as you will see later, getent group also does not work. This is
an independent problem I think... can it have something to do with
spaces in group names ??? 


Here are the config files of the two machines. Both are linux boxes, so
no win machine is involved.


server (PDC):
-------------

Redhat 9 
samba 2.2.8a compiled with 
--with-winbind --with-winbind-auth-challenge

hw : lx50


[root@server source]# more /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=server.one.sunedu


[root@server source]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1		localhost.localdomain localhost
172.17.11.5		client.one.sunedu CLIENT client
172.17.11.4		server.one.sunedu SERVER server

(I still have a problem with the name service, that's why)


[root@server lib]# more smb.conf
[global]
   workgroup = MYGROUP
   netbios name = SERVER
   add user script = /usr/sbin/useradd -d /dev/null -s /bin/false -g
machines -M %u
   server string = Samba Server
   printcap name = /etc/printcap
   load printers = yes
   log file = /var/log/samba/log.%m
   max log size = 50
   security = user
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  unix password sync = Yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = yes
   os level = 33
   domain master = yes 
   preferred master = yes
   domain logons = yes
   logon path = \\%L\Profiles\%U
   wins support = yes
   dns proxy = no 
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
 [netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   writable = no
   share modes = no
[Profiles]
    path = /home/profiles
    browseable = no
    guest ok = yes
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes

client (domain member) :

Redhat 9 
samba 2.2.8a compiled with 
--with-winbind --with-winbind-auth-challenge


[root@client root]# more /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=client.one.sunedu


[root@client root]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1		localhost.localdomain localhost
172.17.11.5		client.one.sunedu client CLIENT
172.17.11.4		server.one.sunedu SERVER server


[root@client lib]# more smb.conf
[global]
server string = SambaBSD-2.2.8 
netbios name = CLIENT
workgroup = MYGROUP
security = domain 
password server = *
encrypt passwords = yes 
wins server = 172.17.11.4
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind separator = .
winbind use default domain = yes
winbind cache time = 0
password level = 8
username level = 8
[tmp]
path = /tmp
browseable = yes
writable = yes
public = no
create mode = 0664
directory mode = 0775


as you can see pretty normal settings. The reason I recompiled samba
is that apparently Redhat forgot to compile with
--with-winbind-auth-challenge which I think is necessary for windbind to
work (correct me ?)


The parameter that made it all work is :

winbind cache time = 0

if I reset this to the default on the client, which is 15, I get the
following results :



[root@client root]# getent passwd
root:x:0:0:root:/root:/bin/bash
... 
client$:x:502:501::/dev/null:/bin/false
root:x:10000:10000:root:/home/MYGROUP/root:/bin/false
jo:x:10001:10000::/home/MYGROUP/jo:/bin/false


[root@client root]# getent group

DOES NOT SHOW THE "win" GROUPS... ANY IDEA WHY? Where are
the groups stored on the samba pdc????


[root@client root]# wbinfo -u
root
jo
[root@client root]# wbinfo -g
Domain Admins
Domain Users
[root@client root]# 
[root@client root]# wbinfo -t
Secret is good
[root@client root]# 
[root@client root]# wbinfo -a jo%welcome
plaintext password authentication succeeded
challenge/response password authentication succeeded 
//thanks to recompiling !!!!!!!!!!

[root@client root]# 

So everything seems ok, but if I try to connect to a local share on the
client in the hope that winbind will provide the user accout jo, it fails 
like this :

[root@client root]# smbclient //CLIENT/tmp -U jo%welcome
added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0
Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a]
tree connect failed: NT_STATUS_UNSUCCESSFUL <-----------------------
[root@client root]# smbclient //CLIENT/tmp -U jo%welcome
added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0
Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a]
tree connect failed: NT_STATUS_WRONG_PASSWORD <--------------------
[root@client root]#

The weird thing is the different error message the second time, which is
reset to the first one after - you guessed it - 15 seconds... that's how
I figured out it maybe had something to do with teh cache time (ok I was
just lucky to try it).

As soon as I change it back to winbind cache time = 0 is works fine :

[root@client root]# smbclient //CLIENT/tmp -U jo%welcome
added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0
Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a]
smb: \> ls
  .                                   D        0  Mon Aug  4 04:02:07 2003
  ..                                  D        0  Fri Aug  1 13:35:41 2003
  jd_sockV4                           A        0  Fri Aug  1 13:36:20 2003
  orbit-root                          D        0  Fri Aug  1 16:07:15 2003
  .font-unix                         DH        0  Fri Aug  1 13:36:21 2003
  .fam_socket                        AH        0  Fri Aug  1 13:44:14 2003
  .gdm_socket                         H        0  Fri Aug  1 13:36:22 2003
  .iroha_unix                        DH        0  Fri Aug  1 13:36:16 2003
  .X11-unix                          DH        0  Fri Aug  1 13:36:22 2003
  .X0-lock                           HR       11  Fri Aug  1 13:36:22 2003
  .ICE-unix                          DH        0  Fri Aug  1 13:44:14 2003
  ssh-XX9OiucF                        D        0  Fri Aug  1 13:44:13 2003
  .winbindd                          DH        0  Mon Aug  4 13:10:59 2003
  test                                D        0  Fri Aug  1 06:01:54 2003
  test2                               D        0  Fri Aug  1 06:07:06 2003
  yahoo                               D        0  Fri Aug  1 16:10:13 2003
  joke                                D        0  Fri Aug  1 16:18:18 2003

		62228 blocks of size 8192. 32583 blocks available
smb: \> 


Is this a feature or a bug ??? The man page of winbindd does not make it
anyclearer for me....hope this can help anybody.


