Hi,
I'd appreciate any help getting winbind to work on Solaris 8 (Sparc).
I've followed the HOWTOs and other documents on the web but can't seem
to get even the basic functionality going.
Some platform info:
$ uname -a
SunOS epiuse-sun 5.8 Generic_108528-12 sun4u sparc SUNW,UltraAX-i2
$ smbd -V
Version 2.2.3a
On the NT side it is win2k with an ADS tree.
My samba config:
$ more /opt/samba/lib/smb.conf
[global]
workgroup = domain
netbios name = solaris
load printers = no
log file = /opt/samba/var/log.%m
max log size = 50
security = domain
password server = nt
encrypt passwords = yes
domain logons = no
interfaces = 10.5.3.6
local master = no
domain master = no
name resolve order = lmhosts wins bcast host
wins server = 10.5.1.1
winbind separator = +
winbind cache time = 10
template shell = /bin/false
template homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
now what i did:
$ /etc/init.d/samba stop
Stopping Samba
$ rm /opt/samba/private/*
$ smbpasswd -D 4 -j domain -r nt -U w2kadmin
added interface ip=10.5.3.6 bcast=10.5.3.255 nmask=255.255.255.0
Password:
resolve_lmhosts: Attempting lmhosts lookup for name nt<0x20>
startlmhosts: Can't open lmhosts file /opt/samba/lib/lmhosts. Error was
No such file or directory
resolve_wins: Attempting wins lookup for name nt<0x20>
resolve_wins: WINS server == <10.5.1.1>
bind succeeded on port 0
nmb packet from 10.5.1.1(137) header: id=6870 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=NT<20> rr_type=32 rr_class=1 ttl=5783
answers 0 char ...... hex 00000A050303
Got a positive name query response from 10.5.1.1 ( 10.5.3.3 )
Connecting to 10.5.3.3 at port 445
session setup ok
Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
Joined domain DOMAIN.
$ /etc/init.d/samba start
Starting Samba
$ wbinfo -t
Secret is bad
0xc0000001
$ wbinfo -u
Error looking up domain users
I've changed the domain name and the names of the 2 servers above to
make it easier to follow (the problem does not seem to be with name
resolution). I get these results even when I delete the Solaris machine
from the ADS tree, or if I add it to the ADS tree manually with the
backwards compatibility check.
I'm running my winbindd logs at debug level 1, and I have messages like
these:
[2002/02/11 07:17:59, 1] nsswitch/winbindd_util.c:get_domain_info(137)
getting trusted domain list
[2002/02/11 07:17:59, 1]
libsmb/cliconnect.c:cli_establish_connection(867)
failed tcon_X
[2002/02/11 07:18:08, 1] nsswitch/winbindd_util.c:get_domain_info(137)
getting trusted domain list
Any ideas?
Thank you,
Jan van rensburg
You might want to try not using the -U option when joining the domain.
Instead, create the machine account on the NT server first, allow time for
the account to propagate, then join. What should happen is the machine
account password that NT uses should be copied to the /private directory and
smbpasswd should randomly generate a MACHINE.SID and send that back to the
domain controller to store in it's machine database. I'm not convinced
that
-U works outside of linux.
-Dan
-----Original Message-----
From: Jan van Rensburg [mailto:jan.van.rensburg@epiuse.com]
Sent: Wednesday, February 13, 2002 5:37 AM
To: samba@lists.samba.org
Subject: [Samba] Winbind problems
Hi,
I'd appreciate any help getting winbind to work on Solaris 8 (Sparc).
I've followed the HOWTOs and other documents on the web but can't seem
to get even the basic functionality going.
Some platform info:
$ uname -a
SunOS epiuse-sun 5.8 Generic_108528-12 sun4u sparc SUNW,UltraAX-i2
$ smbd -V
Version 2.2.3a
On the NT side it is win2k with an ADS tree.
My samba config:
$ more /opt/samba/lib/smb.conf
[global]
workgroup = domain
netbios name = solaris
load printers = no
log file = /opt/samba/var/log.%m
max log size = 50
security = domain
password server = nt
encrypt passwords = yes
domain logons = no
interfaces = 10.5.3.6
local master = no
domain master = no
name resolve order = lmhosts wins bcast host
wins server = 10.5.1.1
winbind separator = +
winbind cache time = 10
template shell = /bin/false
template homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
now what i did:
$ /etc/init.d/samba stop
Stopping Samba
$ rm /opt/samba/private/*
$ smbpasswd -D 4 -j domain -r nt -U w2kadmin
added interface ip=10.5.3.6 bcast=10.5.3.255 nmask=255.255.255.0
Password:
resolve_lmhosts: Attempting lmhosts lookup for name nt<0x20>
startlmhosts: Can't open lmhosts file /opt/samba/lib/lmhosts. Error was
No such file or directory
resolve_wins: Attempting wins lookup for name nt<0x20>
resolve_wins: WINS server == <10.5.1.1>
bind succeeded on port 0
nmb packet from 10.5.1.1(137) header: id=6870 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=NT<20> rr_type=32 rr_class=1 ttl=5783
answers 0 char ...... hex 00000A050303
Got a positive name query response from 10.5.1.1 ( 10.5.3.3 )
Connecting to 10.5.3.3 at port 445
session setup ok
Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
Joined domain DOMAIN.
