Hello, I'm trying to use the nsswitch module. Everything compiled fine and I was happy to see my NT-domain-users with getent passwd. BUT getent passwd MYDOM+myuser doesn't work. ls -l returns only numeric uid's for domain members. After I tried a ls -l , getent passwd returns only the local users for some seconds. If I try it again 30 sec later I get the complete list again. I tried to write some lines of code and found that getpwent() works, but getpwuid() and getpwnam() don't. Any ideas ? Olaf
Hi there :) I've recently been playing with winbindd and squid and have achieved success thanks to hints from the kind folks on the squid mailing list. I have now gone to transfer this new knowledge to another system, but have come up against a small problem... I'm using Samba 2.2.7a on Debian woody, cjhiggins:~# wbinfo -p 'ping' to winbindd succeeded cjhiggins:~# wbinfo -t Secret is good cjhiggins:~# wbinfo -u 0xc0000022 cjhiggins:~# wbinfo -g 0xc0000022 yet... cjhiggins:~# wbinfo -a gdh%blahblah plaintext password authentication succeeded challenge/response password authentication succeeded The goal here is to bring back a list of groups, because I need to attach different levels of internet access to members of different NT groups. My /etc/nsswitch.conf contains: passwd: compat winbind group: compat winbind at the top, and 'getent passwd' doesn't show anything except the contents of /etc/passwd.>From googling, I have found that 0xc0000022 meansNT_STATUS_ACCESS_DENIED, but I'm not sure how or why, given that the Linux machine is listed in the Active Directory Users and Computers control panel, and the smbpasswd commandline to join the domain returned successfully. The only thing I can think of is the 'testbed' I used was a Win2000 machine that I converted to use Active Directory, and made sure to select the 'compatibility with NT4 servers' option. However, on this customer site, there are only Win2000 clients, so I'm guessing the server was set to 'Win2000 only mode' with the apparent enhanced security that provides. I've googled and read helpfiles, but have not been able to find a solution to this. Does anyone have any ideas? Cheers, Gavin.
> cjhiggins:~# wbinfo -t > Secret is good > cjhiggins:~# wbinfo -u > 0xc0000022 > cjhiggins:~# wbinfo -g > 0xc0000022 > > yet... > > cjhiggins:~# wbinfo -a gdh%blahblah > plaintext password authentication succeeded > challenge/response password authentication succeededLooks like you need to do a wbinfo -A administrator%password as your domain controller is not allowing anonymous listing. Note, not -a, it's -A. ~ Daniel ----------------------------------------------------------------------- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you.