Thanks for any replies.
Jo
Sun Microsystems

NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be

Maybe I'll rephrase it shorter :

1) eventhough 'wbinfo -g' gives me the correct groups, they do not
show up when I go 'getent group'. Can it be the spaces in the Samba
groups 'Domain Admins' and 'Domain Users'? Where is the
information
about these groups stored on the Samba pdc?

2) I only get winbind to do it's job (which is connecting to a
local share on the domain member with a winbind user) when I
a) set the parameter 'winbind cache timeout = 0'
OR
b) create the user locally on the domain member, which is of course
what we try to avoid by using winbind... 

any idea's why playing with the cache timeout causes a difference?

Thanks in advance...

the full story is below but I guess it's to long for anyone to read
*grin*

Jo De Baer





On Mon, 04 Aug 2003 16:42:05 +0200 jo@neolabs.be wrote:
> Hi,
> 
> maybe (probably ??) it's me, but it took me more than a week to
> get winbindd working on Redhat 9. It works now after changing a 
> parameter in smb.conf, but I have NO idea why. Maybe some of you
> already had the same problem. If so, PLEASE clearify ! Thanks...
> PS as you will see later, getent group also does not work. This is
> an independent problem I think... can it have something to do with
> spaces in group names ??? 
> 
> 
> Here are the config files of the two machines. Both are linux boxes, so
> no win machine is involved.
> 
> 
> server (PDC):
> -------------
> 
> Redhat 9 
> samba 2.2.8a compiled with 
> --with-winbind --with-winbind-auth-challenge
> 
> hw : lx50
> 
> 
> [root@server source]# more /etc/sysconfig/network
> NETWORKING=yes
> HOSTNAME=server.one.sunedu
> 
> 
> [root@server source]# more /etc/hosts
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 127.0.0.1		localhost.localdomain localhost
> 172.17.11.5		client.one.sunedu CLIENT client
> 172.17.11.4		server.one.sunedu SERVER server
> 
> (I still have a problem with the name service, that's why)
> 
> 
> [root@server lib]# more smb.conf
> [global]
>    workgroup = MYGROUP
>    netbios name = SERVER
>    add user script = /usr/sbin/useradd -d /dev/null -s /bin/false -g
> machines -M %u
>    server string = Samba Server
>    printcap name = /etc/printcap
>    load printers = yes
>    log file = /var/log/samba/log.%m
>    max log size = 50
>    security = user
>   encrypt passwords = yes
>   smb passwd file = /etc/samba/smbpasswd
>   unix password sync = Yes
>   passwd program = /usr/bin/passwd %u
>   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>    local master = yes
>    os level = 33
>    domain master = yes 
>    preferred master = yes
>    domain logons = yes
>    logon path = \\%L\Profiles\%U
>    wins support = yes
>    dns proxy = no 
> [homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
>  [netlogon]
>    comment = Network Logon Service
>    path = /home/netlogon
>    writable = no
>    share modes = no
> [Profiles]
>     path = /home/profiles
>     browseable = no
>     guest ok = yes
> [printers]
>    comment = All Printers
>    path = /var/spool/samba
>    browseable = no
>    guest ok = no
>    writable = no
>    printable = yes
> 
> client (domain member) :
> 
> Redhat 9 
> samba 2.2.8a compiled with 
> --with-winbind --with-winbind-auth-challenge
> 
> 
> [root@client root]# more /etc/sysconfig/network
> NETWORKING=yes
> HOSTNAME=client.one.sunedu
> 
> 
> [root@client root]# more /etc/hosts
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 127.0.0.1		localhost.localdomain localhost
> 172.17.11.5		client.one.sunedu client CLIENT
> 172.17.11.4		server.one.sunedu SERVER server
> 
> 
> [root@client lib]# more smb.conf
> [global]
> server string = SambaBSD-2.2.8 
> netbios name = CLIENT
> workgroup = MYGROUP
> security = domain 
> password server = *
> encrypt passwords = yes 
> wins server = 172.17.11.4
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> winbind separator = .
> winbind use default domain = yes
> winbind cache time = 0
> password level = 8
> username level = 8
> [tmp]
> path = /tmp
> browseable = yes
> writable = yes
> public = no
> create mode = 0664
> directory mode = 0775
> 
> 
> as you can see pretty normal settings. The reason I recompiled samba
> is that apparently Redhat forgot to compile with
> --with-winbind-auth-challenge which I think is necessary for windbind to
> work (correct me ?)
> 
> 
> The parameter that made it all work is :
> 
> winbind cache time = 0
> 
> if I reset this to the default on the client, which is 15, I get the
> following results :
> 
> 
> 
> [root@client root]# getent passwd
> root:x:0:0:root:/root:/bin/bash
> ... 
> client$:x:502:501::/dev/null:/bin/false
> root:x:10000:10000:root:/home/MYGROUP/root:/bin/false
> jo:x:10001:10000::/home/MYGROUP/jo:/bin/false
> 
> 
> [root@client root]# getent group
> 
> DOES NOT SHOW THE "win" GROUPS... ANY IDEA WHY? Where are
> the groups stored on the samba pdc????
> 
> 
> [root@client root]# wbinfo -u
> root
> jo
> [root@client root]# wbinfo -g
> Domain Admins
> Domain Users
> [root@client root]# 
> [root@client root]# wbinfo -t
> Secret is good
> [root@client root]# 
> [root@client root]# wbinfo -a jo%welcome
> plaintext password authentication succeeded
> challenge/response password authentication succeeded 
> //thanks to recompiling !!!!!!!!!!
> 
> [root@client root]# 
> 
> So everything seems ok, but if I try to connect to a local share on the
> client in the hope that winbind will provide the user accout jo, it fails 
> like this :
> 
> [root@client root]# smbclient //CLIENT/tmp -U jo%welcome
> added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0
> Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a]
> tree connect failed: NT_STATUS_UNSUCCESSFUL <-----------------------
> [root@client root]# smbclient //CLIENT/tmp -U jo%welcome
> added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0
> Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a]
> tree connect failed: NT_STATUS_WRONG_PASSWORD <--------------------
> [root@client root]#
> 
> The weird thing is the different error message the second time, which is
> reset to the first one after - you guessed it - 15 seconds... that's
how
> I figured out it maybe had something to do with teh cache time (ok I was
> just lucky to try it).
> 
> As soon as I change it back to winbind cache time = 0 is works fine :
> 
> [root@client root]# smbclient //CLIENT/tmp -U jo%welcome
> added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0
> Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a]
> smb: \> ls
>   .                                   D        0  Mon Aug  4 04:02:07 2003
>   ..                                  D        0  Fri Aug  1 13:35:41 2003
>   jd_sockV4                           A        0  Fri Aug  1 13:36:20 2003
>   orbit-root                          D        0  Fri Aug  1 16:07:15 2003
>   .font-unix                         DH        0  Fri Aug  1 13:36:21 2003
>   .fam_socket                        AH        0  Fri Aug  1 13:44:14 2003
>   .gdm_socket                         H        0  Fri Aug  1 13:36:22 2003
>   .iroha_unix                        DH        0  Fri Aug  1 13:36:16 2003
>   .X11-unix                          DH        0  Fri Aug  1 13:36:22 2003
>   .X0-lock                           HR       11  Fri Aug  1 13:36:22 2003
>   .ICE-unix                          DH        0  Fri Aug  1 13:44:14 2003
>   ssh-XX9OiucF                        D        0  Fri Aug  1 13:44:13 2003
>   .winbindd                          DH        0  Mon Aug  4 13:10:59 2003
>   test                                D        0  Fri Aug  1 06:01:54 2003
>   test2                               D        0  Fri Aug  1 06:07:06 2003
>   yahoo                               D        0  Fri Aug  1 16:10:13 2003
>   joke                                D        0  Fri Aug  1 16:18:18 2003
> 
> 		62228 blocks of size 8192. 32583 blocks available
> smb: \> 
> 
> 
> Is this a feature or a bug ??? The man page of winbindd does not make it
> anyclearer for me....hope this can help anybody.
> 
> 
> Thanks for any replies.
> Jo
> Sun Microsystems
> 
> NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be