$ /etc/init.d/samba start
Starting Samba
$ wbinfo -t
Secret is bad
0xc0000001
$ wbinfo -u
Error looking up domain users
I've changed the domain name and the names of the 2 servers above to
make it easier to follow (the problem does not seem to be with name
resolution). I get these results even when I delete the Solaris machine
from the ADS tree, or if I add it to the ADS tree manually with the
backwards compatibility check.
I'm running my winbindd logs at debug level 1, and I have messages like
these:
[2002/02/11 07:17:59, 1] nsswitch/winbindd_util.c:get_domain_info(137)
getting trusted domain list
[2002/02/11 07:17:59, 1]
libsmb/cliconnect.c:cli_establish_connection(867)
failed tcon_X
[2002/02/11 07:18:08, 1] nsswitch/winbindd_util.c:get_domain_info(137)
getting trusted domain list
Any ideas?
Thank you,
Jan van rensburg
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
I was having close to the exact same problem. What was causing it was I
had split wins servers (WINS servers that had other WINS servers listed
in their network settings) and I was getting bogus IP address and names
reported for domain controllers. So when winbind was trying to find a
domain controller, WINS was saying that there was one at ip address
x.x.x.x when there hadn't been one there for years. What I had to do
was make the wins servers ONLY talk to themselves (besides replication
of course) and set the replication to every 2 hours. This had the
effect of clearing out the junk that was sitting in the WINS DB. As
soon as I did that, everything was working A-OK.
-----Original Message-----
From: Thomas, Daniel J. [mailto:Daniel.Thomas@jhuapl.edu]
Sent: Wednesday, February 13, 2002 11:17 AM
To: 'Jan van Rensburg'; samba@lists.samba.org
Subject: RE: [Samba] Winbind problems
You might want to try not using the -U option when joining the domain.
Instead, create the machine account on the NT server first, allow time
for the account to propagate, then join. What should happen is the
machine account password that NT uses should be copied to the /private
directory and smbpasswd should randomly generate a MACHINE.SID and send
that back to the domain controller to store in it's machine database.
I'm not convinced that -U works outside of linux. -Dan
-----Original Message-----
From: Jan van Rensburg [mailto:jan.van.rensburg@epiuse.com]
Sent: Wednesday, February 13, 2002 5:37 AM
To: samba@lists.samba.org
Subject: [Samba] Winbind problems
Hi,
I'd appreciate any help getting winbind to work on Solaris 8 (Sparc).
I've followed the HOWTOs and other documents on the web but can't seem
to get even the basic functionality going.
Some platform info:
$ uname -a
SunOS epiuse-sun 5.8 Generic_108528-12 sun4u sparc SUNW,UltraAX-i2 $
smbd -V Version 2.2.3a
On the NT side it is win2k with an ADS tree.
My samba config:
$ more /opt/samba/lib/smb.conf
[global]
workgroup = domain
netbios name = solaris
load printers = no
log file = /opt/samba/var/log.%m
max log size = 50
security = domain
password server = nt
encrypt passwords = yes
domain logons = no
interfaces = 10.5.3.6
local master = no
domain master = no
name resolve order = lmhosts wins bcast host
wins server = 10.5.1.1
winbind separator = +
winbind cache time = 10
template shell = /bin/false
template homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
now what i did:
$ /etc/init.d/samba stop
Stopping Samba
$ rm /opt/samba/private/*
$ smbpasswd -D 4 -j domain -r nt -U w2kadmin
added interface ip=10.5.3.6 bcast=10.5.3.255 nmask=255.255.255.0
Password:
resolve_lmhosts: Attempting lmhosts lookup for name nt<0x20>
startlmhosts: Can't open lmhosts file /opt/samba/lib/lmhosts. Error was
No such file or directory
resolve_wins: Attempting wins lookup for name nt<0x20>
resolve_wins: WINS server == <10.5.1.1>
bind succeeded on port 0
nmb packet from 10.5.1.1(137) header: id=6870 opcode=Query(0)
response=Yes
header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=NT<20> rr_type=32 rr_class=1 ttl=5783
answers 0 char ...... hex 00000A050303
Got a positive name query response from 10.5.1.1 ( 10.5.3.3 ) Connecting
to 10.5.3.3 at port 445 session setup ok Domain=[DOMAIN] OS=[Windows
5.0] Server=[Windows 2000 LAN Manager] Joined domain DOMAIN. $
/etc/init.d/samba start Starting Samba $ wbinfo -t Secret is bad
0xc0000001 $ wbinfo -u Error looking up domain users
I've changed the domain name and the names of the 2 servers above to
make it easier to follow (the problem does not seem to be with name
resolution). I get these results even when I delete the Solaris machine
from the ADS tree, or if I add it to the ADS tree manually with the
backwards compatibility check.
