> on fedora, I think it is samba-winbind-clientsThis was already installed.> at one time 'authselect select winbind' would do this, but times change.authselect select winbind [error] [/etc/authselect/system-auth] has unexpected content! [error] [/etc/authselect/nsswitch.conf] has unexpected content! [error] Unexpected changes to the configuration were detected. [error] Refusing to activate profile unless those changes are removed or overwrite is requested. Some unexpected changes to the configuration were detected. Use --force parameter if you want to overwrite these changes. authselect select winbind --force [error] [/etc/authselect/system-auth] has unexpected content! [error] [/etc/authselect/nsswitch.conf] has unexpected content! Backup stored at /var/lib/authselect/backups/2021-10-13-22-52-26.HHhaHu Profile "winbind" was selected. The following nsswitch maps are overwritten by the profile: - passwd - group Make sure that winbind service is configured and enabled. See winbind documentation for more information. I made backups but I was told to be sure passwd and group was there and had the value of files winbind I'm not running winbind service, I'm running the binary and I'm guessing that's causing problems.> Because he wants to use fedora and was trying to use that distro for a DC.I am using Debian as my DC and Fedora is just a joining member that I'm trying to use as a fileserver ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In all things, Be Intentional. On Wed, Oct 13, 2021 at 11:25 AM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Wed, 2021-10-13 at 11:10 -0400, Rob Campbell wrote: > > I've been trying to figure it out but I can't so I'll just ask. > > Which links are you referring to and are these the links on the DC or > > the member? > > > > If you are using distro packages, then there will a package that > contains the libnss winbind links, on fedora, I think it is samba- > winbind-clients. You will then need to tell fedora to use these links, > at one time 'authselect select winbind' would do this, but times > change. You need to do this on any Unix machines you want 'getent' to > show your users and groups. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Wed, 2021-10-13 at 19:00 -0400, Rob Campbell wrote:> > on fedora, I think it is samba-winbind-clients > This was already installed. > > > at one time 'authselect select winbind' would do this, but times > change. > authselect select winbind > [error] [/etc/authselect/system-auth] has unexpected content! > [error] [/etc/authselect/nsswitch.conf] has unexpected content! > [error] Unexpected changes to the configuration were detected. > [error] Refusing to activate profile unless those changes are removed > or overwrite is requested. > > Some unexpected changes to the configuration were detected. > Use --force parameter if you want to overwrite these changes. > > authselect select winbind --force > [error] [/etc/authselect/system-auth] has unexpected content! > [error] [/etc/authselect/nsswitch.conf] has unexpected content! > Backup stored at /var/lib/authselect/backups/2021-10-13-22-52- > 26.HHhaHu > Profile "winbind" was selected. > The following nsswitch maps are overwritten by the profile: > - passwd > - group > > Make sure that winbind service is configured and enabled. See winbind > documentation for more information. > > I made backups but I was told to be sure passwd and group was there > and had the value of files winbind > > I'm not running winbind service, I'm running the binary and I'm > guessing that's causing problems. > > > Because he wants to use fedora and was trying to use that distro > for a DC. > I am using Debian as my DC and Fedora is just a joining member that > I'm trying to use as a fileserverPut /etc/nsswitch back to standard and then run the command again. What distro you use is up to you, but quite a few of the people who help on here use Debian (myself included), so you would get better help if you also used Debian. Rowland
On Wed, 2021-10-13 at 19:00 -0400, Rob Campbell wrote:> > on fedora, I think it is samba-winbind-clients > This was already installed. > > > at one time 'authselect select winbind' would do this, but times > change. > authselect select winbind > [error] [/etc/authselect/system-auth] has unexpected content! > [error] [/etc/authselect/nsswitch.conf] has unexpected content! > [error] Unexpected changes to the configuration were detected. > [error] Refusing to activate profile unless those changes are removed > or overwrite is requested. > > Some unexpected changes to the configuration were detected. > Use --force parameter if you want to overwrite these changes. > > authselect select winbind --force > [error] [/etc/authselect/system-auth] has unexpected content! > [error] [/etc/authselect/nsswitch.conf] has unexpected content! > Backup stored at /var/lib/authselect/backups/2021-10-13-22-52- > 26.HHhaHu > Profile "winbind" was selected. > The following nsswitch maps are overwritten by the profile: > - passwd > - group > > Make sure that winbind service is configured and enabled. See winbind > documentation for more information. > > I made backups but I was told to be sure passwd and group was there > and had the value of files winbind > > I'm not running winbind service, I'm running the binary and I'm > guessing that's causing problems. > > > Because he wants to use fedora and was trying to use that distro > for a DC. > I am using Debian as my DC and Fedora is just a joining member that > I'm trying to use as a fileserver > >I now think I understand the problem, fedora supplies various tools to configure things, one of which is authselect, from my understanding it is supposed to work like this: sudo authselect enable-feature with-mkhomedir sudo systemctl enable --now oddjobd sudo authselect select winbind Only problem is that the first one doesn't seem to work, it doesn't add mkhomedir to the pam stack, so when you try to login, you get: Could not chdir to home directory /home/rowland: No such file or directory It is further compounded by the pam_oddjob_mkhomedir manpage telling you that you need this: session optional /lib/security/pam_oddjob_mkhomedir.so When it actually requires this: session optional /usr/lib64/security/pam_oddjob_mkhomedir.so With that in /etc/pam.d/sshd , I could login via ssh and get the homedir created. I presume something similar is required in other PAM files, but I have no idea which and no real inclination to find out. Compare this with Debian, install the pam_mkhomedir package and it is all done for you. Rowland