I'll have to join you in this one...

Here's my situation:
RH 9
Kernel 2.6 test 1
Samba 2.2.7 (from RPM)
ACLs on ext3 turned on.

I tried your winbind cache timeout and I can now browse my home dir after 
a restart of winbind
Other explicit shares I could always access.
oddly enough the same smb.conf with samba 3.0 beta3 allowed me home dir 
access without that value.
Winbind even allows me to su a user from the domain while on the Linux 
box. That's pretty cool ;^)

getent group gives me a full listing of my local and domian's groups.
wbinfo works like a charm.

Still I have the problem that I cannot effect permission from a Win2k or 
NT workstation, even on my own home directory!

What is working / not working for you? getent?


Regards,

Matt





jo@neolabs.be
Sent by: samba-bounces+mtwigg=fdpcorp-boston.com@lists.samba.org
08/04/2003 05:08 PM
Please respond to jo

 
        To:     jo@neolabs.be
        cc:     samba@lists.samba.org
        Subject:        Re: [Samba] Finally winbind on RH9 working, but why ?


Maybe I'll rephrase it shorter :

1) eventhough 'wbinfo -g' gives me the correct groups, they do not
show up when I go 'getent group'. Can it be the spaces in the Samba
groups 'Domain Admins' and 'Domain Users'? Where is the
information
about these groups stored on the Samba pdc?

2) I only get winbind to do it's job (which is connecting to a
local share on the domain member with a winbind user) when I
a) set the parameter 'winbind cache timeout = 0'
OR
b) create the user locally on the domain member, which is of course
what we try to avoid by using winbind... 

any idea's why playing with the cache timeout causes a difference?

Thanks in advance...