I'm running my winbindd logs at debug level 1, and I have messages like
these:
[2002/02/11 07:17:59, 1] nsswitch/winbindd_util.c:get_domain_info(137)
getting trusted domain list
[2002/02/11 07:17:59, 1]
libsmb/cliconnect.c:cli_establish_connection(867)
failed tcon_X
[2002/02/11 07:18:08, 1] nsswitch/winbindd_util.c:get_domain_info(137)
getting trusted domain list
Any ideas?
Thank you,
Jan van rensburg
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4678 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20020213/bfc502f9/attachment.bin
List,
I am new to this list, so please forgive me if this has been mulched over
several thousand times. Here is my issues.
1> When doing a getent passwd or group, sometimes it works, some times it
doesnt. Meaning, when I issue these commands, sometimes is lists the Domain info
and sometimes it just lists the local unix info. This might be a contributing
issues for the next problem.
2> I can use winbind info for shares and such, but when I use the
PAM_WINBIND.SO to try and authenticate domain users for SSH access, I get an
access denied. This is some output from the messages log file...
Jun 25 10:34:53 alblinux sshd(pam_unix)[1564]: check pass; user unknown
Jun 25 10:34:53 alblinux sshd(pam_unix)[1564]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:34:53 alblinux pam_winbind[1564]: user 'DOMAIN+username'
granted acces
Jun 25 10:36:48 alblinux sshd(pam_unix)[1574]: check pass; user unknown
Jun 25 10:36:48 alblinux sshd(pam_unix)[1574]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:36:48 alblinux pam_winbind[1574]: user 'DOMAIN+username'
granted acces
Jun 25 10:36:53 alblinux sshd(pam_unix)[1574]: check pass; user unknown
Jun 25 10:36:53 alblinux pam_winbind[1574]: user 'DOMAIN+username'
granted acces
Jun 25 10:36:59 alblinux sshd(pam_unix)[1574]: 1 more authentication failure;
logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:37:20 alblinux login(pam_unix)[1056]: check pass; user unknown
Jun 25 10:37:20 alblinux login(pam_unix)[1056]: authentication failure;
logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
Jun 25 10:37:23 alblinux pam_winbind[1056]: user 'DOMAIN+username'
granted acces
Jun 25 10:37:25 alblinux login[1056]: FAILED LOGIN 1 FROM (null) FOR
DOMAIN+username, Authentication failure
Jun 25 10:37:34 alblinux login(pam_unix)[1056]: check pass; user unknown
Jun 25 10:37:34 alblinux login(pam_unix)[1056]: authentication failure;
logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
Jun 25 10:37:36 alblinux pam_winbind[1056]: request failed, PAM error was 4, NT
error was NT_STATUS_INVALID_PARAMETER
Jun 25 10:37:36 alblinux pam_winbind[1056]: internal module error (retval = 4,
user = `nt username'
Jun 25 10:37:39 alblinux login[1056]: FAILED LOGIN 2 FROM (null) FOR nt
username, Authentication failure
Jun 25 10:39:48 alblinux sshd: sshd -TERM succeeded
Jun 25 10:39:48 alblinux sshd: succeeded
Jun 25 10:40:00 alblinux sshd(pam_unix)[1605]: check pass; user unknown
Jun 25 10:40:00 alblinux sshd(pam_unix)[1605]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address'
Jun 25 10:40:00 alblinux pam_winbind[1605]: user 'DOMAIN+username'
granted acces
Jun 25 10:41:23 alblinux samba(pam_unix)[1625]: session opened for user
DOMAIN+username by (uid=0)
Jun 25 10:43:27 alblinux su(pam_unix)[1169]: session closed for user root
Jun 25 10:43:29 alblinux sshd(pam_unix)[1065]: session closed for user 'unix
username'
Here is my smb.conf file.
[global]
smb passwd file = /etc/samba/smbpasswd
wins server = 'wins ip adrress
passwd program = /usr/bin/passwd %u
pam password change = yes
printing = lprng
dns proxy = no
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
max log size = 0
preferred master = no
password server = ALBPDC01
obey pam restrictions = yes
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
security = domain
unix password sync = Yes
server string = ALBLINUX_Samba Server
workgroup = ALBDOMNT
netbios name = alblinux
log file = /var/log/samba/%m.log
load printers = yes
os level = 33
# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
# might need to disable these next two for performance
# reasons on the winbindd host
winbind enum users = no
winbind enum groups = no
# give winbind users a real shell (only needed if they have
telnet/sshd/etc... access)
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
here is my pam.d login and ssh config files
Login:
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
SSHD:
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
Hope someone can help...
Thanks In Advance.
Joe Giles
jgiles@joeman1.com
AOL ID: mcigiles
I am also having winbind problems. I cannot get a list of domain users, I seem to get Only a hex number. wbinfo - t Secret is Good wbinfo -n DOMAINUSERNAME gives me the users sid wbinfo -m no results wbinfo -a domain+user%password Plaintext password authentication succeeded wbinfo -u or -g 0xc0000022 getent passwd lists only local users getent group lists only local groups. ------------------------ -- Kenny Mann