Hi, I'd appreciate any help getting winbind to work on Solaris 8 (Sparc). I've followed the HOWTOs and other documents on the web but can't seem to get even the basic functionality going. Some platform info: $ uname -a SunOS epiuse-sun 5.8 Generic_108528-12 sun4u sparc SUNW,UltraAX-i2 $ smbd -V Version 2.2.3a On the NT side it is win2k with an ADS tree. My samba config: $ more /opt/samba/lib/smb.conf [global] workgroup = domain netbios name = solaris load printers = no log file = /opt/samba/var/log.%m max log size = 50 security = domain password server = nt encrypt passwords = yes domain logons = no interfaces = 10.5.3.6 local master = no domain master = no name resolve order = lmhosts wins bcast host wins server = 10.5.1.1 winbind separator = + winbind cache time = 10 template shell = /bin/false template homedir = /home/%D/%U winbind uid = 10000-20000 winbind gid = 10000-20000 now what i did: $ /etc/init.d/samba stop Stopping Samba $ rm /opt/samba/private/* $ smbpasswd -D 4 -j domain -r nt -U w2kadmin added interface ip=10.5.3.6 bcast=10.5.3.255 nmask=255.255.255.0 Password: resolve_lmhosts: Attempting lmhosts lookup for name nt<0x20> startlmhosts: Can't open lmhosts file /opt/samba/lib/lmhosts. Error was No such file or directory resolve_wins: Attempting wins lookup for name nt<0x20> resolve_wins: WINS server == <10.5.1.1> bind succeeded on port 0 nmb packet from 10.5.1.1(137) header: id=6870 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=NT<20> rr_type=32 rr_class=1 ttl=5783 answers 0 char ...... hex 00000A050303 Got a positive name query response from 10.5.1.1 ( 10.5.3.3 ) Connecting to 10.5.3.3 at port 445 session setup ok Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Joined domain DOMAIN. $ /etc/init.d/samba start Starting Samba $ wbinfo -t Secret is bad 0xc0000001 $ wbinfo -u Error looking up domain users I've changed the domain name and the names of the 2 servers above to make it easier to follow (the problem does not seem to be with name resolution). I get these results even when I delete the Solaris machine from the ADS tree, or if I add it to the ADS tree manually with the backwards compatibility check. I'm running my winbindd logs at debug level 1, and I have messages like these: [2002/02/11 07:17:59, 1] nsswitch/winbindd_util.c:get_domain_info(137) getting trusted domain list [2002/02/11 07:17:59, 1] libsmb/cliconnect.c:cli_establish_connection(867) failed tcon_X [2002/02/11 07:18:08, 1] nsswitch/winbindd_util.c:get_domain_info(137) getting trusted domain list Any ideas? Thank you, Jan van rensburg
You might want to try not using the -U option when joining the domain. Instead, create the machine account on the NT server first, allow time for the account to propagate, then join. What should happen is the machine account password that NT uses should be copied to the /private directory and smbpasswd should randomly generate a MACHINE.SID and send that back to the domain controller to store in it's machine database. I'm not convinced that -U works outside of linux. -Dan -----Original Message----- From: Jan van Rensburg [mailto:jan.van.rensburg@epiuse.com] Sent: Wednesday, February 13, 2002 5:37 AM To: samba@lists.samba.org Subject: [Samba] Winbind problems Hi, I'd appreciate any help getting winbind to work on Solaris 8 (Sparc). I've followed the HOWTOs and other documents on the web but can't seem to get even the basic functionality going. Some platform info: $ uname -a SunOS epiuse-sun 5.8 Generic_108528-12 sun4u sparc SUNW,UltraAX-i2 $ smbd -V Version 2.2.3a On the NT side it is win2k with an ADS tree. My samba config: $ more /opt/samba/lib/smb.conf [global] workgroup = domain netbios name = solaris load printers = no log file = /opt/samba/var/log.%m max log size = 50 security = domain password server = nt encrypt passwords = yes domain logons = no interfaces = 10.5.3.6 local master = no domain master = no name resolve order = lmhosts wins bcast host wins server = 10.5.1.1 winbind separator = + winbind cache time = 10 template shell = /bin/false template homedir = /home/%D/%U winbind uid = 10000-20000 winbind gid = 10000-20000 now what i did: $ /etc/init.d/samba stop Stopping Samba $ rm /opt/samba/private/* $ smbpasswd -D 4 -j domain -r nt -U w2kadmin added interface ip=10.5.3.6 bcast=10.5.3.255 nmask=255.255.255.0 Password: resolve_lmhosts: Attempting lmhosts lookup for name nt<0x20> startlmhosts: Can't open lmhosts file /opt/samba/lib/lmhosts. Error was No such file or directory resolve_wins: Attempting wins lookup for name nt<0x20> resolve_wins: WINS server == <10.5.1.1> bind succeeded on port 0 nmb packet from 10.5.1.1(137) header: id=6870 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=NT<20> rr_type=32 rr_class=1 ttl=5783 answers 0 char ...... hex 00000A050303 Got a positive name query response from 10.5.1.1 ( 10.5.3.3 ) Connecting to 10.5.3.3 at port 445 session setup ok Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Joined domain DOMAIN. $ /etc/init.d/samba start