the full story is below but I guess it's to long for anyone to read
*grin*

Jo De Baer





On Mon, 04 Aug 2003 16:42:05 +0200 jo@neolabs.be wrote:
> Hi,
> 
> maybe (probably ??) it's me, but it took me more than a week to
> get winbindd working on Redhat 9. It works now after changing a 
> parameter in smb.conf, but I have NO idea why. Maybe some of you
> already had the same problem. If so, PLEASE clearify ! Thanks...
> PS as you will see later, getent group also does not work. This is
> an independent problem I think... can it have something to do with
> spaces in group names ??? 
> 
> 
> Here are the config files of the two machines. Both are linux boxes, so
> no win machine is involved.
> 
> 
> server (PDC):
> -------------
> 
> Redhat 9 
> samba 2.2.8a compiled with 
> --with-winbind --with-winbind-auth-challenge
> 
> hw : lx50
> 
> 
> [root@server source]# more /etc/sysconfig/network
> NETWORKING=yes
> HOSTNAME=server.one.sunedu
> 
> 
> [root@server source]# more /etc/hosts
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 127.0.0.1                              localhost.localdomain localhost
> 172.17.11.5                            client.one.sunedu CLIENT client
> 172.17.11.4                            server.one.sunedu SERVER server
> 
> (I still have a problem with the name service, that's why)
> 
> 
> [root@server lib]# more smb.conf
> [global]
>    workgroup = MYGROUP
>    netbios name = SERVER
>    add user script = /usr/sbin/useradd -d /dev/null -s /bin/false -g
> machines -M %u
>    server string = Samba Server
>    printcap name = /etc/printcap
>    load printers = yes
>    log file = /var/log/samba/log.%m
>    max log size = 50
>    security = user
>   encrypt passwords = yes
>   smb passwd file = /etc/samba/smbpasswd
>   unix password sync = Yes
>   passwd program = /usr/bin/passwd %u
>   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>    local master = yes
>    os level = 33
>    domain master = yes 
>    preferred master = yes
>    domain logons = yes
>    logon path = \\%L\Profiles\%U
>    wins support = yes
>    dns proxy = no 
> [homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
>  [netlogon]
>    comment = Network Logon Service
>    path = /home/netlogon
>    writable = no
>    share modes = no
> [Profiles]
>     path = /home/profiles
>     browseable = no
>     guest ok = yes
> [printers]
>    comment = All Printers
>    path = /var/spool/samba
>    browseable = no
>    guest ok = no
>    writable = no
>    printable = yes
> 
> client (domain member) :
> 
> Redhat 9 
> samba 2.2.8a compiled with 
> --with-winbind --with-winbind-auth-challenge
> 
> 
> [root@client root]# more /etc/sysconfig/network
> NETWORKING=yes
> HOSTNAME=client.one.sunedu
> 
> 
> [root@client root]# more /etc/hosts
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 127.0.0.1                              localhost.localdomain localhost
> 172.17.11.5                            client.one.sunedu client CLIENT
> 172.17.11.4                            server.one.sunedu SERVER server
> 
> 
> [root@client lib]# more smb.conf
> [global]
> server string = SambaBSD-2.2.8 
> netbios name = CLIENT
> workgroup = MYGROUP
> security = domain 
> password server = *
> encrypt passwords = yes 
> wins server = 172.17.11.4
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> winbind separator = .
> winbind use default domain = yes
> winbind cache time = 0
> password level = 8
> username level = 8
> [tmp]
> path = /tmp
> browseable = yes
> writable = yes
> public = no
> create mode = 0664
> directory mode = 0775
> 
> 
> as you can see pretty normal settings. The reason I recompiled samba
> is that apparently Redhat forgot to compile with
> --with-winbind-auth-challenge which I think is necessary for windbind to
> work (correct me ?)
> 
> 
> The parameter that made it all work is :
> 
> winbind cache time = 0
> 
> if I reset this to the default on the client, which is 15, I get the
> following results :
> 
> 
> 
> [root@client root]# getent passwd
> root:x:0:0:root:/root:/bin/bash
> ... 
> client$:x:502:501::/dev/null:/bin/false
> root:x:10000:10000:root:/home/MYGROUP/root:/bin/false
> jo:x:10001:10000::/home/MYGROUP/jo:/bin/false
> 
> 
> [root@client root]# getent group
> 
> DOES NOT SHOW THE "win" GROUPS... ANY IDEA WHY? Where are
> the groups stored on the samba pdc????
> 
> 
> [root@client root]# wbinfo -u
> root
> jo
> [root@client root]# wbinfo -g
> Domain Admins
> Domain Users
> [root@client root]# 
> [root@client root]# wbinfo -t
> Secret is good
> [root@client root]# 
> [root@client root]# wbinfo -a jo%welcome
> plaintext password authentication succeeded
> challenge/response password authentication succeeded 
> //thanks to recompiling !!!!!!!!!!
> 
> [root@client root]# 
> 
> So everything seems ok, but if I try to connect to a local share on the
> client in the hope that winbind will provide the user accout jo, it 
fails 
> like this :
> 
> [root@client root]# smbclient //CLIENT/tmp -U jo%welcome
> added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0
> Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a]
> tree connect failed: NT_STATUS_UNSUCCESSFUL <-----------------------
> [root@client root]# smbclient //CLIENT/tmp -U jo%welcome
> added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0
> Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a]
> tree connect failed: NT_STATUS_WRONG_PASSWORD <--------------------
> [root@client root]#
> 
> The weird thing is the different error message the second time, which is
> reset to the first one after - you guessed it - 15 seconds... that's
how
> I figured out it maybe had something to do with teh cache time (ok I was
> just lucky to try it).
> 
> As soon as I change it back to winbind cache time = 0 is works fine :
> 
> [root@client root]# smbclient //CLIENT/tmp -U jo%welcome
> added interface ip=172.17.11.5 bcast=172.17.11.255 nmask=255.255.255.0
> Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.2.8a]
> smb: \> ls
>   .                                   D        0  Mon Aug  4 04:02:07 
2003
>   ..                                  D        0  Fri Aug  1 13:35:41 
2003
>   jd_sockV4                           A        0  Fri Aug  1 13:36:20 
2003
>   orbit-root                          D        0  Fri Aug  1 16:07:15 
2003
>   .font-unix                         DH        0  Fri Aug  1 13:36:21 
2003
>   .fam_socket                        AH        0  Fri Aug  1 13:44:14 
2003
>   .gdm_socket                         H        0  Fri Aug  1 13:36:22 
2003
>   .iroha_unix                        DH        0  Fri Aug  1 13:36:16 
2003
>   .X11-unix                          DH        0  Fri Aug  1 13:36:22 
2003
>   .X0-lock                           HR       11  Fri Aug  1 13:36:22 
2003
>   .ICE-unix                          DH        0  Fri Aug  1 13:44:14 
2003
>   ssh-XX9OiucF                        D        0  Fri Aug  1 13:44:13 
2003
>   .winbindd                          DH        0  Mon Aug  4 13:10:59 
2003
>   test                                D        0  Fri Aug  1 06:01:54 
2003
>   test2                               D        0  Fri Aug  1 06:07:06 
2003
>   yahoo                               D        0  Fri Aug  1 16:10:13 
2003
>   joke                                D        0  Fri Aug  1 16:18:18 
2003
> 
>                                62228 blocks of size 8192. 32583 blocks 
available
> smb: \> 
> 
> 
> Is this a feature or a bug ??? The man page of winbindd does not make it
> anyclearer for me....hope this can help anybody.
> 
> 
> Thanks for any replies.
> Jo
> Sun Microsystems
> 
> NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

I had similar problems with getent on one of my servers.  After some
investigation, I had forgotten to edit /etc/nsswitch.conf to add winbind
to the users and groups there.  Wbinfo worked great, nothing from
getent.  After the change, and a restart of winbind (don't know if that
was necessary or not) all was well.

