samba - Sep 2005 - Authenticating Samba against Active Directory

I trying to authenticate samba 3.0.13 against active directory using my SLES 9
linux box.
I have istalled OpenLDAP, Samba, Kerberos (Heimdal) and PAM. 
I can join my domain, and I can see using "wbinfo -u" the domain users
from active directory, but I cannot see them with the "getent passwd" 
command.

Can you help me?


The log generated with the "nmbd" is this:

[2005/09/30 16:31:29, 0] nmbd/nmbd.c:main(718)
  Netbios nameserver version 3.0.20 started.
  Copyright Andrew Tridgell and the Samba Team 1994-2004
[2005/09/30 16:31:29, 0] nmbd/nmbd.c:main(737)
  standard input is not a socket, assuming -D option

--------------------------------------------------------

The log generated with the "winbindd -i -d3" is this:

winbindd version 3.0.20 started.
Copyright The Samba Team 2000-2004
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file
"/opt/samba-3.0.13/lib/smb.conf"
Processing section "[global]"
Processing section "[public]"
adding IPC service
adding IPC service
added interface ip=192.168.211.146 bcast=192.168.211.255 nmask=255.255.255.0
added interface ip=192.168.211.146 bcast=192.168.211.255 nmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Added domain IVY IVY.LTD.UK S-1-5-21-286760449-2502667932-2086727194
Added domain BUILTIN  S-1-5-32
Added domain TS-IVY-01  S-1-5-21-300931632-1033023069-1792939587
resolve_lmhosts: Attempting lmhosts lookup for name
ms-ivy-01.ivy.ltd.uk<0x20>
resolve_wins: Attempting wins lookup for name ms-ivy-01.ivy.ltd.uk<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name ms-ivy-01.ivy.ltd.uk<0x20>
fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable)
fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily
unavailable)
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=109)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=ms-ivy-01$@IVY.LTD.UK
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration Sat, 01 Oct 2005 02:56:18 GMT
lsa_io_sec_qos: length c does not match size 8
[ 4584]: list trusted domains
ads: trusted_domains

--------------------------------------------------------------------------------------------


The above information is confidential to the addressee and may be privileged.
Unauthorised access and use is prohibited. Internet communications are not
secure and therefore this Company does not accept legal responsibility for the
contents of this message. If you are not the intended recipient, any disclosure,
copying, distribution, or any action taken or omitted to be taken in reliance on
it, is prohibited and may be unlawful. The sender does not accept any
responsibility for viruses and it is your responsibility to scan the email and
any attachments.

On Fri, 2005-09-30 at 16:58 +0100, Daniel Catz wrote:
> I trying to authenticate samba 3.0.13 against active directory using my
SLES 9 linux box.
> I have istalled OpenLDAP, Samba, Kerberos (Heimdal) and PAM. 
> I can join my domain, and I can see using "wbinfo -u" the 
> domain users from active directory, but I cannot see them 
> with the "getent passwd"  command.
Is 'winbind' set in your nsswtich.conf?  This controls what 'getent
passwd' sees.  I expect the YAST would have set all this up correctly:
did you use the suse tools, or handle this manually?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20051003/73b5ceef/attachment.bin