On 12/03/09 17:42, Gaiseric Vandal wrote:> Sunfreeware.com has compiled packages of Samba 3.4.2 with kerberos and
> ldap support included (if you also install the ldap and kerberos
> packages from sunfreeware.) However it does not include the
> nss_winbind.so.* or libnss_winbind.so.* files.
>
>
> Solaris does include nss_winbind.so already (since it is included with
> Samba 3.0.x) or I could compile it from the 3.4.x source code. But
> then I am not sure if either of these would be compatible with
> Sunfreeware samba.
>
> I am using winbind in /etc/nsswitch.conf for supporting users in a
> trusted domain. under samba 3.0.x "getent passwd" did return
users
> from a trusted domain. On 3.4 it is not, although "wbinfo -u"
is
> working.
>
>
> Thanks
>
>
>
I copied the nss_winbind.so file I compiled to /usr/local/samba/lib.
Samba will use that in preference to any files in /usr/lib so I didn't
need to delete or move Sun provided nss_winbind.so file.
I added the following to smb.conf (they had not been required in samba
3.0.x.)
idmap uid = 30000-39999
idmap gid = 30000-39999
The following entries already exisited in smb.conf (and had been sufficient
idmap config TRUSTEDWINDOMAIN:backend = ldap
#idmap config TRUSTEDWINDOMAIN:readonly = no
idmap config TRUSTEDWINDOMAIN:readonly = yes
idmap config TRUSTEDWINDOMAIN:default=no
idmap config TRUSTEDWINDOMAIN:ldap_base_dn =
ou=administration,ou=idmap,o=domain.com
idmap config TRUSTEDWINDOMAIN:ldap_user_dn = cn=Directory Manager
idmap config TRUSTEDWINDOMAIN:ldap_url = ldap://ldapserver1.domain.com
idmap config TRUSTEDWINDOMAIN:range = 30000-39999
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=alloc,ou=idmap,o=domain.com
idmap alloc config:ldap_user_dn = cn=Directory Manager
idmap alloc config:ldap_url = ldap://ldapserver1.domain.com
idmap alloc config:range = 30000-39999
I also needed to add the following line to smb.conf
client schannel = no
This resolved "cm_get_ipc_userpass: No auth-user defined " error
messages in winbindd.log. I suspect this may be need to be set on the
PDC to resolve some other domain trust issues. The trusted domain is
Windows 2003 in mixed mode.
Ideally Sun will one day provide their own build of Samba 3.4.x.