Jeremy Lahners
jlahners@schemmer.com
The Schemmer Associates Inc.

<jo@neolabs.be> wrote in message
news:<200308042108.h74L81B09307@neo1.neolabs.be>...
Maybe I'll rephrase it shorter :

1) eventhough 'wbinfo -g' gives me the correct groups, they do not show
up when I go 'getent group'. Can it be the spaces in the Samba groups
'Domain Admins' and 'Domain Users'? Where is the information 
about these groups stored on the Samba pdc?

2) I only get winbind to do it's job (which is connecting to a local
share on the domain member with a winbind user) when I
a) set the parameter 'winbind cache timeout = 0'
OR
b) create the user locally on the domain member, which is of course what
we try to avoid by using winbind... 

any idea's why playing with the cache timeout causes a difference?

Thanks in advance...

the full story is below but I guess it's to long for anyone to read
*grin*

Jo De Baer

Thanks for the reply ! But no such luck : 


#group:     db files nisplus nis

passwd:     files winbind
shadow:     files winbind
group:      files winbind

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files


*grin*






On Tue, 5 Aug 2003 09:34:27 -0500 "Lahners, Jeremy" wrote:
> I had similar problems with getent on one of my servers.  After some
> investigation, I had forgotten to edit /etc/nsswitch.conf to add winbind
> to the users and groups there.  Wbinfo worked great, nothing from
> getent.  After the change, and a restart of winbind (don't know if that
> was necessary or not) all was well.
> 
> Jeremy Lahners
> jlahners@schemmer.com
> The Schemmer Associates Inc.
> 


> <jo@neolabs.be> wrote in message
> news:<200308042108.h74L81B09307@neo1.neolabs.be>...
> Maybe I'll rephrase it shorter :
> 
> 1) eventhough 'wbinfo -g' gives me the correct groups, they do not
show
> up when I go 'getent group'. Can it be the spaces in the Samba
groups
> 'Domain Admins' and 'Domain Users'? Where is the
information
> about these groups stored on the Samba pdc?
> 
> 2) I only get winbind to do it's job (which is connecting to a local
> share on the domain member with a winbind user) when I
> a) set the parameter 'winbind cache timeout = 0'
> OR
> b) create the user locally on the domain member, which is of course what
> we try to avoid by using winbind... 
> 
> any idea's why playing with the cache timeout causes a difference?
> 
> Thanks in advance...
> 
> the full story is below but I guess it's to long for anyone to read
> *grin*
> 
> Jo De Baer
NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be

I don't have winbind under shadow.  I don't know if that would matter or
not.

Jeremy Lahners
Manager, I.T.
The Schemmer Associates Inc.
(402) 493-4800 (P)
(402) 493-7951 (F)


-----Original Message-----
From: jo@neolabs.be [mailto:jo@neolabs.be] 
Sent: Tuesday, August 05, 2003 10:05 AM
To: Lahners, Jeremy
Cc: samba@lists.samba.org
Subject: Re: Finally winbind on RH9 working, but why ?

Thanks for the reply ! But no such luck : 


#group:     db files nisplus nis

passwd:     files winbind
shadow:     files winbind
group:      files winbind

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files


*grin*






On Tue, 5 Aug 2003 09:34:27 -0500 "Lahners, Jeremy" wrote:
> I had similar problems with getent on one of my servers.  After some
> investigation, I had forgotten to edit /etc/nsswitch.conf to add
winbind
> to the users and groups there.  Wbinfo worked great, nothing from
> getent.  After the change, and a restart of winbind (don't know if
that
> was necessary or not) all was well.
> 
> Jeremy Lahners
> jlahners@schemmer.com
> The Schemmer Associates Inc.
> 


> <jo@neolabs.be> wrote in message
> news:<200308042108.h74L81B09307@neo1.neolabs.be>...
> Maybe I'll rephrase it shorter :
> 
> 1) eventhough 'wbinfo -g' gives me the correct groups, they do not
show
> up when I go 'getent group'. Can it be the spaces in the Samba
groups
> 'Domain Admins' and 'Domain Users'? Where is the
information
> about these groups stored on the Samba pdc?
> 
> 2) I only get winbind to do it's job (which is connecting to a local
> share on the domain member with a winbind user) when I
> a) set the parameter 'winbind cache timeout = 0'
> OR
> b) create the user locally on the domain member, which is of course
what
> we try to avoid by using winbind... 
> 
> any idea's why playing with the cache timeout causes a difference?
> 
> Thanks in advance...
> 
> the full story is below but I guess it's to long for anyone to read
> *grin*
> 
> Jo De Baer
NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be

No... just tested it :(

if you have time : does you output of wbinfo resembles this :

[root@client root]# wbinfo -u
root
jo
[root@client root]# wbinfo -g
Domain Admins
Domain Users


I REALLY wonder where these groups are stored on the pdc... I find
no trace of them in /etc/samba/smbpasswd or anywhere...






