Environment: Sun Solaris 9 sparc Software: Samba-3.3.3, KRB5-1.6.3, OpenLDAP-2.4.11 Problem: Am trying to create shares with Samba so that users can map to folders on this server using Active Directory. I am successful in creating a Kerberos ticket; I can join the domain; and wbinfo -u and -g give me users in the AD. However, getent passwd only gives me a list of users on the server and not in the AD. The winbindd.log file has a lot of these lines: [2009/06/15 10:41:59, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) [2009/06/15 10:43:29, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616) request_len_recv: Invalid request size received: 2088 (expected 2096) If you have any advice and/or guidance, I would greatly appreciate it. Thank you! *********************************** * Jamen McGranahan * Systems Services Librarian * Library Information Technology Services * Vanderbilt University * Suite 700 * 110 21st Avenue South * Nashville, TN 37240 * (615) 343-1614 * (615) 343-8834 (fax) * jamen.mcgranahan@vanderbilt.edu ***********************************
On Mon, Jun 15, 2009 at 12:36 PM, David Eisner<deisner@gmail.com> wrote:> /usr/lib/nsswinbind.so.1.That should say "/usr/lib/nss_winbind.so.1". -David -- David Eisner http://cradle.brokenglass.com
On Mon, Jun 15, 2009 at 11:50 AM, McGranahan, Jamen<jamen.mcgranahan@vanderbilt.edu> wrote:> [2009/06/15 10:41:59, ?0] winbindd/winbindd.c:request_len_recv(616) > ?request_len_recv: Invalid request size received: 2088 (expected 2096)When I see this, it's because I'm using an old nss_winbind.so (i.e. not the one compiled with the winbindd i'm running). This happens for one of two reasons: Either I forgot to copy over the new nss_winbind.so when I installed Samba, or a Solaris update overwrote /usr/lib/nsswinbind.so.1. -David -- David Eisner http://cradle.brokenglass.com
> Environment: Sun Solaris 9 sparc > Software: Samba-3.3.3, KRB5-1.6.3, OpenLDAP-2.4.11 > Problem: > Am trying to create shares with Samba so that users can map to folders > on this server using Active Directory. I am successful in creating a > Kerberos ticket; I can join the domain; and wbinfo -u and -g give me > users in the AD. However, getent passwd only gives me a list of users > on the server and not in the AD. The winbindd.log file has a lot of > these lines: > > [2009/06/15 10:41:59, 0] winbindd/winbindd.c:request_len_recv(616) > request_len_recv: Invalid request size received: 2088 (expected 2096) > [2009/06/15 10:43:29, 0] winbindd/winbindd.c:request_len_recv(616) > request_len_recv: Invalid request size received: 2088 (expected 2096) > [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616) > request_len_recv: Invalid request size received: 2088 (expected 2096) > [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616) > request_len_recv: Invalid request size received: 2088 (expected 2096) > [2009/06/15 10:47:54, 0] winbindd/winbindd.c:request_len_recv(616) > request_len_recv: Invalid request size received: 2088 (expected 2096) > > If you have any advice and/or guidance, I would greatly appreciate it. > Thank you!I don't think you need to use winbind. In all of my situations, winbind only got in the way, and I always have more success with winbind disabled. It's been a while since I read what winbind was for - I think it's meant to keep track of UID/username mappings, to ensure consistency among multiple samba servers if you have more than one. For this purpose, I just use the regular passwd files or NIS, both of which I think are more reliable and simpler to manage. Instead of winbind, I just use "net join -w DOMAIN -U administrator" and use smb.conf like this: [global] workgroup = DOMAIN realm = DOMAIN.COM server string = Samba Server security = DOMAIN log file = /var/samba/log/log.%m max log size = 50 unix extensions = No load printers = No printcap name = /dev/null dns proxy = No wins server = 192.168.x.y ldap ssl = no create mask = 0660 security mask = 0660 directory mask = 0770 directory security mask = 0770 [share] path = /share read only = No
> -----Original Message----- > From: > samba-bounces+james_zuelow=ci.juneau.ak.us@lists.samba.org > [mailto:samba-bounces+james_zuelow=ci.juneau.ak.us@lists.samba > .org] On Behalf Of McGranahan, Jamen > Sent: Monday, 15 June, 2009 07:50 > To: samba@lists.samba.org > Subject: [Samba] Samba with ADS > > Environment: Sun Solaris 9 sparc > Software: Samba-3.3.3, KRB5-1.6.3, OpenLDAP-2.4.11 > Problem: > Am trying to create shares with Samba so that users can map > to folders on this server using Active Directory. I am > successful in creating a Kerberos ticket; I can join the > domain; and wbinfo -u and -g give me users in the AD. > However, getent passwd only gives me a list of users on the > server and not in the AD. The winbindd.log file has a lot of > these lines:--8<-- snip -->8--> > If you have any advice and/or guidance, I would greatly > appreciate it. Thank you! >The getent passwd trouble may be a red herring. If you do not have these lines in smb.conf Winbind enum users = Yes Winbind enum groups = Yes Then wbinfo -u will work, but getent passwd will not. Generally you want to leave enumumerating users and groups turned off (the default) on larger domains. In my experience having them turned on can delay share access, restart times, etc. However enumerating users and groups so that getent passwd works is not necessary for shares to work correctly or users to map drives in AD. (At least this is true for Debian, I don't know about Solaris.) James