David Edward Shapiro
2002-Feb-15 12:36 UTC
[Samba] Samba help for domain user setup (samba 3.x)
How do I interpret what this mean? @"prfmstrt2+Domain Users" What is prfmstrt2? Is that a group created in /etc/group? I take it the + is a winbind seperator. What is the manner of assigning domain users to have access to a share? Do I still need to create the domain user name in /etc/passwd, assign it to a group in /etc/group? Do I need to use smbgroupedit to make the domain group? This is all very confusing. I would think the goal would be to set up a share, like share1 below, and then put something like valid users = "DOMAIN+Domain Users" without adding users to /etc/passwd or adding stuff to /etc/group using winbindd. Is that not how you do it? [share1] comment = "what ever" path = /mnt/share1 create mask = 0777 browseable = yes read list = @"prfmstr2+Domain Users" valid users = @"prfmstr2+Domain Users" Any hint on why all my questions previously have gone unanswered would be helpful too. Am I sending to the wrong group or something? David
David Edward Shapiro
2002-Feb-18 06:07 UTC
[Samba] Samba help for domain user setup (samba 3.x)
Thanks for the unfriendly response. Appreciate it. It must be difficult responding to the lowly masses who ask stupid and petty questions and fail to read all information pertaining to samba before daring to approach the likes of you. Someday we can join you in your grand samba tower of might... ... Anyway, I did read docs and search the list, but being new to samba, it was not clear what area of the vast amount of data to read--in that, is it a winbind issue, a syntax issue (i.e., quotes in the wrong place), a library missing issue, etc. The problem is that I could not get it to work on my system by changing prfmstrt2 to my domain (INS). My wbinfo -u/-g returns user and group information I tried getent passwd, and that displays just the users in /etc/passwd. I suspect winbindd is not working correctly yet because I suspect I am supposed to see domain user information with the getent passwd command. -----Original Message----- From: Josh Konkol [mailto:susesambaboy@yahoo.com] Sent: Monday, February 18, 2002 9:29 AM To: David Edward Shapiro Subject: Re: [Samba] Samba help for domain user setup (samba 3.x) Have you read any of the documentation ?? In this case PRMFSTR2 is the Domain Name. It's just an example. The example is pretty straight forward. For users you want to have Read Only access you put them in the read list, for users you want to have Read/Write you put in them in the write list. I don't know what your question is. Josh On Friday 15 February 2002 14:27, you wrote:> How do I interpret what this mean? > > @"prfmstrt2+Domain Users" > > What is prfmstrt2? Is that a group created in /etc/group? I take it the+> is a winbind seperator. What is the manner of assigning domain users to > have access to a share? Do I still need to create the domain user name in > /etc/passwd, assign it to a group in /etc/group? Do I need to use > smbgroupedit to make the domain group? This is all very confusing. I > would think the goal would be to set up a share, like share1 below, and > then put something like valid users = "DOMAIN+Domain Users" without adding > users to /etc/passwd or adding stuff to /etc/group using winbindd. Isthat> not how you do it? > > > [share1] > comment = "what ever" > path = /mnt/share1 > create mask = 0777 > browseable = yes > read list = @"prfmstr2+Domain Users" > valid users = @"prfmstr2+Domain Users" > > Any hint on why all my questions previously have gone unanswered would be > helpful too. Am I sending to the wrong group or something? > > David_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
I agree that Winbindd appears to be working fine. What happens when you browse to the share and try to open it? Does it ask you for a username and password or just say access is denied. What are the permissions on /var/switch/INTEC_DB/UNEP set to? For the purpose of this test I would chmod 777 /var/switch/INETC_DB/UNEP. You can always change this later after we get it working. I need to see the part of the log.winbindd where you are trying to connect. Stop winbindd, then delete the log, start it again, try to connect then send me a copy of the log. Josh On Monday 18 February 2002 09:24, you wrote:> Well, just for the record, you aren't so bad after all. Anyway, just like > when you go to the doctor, you give symptoms and look for a diagnosis. Not > being a doctor myself of samba, I am not sure what is the right information > you need. I ran winbindd with -d3 and I have attached log.winbindd and > log.bti-c2433 (workstation trying to connect). The winbindd log has the > smb.conf. > > wbinfo -t got good secret > wbinfo -u | grep -i davidsha gets: INS+DavidSha > wbinfo -g | grep -i "domain users": INS+Domain Users > > Note: I did ask about