On Tue, 5 Aug 2003 10:08:13 -0500 "Lahners, Jeremy" wrote:
> I don't have winbind under shadow.  I don't know if that would
matter or
> not.
> 
> Jeremy Lahners
> Manager, I.T.
> The Schemmer Associates Inc.
> (402) 493-4800 (P)
> (402) 493-7951 (F)
> 
> 
> -----Original Message-----
> From: jo@neolabs.be [mailto:jo@neolabs.be] 
> Sent: Tuesday, August 05, 2003 10:05 AM
> To: Lahners, Jeremy
> Cc: samba@lists.samba.org
> Subject: Re: Finally winbind on RH9 working, but why ?
> 
> Thanks for the reply ! But no such luck : 
> 
> 
> #group:     db files nisplus nis
> 
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
> 
> #hosts:     db files nisplus nis dns
> hosts:      files dns
> 
> # Example - obey only what nisplus tells us...
> #services:   nisplus [NOTFOUND=return] files
> 
> 
> *grin*
> 
> 
> 
> 
> 
> 
> On Tue, 5 Aug 2003 09:34:27 -0500 "Lahners, Jeremy" wrote:
> 
> > I had similar problems with getent on one of my servers.  After some
> > investigation, I had forgotten to edit /etc/nsswitch.conf to add
> winbind
> > to the users and groups there.  Wbinfo worked great, nothing from
> > getent.  After the change, and a restart of winbind (don't know if
> that
> > was necessary or not) all was well.
> > 
> > Jeremy Lahners
> > jlahners@schemmer.com
> > The Schemmer Associates Inc.
> > 
> 
> 
> 
> 
> > <jo@neolabs.be> wrote in message
> > news:<200308042108.h74L81B09307@neo1.neolabs.be>...
> > Maybe I'll rephrase it shorter :
> > 
> > 1) eventhough 'wbinfo -g' gives me the correct groups, they do
not
> show
> > up when I go 'getent group'. Can it be the spaces in the Samba
groups
> > 'Domain Admins' and 'Domain Users'? Where is the
information
> > about these groups stored on the Samba pdc?
> > 
> > 2) I only get winbind to do it's job (which is connecting to a
local
> > share on the domain member with a winbind user) when I
> > a) set the parameter 'winbind cache timeout = 0'
> > OR
> > b) create the user locally on the domain member, which is of course
> what
> > we try to avoid by using winbind... 
> > 
> > any idea's why playing with the cache timeout causes a difference?
> > 
> > Thanks in advance...
> > 
> > the full story is below but I guess it's to long for anyone to
read
> > *grin*
> > 
> > Jo De Baer
> 
> NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be

[root@MaryAnn admin]# wbinfo -u
administrator
Guest
TsInternetUser

[root@MaryAnn admin]# wbinfo -g
DHCP Users
DHCP Administrators
WINS Users
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Cert Publishers
Domain Admins
Domain Users
Domain Guests

Jeremy Lahners
Manager, I.T.
The Schemmer Associates Inc.
(402) 493-4800 (P)
(402) 493-7951 (F)


-----Original Message-----
From: jo@neolabs.be [mailto:jo@neolabs.be] 
Sent: Tuesday, August 05, 2003 10:40 AM
To: Lahners, Jeremy
Cc: samba@lists.samba.org
Subject: Re: Finally winbind on RH9 working, but why ?

No... just tested it :(

if you have time : does you output of wbinfo resembles this :

[root@client root]# wbinfo -u
root
jo
[root@client root]# wbinfo -g
Domain Admins
Domain Users


I REALLY wonder where these groups are stored on the pdc... I find
no trace of them in /etc/samba/smbpasswd or anywhere...






On Tue, 5 Aug 2003 10:08:13 -0500 "Lahners, Jeremy" wrote:
> I don't have winbind under shadow.  I don't know if that would
matter
or
> not.
> 
> Jeremy Lahners
> Manager, I.T.
> The Schemmer Associates Inc.
> (402) 493-4800 (P)
> (402) 493-7951 (F)
> 
> 
> -----Original Message-----
> From: jo@neolabs.be [mailto:jo@neolabs.be] 
> Sent: Tuesday, August 05, 2003 10:05 AM
> To: Lahners, Jeremy
> Cc: samba@lists.samba.org
> Subject: Re: Finally winbind on RH9 working, but why ?
> 
> Thanks for the reply ! But no such luck : 
> 
> 
> #group:     db files nisplus nis
> 
> passwd:     files winbind
> shadow:     files winbind
> group:      files winbind
> 
> #hosts:     db files nisplus nis dns
> hosts:      files dns
> 
> # Example - obey only what nisplus tells us...
> #services:   nisplus [NOTFOUND=return] files
> 
> 
> *grin*
> 
> 
> 
> 
> 
> 
> On Tue, 5 Aug 2003 09:34:27 -0500 "Lahners, Jeremy" wrote:
> 
> > I had similar problems with getent on one of my servers.  After some
> > investigation, I had forgotten to edit /etc/nsswitch.conf to add
> winbind
> > to the users and groups there.  Wbinfo worked great, nothing from
> > getent.  After the change, and a restart of winbind (don't know if
> that
> > was necessary or not) all was well.
> > 
> > Jeremy Lahners
> > jlahners@schemmer.com
> > The Schemmer Associates Inc.
> > 
> 
> 
> 
> 
> > <jo@neolabs.be> wrote in message
> > news:<200308042108.h74L81B09307@neo1.neolabs.be>...
> > Maybe I'll rephrase it shorter :
> > 
> > 1) eventhough 'wbinfo -g' gives me the correct groups, they do
not
> show
> > up when I go 'getent group'. Can it be the spaces in the Samba
groups
> > 'Domain Admins' and 'Domain Users'? Where is the
information
> > about these groups stored on the Samba pdc?
> > 
> > 2) I only get winbind to do it's job (which is connecting to a
local
> > share on the domain member with a winbind user) when I
> > a) set the parameter 'winbind cache timeout = 0'
> > OR
> > b) create the user locally on the domain member, which is of course
> what
> > we try to avoid by using winbind... 
> > 
> > any idea's why playing with the cache timeout causes a difference?
> > 
> > Thanks in advance...
> > 
> > the full story is below but I guess it's to long for anyone to
read
> > *grin*
> > 
> > Jo De Baer
> 
> NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be