Starting Samba $ wbinfo -t Secret is bad 0xc0000001 $ wbinfo -u Error looking up domain users I've changed the domain name and the names of the 2 servers above to make it easier to follow (the problem does not seem to be with name resolution). I get these results even when I delete the Solaris machine from the ADS tree, or if I add it to the ADS tree manually with the backwards compatibility check. I'm running my winbindd logs at debug level 1, and I have messages like these: [2002/02/11 07:17:59, 1] nsswitch/winbindd_util.c:get_domain_info(137) getting trusted domain list [2002/02/11 07:17:59, 1] libsmb/cliconnect.c:cli_establish_connection(867) failed tcon_X [2002/02/11 07:18:08, 1] nsswitch/winbindd_util.c:get_domain_info(137) getting trusted domain list Any ideas? Thank you, Jan van rensburg -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
I was having close to the exact same problem. What was causing it was I had split wins servers (WINS servers that had other WINS servers listed in their network settings) and I was getting bogus IP address and names reported for domain controllers. So when winbind was trying to find a domain controller, WINS was saying that there was one at ip address x.x.x.x when there hadn't been one there for years. What I had to do was make the wins servers ONLY talk to themselves (besides replication of course) and set the replication to every 2 hours. This had the effect of clearing out the junk that was sitting in the WINS DB. As soon as I did that, everything was working A-OK. -----Original Message----- From: Thomas, Daniel J. [mailto:Daniel.Thomas@jhuapl.edu] Sent: Wednesday, February 13, 2002 11:17 AM To: 'Jan van Rensburg'; samba@lists.samba.org Subject: RE: [Samba] Winbind problems You might want to try not using the -U option when joining the domain. Instead, create the machine account on the NT server first, allow time for the account to propagate, then join. What should happen is the machine account password that NT uses should be copied to the /private directory and smbpasswd should randomly generate a MACHINE.SID and send that back to the domain controller to store in it's machine database. I'm not convinced that -U works outside of linux. -Dan -----Original Message----- From: Jan van Rensburg [mailto:jan.van.rensburg@epiuse.com] Sent: Wednesday, February 13, 2002 5:37 AM To: samba@lists.samba.org Subject: [Samba] Winbind problems Hi, I'd appreciate any help getting winbind to work on Solaris 8 (Sparc). I've followed the HOWTOs and other documents on the web but can't seem to get even the basic functionality going. Some platform info: $ uname -a SunOS epiuse-sun 5.8 Generic_108528-12 sun4u sparc SUNW,UltraAX-i2 $ smbd -V Version 2.2.3a On the NT side it is win2k with an ADS tree. My samba config: $ more /opt/samba/lib/smb.conf [global] workgroup = domain netbios name = solaris load printers = no log file = /opt/samba/var/log.%m max log size = 50 security = domain password server = nt encrypt passwords = yes domain logons = no interfaces = 10.5.3.6 local master = no domain master = no name resolve order = lmhosts wins bcast host wins server = 10.5.1.1 winbind separator = + winbind cache time = 10 template shell = /bin/false template homedir = /home/%D/%U winbind uid = 10000-20000 winbind gid = 10000-20000 now what i did: $ /etc/init.d/samba stop Stopping Samba $ rm /opt/samba/private/* $ smbpasswd -D 4 -j domain -r nt -U w2kadmin added interface ip=10.5.3.6 bcast=10.5.3.255 nmask=255.255.255.0 Password: resolve_lmhosts: Attempting lmhosts lookup for name nt<0x20> startlmhosts: Can't open lmhosts file /opt/samba/lib/lmhosts. Error was No such file or directory resolve_wins: Attempting wins lookup for name nt<0x20> resolve_wins: WINS server == <10.5.1.1> bind succeeded on port 0 nmb packet from 10.5.1.1(137) header: id=6870 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=NT<20> rr_type=32 rr_class=1 ttl=5783 answers 0 char ...... hex 00000A050303 Got a positive name query response from 10.5.1.1 ( 10.5.3.3 ) Connecting to 10.5.3.3 at port 445 session setup ok Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Joined domain DOMAIN. $ /etc/init.d/samba start Starting Samba $ wbinfo -t Secret is bad 0xc0000001 $ wbinfo -u Error looking up domain users I've changed the domain name and the names of the 2 servers above to make it easier to follow (the problem does not seem to be with name resolution). I get these results even when I delete the Solaris machine from the ADS tree, or if I add it to the ADS tree manually with the backwards compatibility check. I'm running my winbindd logs at debug level 1, and I have messages like these: [2002/02/11 07:17:59, 1] nsswitch/winbindd_util.c:get_domain_info(137) getting trusted domain list [2002/02/11 07:17:59, 1] libsmb/cliconnect.c:cli_establish_connection(867) failed tcon_X [2002/02/11 07:18:08, 1] nsswitch/winbindd_util.c:get_domain_info(137) getting trusted domain list Any ideas? Thank you, Jan van rensburg -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 4678 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20020213/bfc502f9/attachment.bin