handle_source_env and how to fix that error, but go > no responses. > > David > > > > -----Original Message----- > From: Josh Konkol [mailto:susesambaboy@yahoo.com] > Sent: Monday, February 18, 2002 10:31 AM > To: David Edward Shapiro > Cc: samba@lists.samba.org > Subject: Re: [Samba] Samba help for domain user setup (samba 3.x) > > > OK, Is your winbindd daemon running ? To check this run: > > ps -ae | grep winbindd > > It should return your PID for winbindd. If it doesn't then you need to > start > winbindd using: > > /usr/local/samba/bin/winbindd -d3 > > I use -d3 becuase it gives you SOME info on what winbind is doing, but not > too much. Plus, this will force winbindd to create the log: > > /usr/local/samba/var/log.winbindd > > The purpose of winbind is to allow you to use your NT Domain users, you do > NOT have to create any local users or groups, these will be looked up in > the > > NT Domain. > > What is the result of: > > wbinfo -t > > It should return the secret is good. > > A copy of your smb.conf might be helpful to see what your settings are. > > > Just for the record, I don't consider myself to be ANY type of Samba guru. > Just like 90% of the people on this list what I know now is from reading, > trial and error. I suspect the reason you didn't get any responses until > mine is because you didn't provide enough information about your problem. > > Seemingly snobby yet trying to be helpful, > > Josh > > On Monday 18 February 2002 07:58, David Edward Shapiro wrote: > > Thanks for the unfriendly response. Appreciate it. It must be difficult > > responding to the lowly masses who ask stupid and petty questions and > > fail to read all information pertaining to samba before daring to > > approach the likes of you. Someday we can join you in your grand samba > > tower of might... > > > > ... Anyway, I did read docs and search the list, but being new to samba, > > it > > > was not clear what area of the vast amount of data to read--in that, is > > it a winbind issue, a syntax issue (i.e., quotes in the wrong place), a > > library missing issue, etc. The problem is that I could not get it to > > work > > > on my system by changing prfmstrt2 to my domain (INS). My wbinfo -u/-g > > returns user and group information I tried getent passwd, and that > > displays just the users in /etc/passwd. I suspect winbindd is not > > working correctly yet because I suspect I am supposed to see domain user > > information with the getent passwd command. > > > > -----Original Message----- > > From: Josh Konkol [mailto:susesambaboy@yahoo.com] > > Sent: Monday, February 18, 2002 9:29 AM > > To: David Edward Shapiro > > Subject: Re: [Samba] Samba help for domain user setup (samba 3.x) > > > > > > Have you read any of the documentation ?? > > > > In this case PRMFSTR2 is the Domain Name. It's just an example. The > > example > > is pretty straight forward. For users you want to have Read Only access > > you > > > > put them in the read list, for users you want to have Read/Write you put > > in > > > them in the write list. I don't know what your question is. > > > > Josh > > > > On Friday 15 February 2002 14:27, you wrote: > > > How do I interpret what this mean? > > > > > > @"prfmstrt2+Domain Users" > > > > > > What is prfmstrt2? Is that a group created in /etc/group? I take it > > the > > > + > > > > > is a winbind seperator. What is the manner of assigning domain users > > > to have access to a share? Do I still need to create the domain user > > > name in /etc/passwd, assign it to a group in /etc/group? Do I need to > > > use smbgroupedit to make the domain group? This is all very confusing. > > > I would think the goal would be to set up a share, like share1 below, > > > and then put something like valid users = "DOMAIN+Domain Users" without > > > adding users to /etc/passwd or adding stuff to /etc/group using > > winbindd. > > > > Is > > > > that > > > > > not how you do it? > > > > > > > > > [share1] > > > comment = "what ever" > > > path = /mnt/share1 > > > create mask = 0777 > > > browseable = yes > > > read list = @"prfmstr2+Domain Users" > > > valid users = @"prfmstr2+Domain Users" > > > > > > Any hint on why all my questions previously have gone unanswered would > > be > > > > helpful too. Am I sending to the wrong group or something? > > > > > > David > > > > _________________________________________________________ > > Do You Yahoo!? > > Get your free @yahoo.com address at http://mail.yahoo.com > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
David Edward Shapiro
2002-Feb-18 12:03 UTC
[Samba] Samba help for domain user setup (samba 3.x)