OKOKOKOKOK COOL:

could you tell me where all those nice groups like 
> DHCP Users
> DHCP Administrators
> WINS Users
> Domain Computers
> Domain Controllers
> Schema Admins
> Enterprise Admins
> Cert Publishers
come from ? Where do you define these. I DO guess you have
configure them? Think we're getting there... *grin*

Thanks

Jo



On Tue, 5 Aug 2003 10:42:50 -0500 "Lahners, Jeremy" wrote:
> [root@MaryAnn admin]# wbinfo -u
> administrator
> Guest
> TsInternetUser
> 
> [root@MaryAnn admin]# wbinfo -g
> DHCP Users
> DHCP Administrators
> WINS Users
> Domain Computers
> Domain Controllers
> Schema Admins
> Enterprise Admins
> Cert Publishers
> Domain Admins
> Domain Users
> Domain Guests
> 
> Jeremy Lahners
> Manager, I.T.
> The Schemmer Associates Inc.
> (402) 493-4800 (P)
> (402) 493-7951 (F)
> 
> 
> -----Original Message-----
> From: jo@neolabs.be [mailto:jo@neolabs.be] 
> Sent: Tuesday, August 05, 2003 10:40 AM
> To: Lahners, Jeremy
> Cc: samba@lists.samba.org
> Subject: Re: Finally winbind on RH9 working, but why ?
> 
> No... just tested it :(
> 
> if you have time : does you output of wbinfo resembles this :
> 
> [root@client root]# wbinfo -u
> root
> jo
> [root@client root]# wbinfo -g
> Domain Admins
> Domain Users
> 
> 
> I REALLY wonder where these groups are stored on the pdc... I find
> no trace of them in /etc/samba/smbpasswd or anywhere...
> 
> 
> 
> 
> 
> 
> On Tue, 5 Aug 2003 10:08:13 -0500 "Lahners, Jeremy" wrote:
> 
> > I don't have winbind under shadow.  I don't know if that would
matter
> or
> > not.
> > 
> > Jeremy Lahners
> > Manager, I.T.
> > The Schemmer Associates Inc.
> > (402) 493-4800 (P)
> > (402) 493-7951 (F)
> > 
> > 
> > -----Original Message-----
> > From: jo@neolabs.be [mailto:jo@neolabs.be] 
> > Sent: Tuesday, August 05, 2003 10:05 AM
> > To: Lahners, Jeremy
> > Cc: samba@lists.samba.org
> > Subject: Re: Finally winbind on RH9 working, but why ?
> > 
> > Thanks for the reply ! But no such luck : 
> > 
> > 
> > #group:     db files nisplus nis
> > 
> > passwd:     files winbind
> > shadow:     files winbind
> > group:      files winbind
> > 
> > #hosts:     db files nisplus nis dns
> > hosts:      files dns
> > 
> > # Example - obey only what nisplus tells us...
> > #services:   nisplus [NOTFOUND=return] files
> > 
> > 
> > *grin*
> > 
> > 
> > 
> > 
> > 
> > 
> > On Tue, 5 Aug 2003 09:34:27 -0500 "Lahners, Jeremy" wrote:
> > 
> > > I had similar problems with getent on one of my servers.  After
some
> > > investigation, I had forgotten to edit /etc/nsswitch.conf to add
> > winbind
> > > to the users and groups there.  Wbinfo worked great, nothing from
> > > getent.  After the change, and a restart of winbind (don't
know if
> > that
> > > was necessary or not) all was well.
> > > 
> > > Jeremy Lahners
> > > jlahners@schemmer.com
> > > The Schemmer Associates Inc.
> > > 
> > 
> > 
> > 
> > 
> > > <jo@neolabs.be> wrote in message
> > > news:<200308042108.h74L81B09307@neo1.neolabs.be>...
> > > Maybe I'll rephrase it shorter :
> > > 
> > > 1) eventhough 'wbinfo -g' gives me the correct groups,
they do not
> > show
> > > up when I go 'getent group'. Can it be the spaces in the
Samba
> groups
> > > 'Domain Admins' and 'Domain Users'? Where is the
information
> > > about these groups stored on the Samba pdc?
> > > 
> > > 2) I only get winbind to do it's job (which is connecting to
a local
> > > share on the domain member with a winbind user) when I
> > > a) set the parameter 'winbind cache timeout = 0'
> > > OR
> > > b) create the user locally on the domain member, which is of
course
> > what
> > > we try to avoid by using winbind... 
> > > 
> > > any idea's why playing with the cache timeout causes a
difference?
> > > 
> > > Thanks in advance...
> > > 
> > > the full story is below but I guess it's to long for anyone
to read
> > > *grin*
> > > 
> > > Jo De Baer
> > 
> > NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
> 
> NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be

I have some new information on getent group not showing the groups
in samba 2.2.8a on Redhat 9. 

in the client log on teh samba PDC I get 

[2003/08/06 09:47:47, 0] rpc_server/srv_samr_nt.c:_samr_open_group(2766)
  _samr_open_group: Not yet implemented.
[2003/08/06 09:47:47, 0] rpc_server/srv_samr_nt.c:_samr_open_group(2766)
  _samr_open_group: Not yet implemented.

every time I do 'getent group'

I looked up the code in the source and guess what, it's :

/*********************************************************************
 _samr_open_group
*********************************************************************/

NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u,
SAMR_R_OPEN_GROUP *r_u)
{
 	DEBUG(0,("_samr_open_group: Not yet implemented.\n"));
	return NT_STATUS_NOT_IMPLEMENTED;
}


so it makes sense...

