Hi Guys I compiled Samba 3.0.26a --with-ads and --with-winbind with krb5-1.6.2 and openldap-2.3.38 using gcc version 3.4.6 on Solaris 8. and added winbind in passwd entry in /etc/nsswitch.conf passwd: files winbind The problem is the entry "passwd: files winbind" in /etc/nsswitch.conf caused "ls -l" and Samba hang. If winbind is removed from nsswitch.conf, "ls -l" worked fine but Samba lost the ability to authenticate users against ADS. Does anyone know how to build Samba with ADS support on Solaris 8 without causing "ls -l" hang? Thanks Junmin Important: This email and any attachments may be confidential and may be privileged. If the email is not addressed to you please return it to us and destroy any copies you may have. Unauthorised use of this email and any attachment is prohibited. Defence Housing Australia will send you correspondence and documents by email if you request or if you use email to contact us. Email is not a secure form of communication and may transmit computer viruses. We take no responsibility for misdirection, corruption or unauthorised use of email communications nor for any damage that may be caused as a result of transmitting or receiving an email communication. It is your responsibility to establish your own protection against viruses or other damage. This message has been scanned for viruses and spam by SurfControl RiskFilter - E-mail.
Bai, Junmin wrote: [%<]> The problem is the entry "passwd: files winbind" in /etc/nsswitch.conf > caused "ls -l" and Samba hang. > If winbind is removed from nsswitch.conf, "ls -l" worked fine but Samba > lost the ability to authenticate > users against ADS. > > Does anyone know how to build Samba with ADS support on Solaris 8 > without causing "ls -l" hang?Do you have a working LDAP client configuration? Winbind *needs* a working LDAP configuration in order to contact the AD server; absent that, you'll get 60-90-second delays while the LDAP queries timeout. (The timeouts happen with anything that queries the passwd/group database, not just ls. You just notice it with ls -l because ls has to query both passwd and group to map uid/gid to names.) Take winbind out of your nsswitch.conf so you can use your system, get LDAP queries working to where you can fetch user information from your AD server, then reconfigure Winbind and put it back in. Don
Don Thanks for your reply. I understand what you mean. The command ldapsearch works fine and wbinfo -u and wbinfo -g work beautifully. It's openldap on solaris 8. Does it need any special configuration? Cheers Junmin -----Original Message----- From: samba-bounces+junmin.bai=dha.gov.au@lists.samba.org [mailto:samba-bounces+junmin.bai=dha.gov.au@lists.samba.org] On Behalf Of samba@piven.org Sent: Tuesday, 20 November 2007 11:52 PM To: samba@lists.samba.org Subject: Re: [Samba] winbind caused "ls -l" hang on solaris 8 Bai, Junmin wrote: [%<]> The problem is the entry "passwd: files winbind" in /etc/nsswitch.conf> caused "ls -l" and Samba hang. If winbind is removed from > nsswitch.conf, "ls -l" worked fine but Samba lost the ability to > authenticate users against ADS. > > Does anyone know how to build Samba with ADS support on Solaris 8 > without causing "ls -l" hang?Do you have a working LDAP client configuration? Winbind *needs* a working LDAP configuration in order to contact the AD server; absent that, you'll get 60-90-second delays while the LDAP queries timeout. (The timeouts happen with anything that queries the passwd/group database, not just ls. You just notice it with ls -l because ls has to query both passwd and group to map uid/gid to names.) Take winbind out of your nsswitch.conf so you can use your system, get LDAP queries working to where you can fetch user information from your AD server, then reconfigure Winbind and put it back in. Don -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Important: This email and any attachments may be confidential and may be privileged. If the email is not addressed to you please return it to us and destroy any copies you may have. Unauthorised use of this email and any attachment is prohibited. Defence Housing Australia will send you correspondence and documents by email if you request or if you use email to contact us. Email is not a secure form of communication and may transmit computer viruses. We take no responsibility for misdirection, corruption or unauthorised use of email communications nor for any damage that may be caused as a result of transmitting or receiving an email communication. It is your responsibility to establish your own protection against viruses or other damage. This message has been scanned for viruses and spam by SurfControl RiskFilter - E-mail.
Thanks for the reply. By disable nscd on solaris, the problem with "ls -l" hung is fixed. Now I notice another problem with the samba. I created a directory "test" in the samba share and was editing a file under the directory "test" and in the meantime the machine was rebooted. After the machine is started, the whole directory "test" is gone. Anybody know this issue. Thanks, Junmin -----Original Message----- From: samba-bounces+junmin.bai=dha.gov.au@lists.samba.org [mailto:samba-bounces+junmin.bai=dha.gov.au@lists.samba.org] On Behalf Of samba@piven.org Sent: Wednesday, 21 November 2007 11:48 AM To: samba@lists.samba.org Subject: Re: [Samba] winbind caused "ls -l" hang on solaris 8 Bai, Junmin wrote:> Thanks for your reply. I understand what you mean. The command > ldapsearch works fine and wbinfo -u and wbinfo -g work beautifully.What do "getent passwd" and "getent group" do? I bet they hang after showing the contents of your /etc files.> It's openldap on solaris 8. Does it need any special configuration?I admin a Linux system which authenticates against a W2K AD, and have the following NSS-related stuff in my /etc/nsswitch.conf: nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_objectclass uniqueMember member nss_map_attribute uid sAMAccountName nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute shadowLastChange pwdLastSet nss_map_objectclass posixGroup group nss_map_attribute cn sAMAccountName If your /etc/nsswitch.conf is missing these, add 'em and see if they make a difference. Don -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Important: This email and any attachments may be confidential and may be privileged. If the email is not addressed to you please return it to us and destroy any copies you may have. Unauthorised use of this email and any attachment is prohibited. Defence Housing Australia will send you correspondence and documents by email if you request or if you use email to contact us. Email is not a secure form of communication and may transmit computer viruses. We take no responsibility for misdirection, corruption or unauthorised use of email communications nor for any damage that may be caused as a result of transmitting or receiving an email communication. It is your responsibility to establish your own protection against viruses or other damage. This message has been scanned for viruses and spam by SurfControl RiskFilter - E-mail.