List, I am new to this list, so please forgive me if this has been mulched over several thousand times. Here is my issues. 1> When doing a getent passwd or group, sometimes it works, some times it doesnt. Meaning, when I issue these commands, sometimes is lists the Domain info and sometimes it just lists the local unix info. This might be a contributing issues for the next problem. 2> I can use winbind info for shares and such, but when I use the PAM_WINBIND.SO to try and authenticate domain users for SSH access, I get an access denied. This is some output from the messages log file... Jun 25 10:34:53 alblinux sshd(pam_unix)[1564]: check pass; user unknown Jun 25 10:34:53 alblinux sshd(pam_unix)[1564]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address' Jun 25 10:34:53 alblinux pam_winbind[1564]: user 'DOMAIN+username' granted acces Jun 25 10:36:48 alblinux sshd(pam_unix)[1574]: check pass; user unknown Jun 25 10:36:48 alblinux sshd(pam_unix)[1574]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address' Jun 25 10:36:48 alblinux pam_winbind[1574]: user 'DOMAIN+username' granted acces Jun 25 10:36:53 alblinux sshd(pam_unix)[1574]: check pass; user unknown Jun 25 10:36:53 alblinux pam_winbind[1574]: user 'DOMAIN+username' granted acces Jun 25 10:36:59 alblinux sshd(pam_unix)[1574]: 1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address' Jun 25 10:37:20 alblinux login(pam_unix)[1056]: check pass; user unknown Jun 25 10:37:20 alblinux login(pam_unix)[1056]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= Jun 25 10:37:23 alblinux pam_winbind[1056]: user 'DOMAIN+username' granted acces Jun 25 10:37:25 alblinux login[1056]: FAILED LOGIN 1 FROM (null) FOR DOMAIN+username, Authentication failure Jun 25 10:37:34 alblinux login(pam_unix)[1056]: check pass; user unknown Jun 25 10:37:34 alblinux login(pam_unix)[1056]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= Jun 25 10:37:36 alblinux pam_winbind[1056]: request failed, PAM error was 4, NT error was NT_STATUS_INVALID_PARAMETER Jun 25 10:37:36 alblinux pam_winbind[1056]: internal module error (retval = 4, user = `nt username' Jun 25 10:37:39 alblinux login[1056]: FAILED LOGIN 2 FROM (null) FOR nt username, Authentication failure Jun 25 10:39:48 alblinux sshd: sshd -TERM succeeded Jun 25 10:39:48 alblinux sshd: succeeded Jun 25 10:40:00 alblinux sshd(pam_unix)[1605]: check pass; user unknown Jun 25 10:40:00 alblinux sshd(pam_unix)[1605]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost='ip address' Jun 25 10:40:00 alblinux pam_winbind[1605]: user 'DOMAIN+username' granted acces Jun 25 10:41:23 alblinux samba(pam_unix)[1625]: session opened for user DOMAIN+username by (uid=0) Jun 25 10:43:27 alblinux su(pam_unix)[1169]: session closed for user root Jun 25 10:43:29 alblinux sshd(pam_unix)[1065]: session closed for user 'unix username' Here is my smb.conf file. [global] smb passwd file = /etc/samba/smbpasswd wins server = 'wins ip adrress passwd program = /usr/bin/passwd %u pam password change = yes printing = lprng dns proxy = no encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap max log size = 0 preferred master = no password server = ALBPDC01 obey pam restrictions = yes passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* security = domain unix password sync = Yes server string = ALBLINUX_Samba Server workgroup = ALBDOMNT netbios name = alblinux log file = /var/log/samba/%m.log load printers = yes os level = 33 # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 10000 to 20000 for domain users winbind uid = 10000-20000 # use gids from 10000 to 20000 for domain groups winbind gid = 10000-20000 # allow enumeration of winbind users and groups # might need to disable these next two for performance # reasons on the winbindd host winbind enum users = no winbind enum groups = no # give winbind users a real shell (only needed if they have telnet/sshd/etc... access) template homedir = /home/winnt/%D/%U template shell = /bin/bash here is my pam.d login and ssh config files Login: #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_winbind.so password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so SSHD: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_winbind.so password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_limits.so session optional /lib/security/pam_console.so Hope someone can help... Thanks In Advance. Joe Giles jgiles@joeman1.com AOL ID: mcigiles
I am also having winbind problems. I cannot get a list of domain users, I seem to get Only a hex number. wbinfo - t Secret is Good wbinfo -n DOMAINUSERNAME gives me the users sid wbinfo -m no results wbinfo -a domain+user%password Plaintext password authentication succeeded wbinfo -u or -g 0xc0000022 getent passwd lists only local users getent group lists only local groups. ------------------------ -- Kenny Mann