HOWEVER there are numerous people for who 'getent group' apparently
DOES work, so I have no idea why this call is in fact executed in
my case. Probable he takes a wrong turn somewhere????

I am trying to trace back the call to find that wrong turn, but if
anyone can give me a hint here please do, it's a big ...


Jo De Baer

















 
Maybe I'll rephrase it shorter :
 
1) eventhough 'wbinfo -g' gives me the correct groups, they do nots how
up when I go 'getent group'. Can it be the spaces in the Samba groups
'Domain Admins' and 'Domain Users'? Where is the information
about these
groups stored on the Samba pdc?
 
2) I only get winbind to do it's job (which is connecting to a local
share on the domain member with a winbind user) when I
a) set the parameter 'winbind cache timeout = 0'
OR
b) create the user locally on the domain member, which is of course
what we try to avoid by using winbind... 

any idea's why playing with the cache timeout causes a difference?
 
Thanks in advance...
 
the full story is below but I guess it's to long for anyone to read
*grin*
> > > 
> > > Jo De Baer
> > 
> > NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
> 
> NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be

e.g. if someone running 2.2.8a successfully would have the time
to run 'getent group' on a domain member and garantee me that he
does NOT see the same messages appearing in the log for that member
on the samba PDC, that would tell me I'm looking in the right direction..,

*grin*

Jo De Baer



On Wed, 06 Aug 2003 14:37:34 +0200 jo@neolabs.be wrote:
> I have some new information on getent group not showing the groups
> in samba 2.2.8a on Redhat 9. 
> 
> in the client log on teh samba PDC I get 
> 
> [2003/08/06 09:47:47, 0] rpc_server/srv_samr_nt.c:_samr_open_group(2766)
>   _samr_open_group: Not yet implemented.
> [2003/08/06 09:47:47, 0] rpc_server/srv_samr_nt.c:_samr_open_group(2766)
>   _samr_open_group: Not yet implemented.
> 
> every time I do 'getent group'
 
> I looked up the code in the source and guess what, it's :
> 
> /*********************************************************************
>  _samr_open_group
> *********************************************************************/
> 
> NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u,
> SAMR_R_OPEN_GROUP *r_u)
> {
>  	DEBUG(0,("_samr_open_group: Not yet implemented.\n"));
> 	return NT_STATUS_NOT_IMPLEMENTED;
> }
> 
> 
> so it makes sense...
> 
> HOWEVER there are numerous people for who 'getent group' apparently
> DOES work, so I have no idea why this call is in fact executed in
> my case. Probable he takes a wrong turn somewhere????
> 
> I am trying to trace back the call to find that wrong turn, but if
> anyone can give me a hint here please do, it's a big ...
> 
> 
> Jo De Baer
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  
> Maybe I'll rephrase it shorter :
>  
> 1) eventhough 'wbinfo -g' gives me the correct groups, they do nots
how
> up when I go 'getent group'. Can it be the spaces in the Samba
groups
> 'Domain Admins' and 'Domain Users'? Where is the
information about these
> groups stored on the Samba pdc?
>  
> 2) I only get winbind to do it's job (which is connecting to a local
> share on the domain member with a winbind user) when I
> a) set the parameter 'winbind cache timeout = 0'
> OR
> b) create the user locally on the domain member, which is of course
> what we try to avoid by using winbind... 
> 
> any idea's why playing with the cache timeout causes a difference?
>  
> Thanks in advance...
>  
> the full story is below but I guess it's to long for anyone to read
> *grin*
> > > > 
> > > > Jo De Baer
> > > 
> > > NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
> > 
> > NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be
NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be

Since your email address ends with samba.org, I'll
take your word for it *grin*. Sorry for all my mails then,
but I did not know that...I guess most manuals these days are
kinda hybrid.

up to 3.0 then!

Thanks for the clarification!!!

Jo De Baer




On Wed, 6 Aug 2003 10:23:59 -0500 (CDT) "Gerald (Jerry) Carter" wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, 6 Aug 2003 jo@neolabs.be wrote:
> 
> > e.g. if someone running 2.2.8a successfully would have the time
> > to run 'getent group' on a domain member and garantee me that
he
> > does NOT see the same messages appearing in the log for that member
> > on the samba PDC, that would tell me I'm looking in the right
> direction..,
> 
> Samab 2.2 does not support winbind as a domain member of a Samba domain.
> You need Samba 3 for this.
> 
> 
> 
> 
> cheers, jerry
>  ----------------------------------------------------------------------
>  Hewlett-Packard            ------------------------- http://www.hp.com
>  SAMBA Team                 ---------------------- http://www.samba.org
>  GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
>  "You can never go home again, Oatman, but I guess you can shop
there."
>                             --John Cusack - "Grosse Point Blank"
(1997)
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: For info see http://quantumlab.net/pine_privacy_guard/
> 
> iD8DBQE/MR2QIR7qMdg1EfYRAnszAJ9UvQadQssjYu6O/gvZXZ5OsWg00QCfcg4L
> wmacv8uEzh9Abo87alB+SRs> =8glT
> -----END PGP SIGNATURE-----
NEOlabs - http://www.neolabs.be - mailto:info@neolabs.be