Yes, I restated samba. I just made a softlink in /lib to /usr/local/samba/source/nsswitch/libnss_winbind.so with the commands: cd /lib ln -s /usr/local/samba/source/nsswitch/libnss_winbind.so . Is that correct? Do I really need to reboot the system? -----Original Message----- From: Josh Konkol [mailto:susesambaboy@yahoo.com] Sent: Monday, February 18, 2002 3:46 PM To: David Edward Shapiro Subject: Re: [Samba] Samba help for domain user setup (samba 3.x) After you made that change in nsswitch did you restart smb ?? One thing I remember having to do was reboot after I got my setup done. At that point everything appeared to be working but the libnss_winbind.so wasn't being registered (or whatever you want to call it). Josh On Monday 18 February 2002 13:22, you wrote:> I had winbindd in /etc/nsswitch.conf. I changed them to use winbind > instead. I still get a invalid user/password prompt. Here is thelog.smbd> after a connection attempt from workstation bti-c2433 as davidsha (domain > INS). > > David > > > > -----Original Message----- > From: Josh Konkol [mailto:susesambaboy@yahoo.com] > Sent: Monday, February 18, 2002 2:26 PM > To: David Edward Shapiro > Subject: Re: [Samba] Samba help for domain user setup (samba 3.x) > > > I don't see anywhere in the logs where you tried to connect. > > Maybe I'm missing it I'm not sure. > > There are two things to verify: > > /etc/nsswitch.conf should contain the following: > > passwd: files winbind > shadow: files winbind > group: files winbind > > # passwd: compat > # group: compat > > > /etc/pam.d/samba should resemble the following: > > auth required /lib/security/pam_winbind.so > auth required /lib/security/pam_stack.so service=system-auth > account required /lib/security/pam_winbind.so > account required /lib/security/pam_stack.so service=system-auth > > > The part of the log I'm interested in is after you've tried to connect.It> appears as thought I'm seeing the inital daemon loads only. Please sendme> the log.smbd ONE more time, but this time make sure you've tried toconnect> to the share first before sending it. > > Josh > > > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
David Edward Shapiro
2002-Feb-18 12:12 UTC
[Samba] Samba help for domain user setup (samba 3.x)
I ran ldconfig and then ldconfig -p | grep winbind, and I saw that the libnss_winbind.so was registered. This may be what you needed to do instead of rebooting. It still reports and invalid user (I stopped/started samba after the ldconfig command). I ran getent passwd INS+DavidSha, but that returns nothing. wbinfo -u, which used to return INS+DavidSha, now lists the domain users but without the INS tacked on. David -----Original Message----- From: Josh Konkol [mailto:susesambaboy@yahoo.com] Sent: Monday, February 18, 2002 3:46 PM To: David Edward Shapiro Subject: Re: [Samba] Samba help for domain user setup (samba 3.x) After you made that change in nsswitch did you restart smb ?? One thing I remember having to do was reboot after I got my setup done. At that point everything appeared to be working but the libnss_winbind.so wasn't being registered (or whatever you want to call it). Josh On Monday 18 February 2002 13:22, you wrote:> I had winbindd in /etc/nsswitch.conf. I changed them to use winbind > instead. I still get a invalid user/password prompt. Here is thelog.smbd> after a connection attempt from workstation bti-c2433 as davidsha (domain > INS). > > David > > > > -----Original Message----- > From: Josh Konkol [mailto:susesambaboy@yahoo.com] > Sent: Monday, February 18, 2002 2:26 PM > To: David Edward Shapiro > Subject: Re: [Samba] Samba help for domain user setup (samba 3.x) > > > I don't see anywhere in the logs where you tried to connect. > > Maybe I'm missing it I'm not sure. > > There are two things to verify: > > /etc/nsswitch.conf should contain the following: > > passwd: files winbind > shadow: files winbind > group: files winbind > > # passwd: compat > # group: compat > > > /etc/pam.d/samba should resemble the following: > > auth required /lib/security/pam_winbind.so > auth required /lib/security/pam_stack.so service=system-auth > account required /lib/security/pam_winbind.so > account required /lib/security/pam_stack.so service=system-auth > > > The part of the log I'm interested in is after you've tried to connect.It> appears as thought I'm seeing the inital daemon loads only. Please sendme> the log.smbd ONE more time, but this time make sure you've tried toconnect> to the share first before sending it. > > Josh > > > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
David Edward Shapiro
2002-Feb-18 12:35 UTC
[Samba] Samba help for domain user setup (samba 3.x)
The softlink to so.2 fixed the problem...sheesh! I tried ./configure --with-ssl --with-winbind --with-smbmount --with-automount --with-smbwrapper --with-ssl failed with util errors. I don't know how to fix this. I tried again without --with-ssl and that is what I am working with now. What does --with-acl-support or --with-pam get me? Do you know what is needed to get the --with-ssl working? David -----Original Message----- From: Josh Konkol [mailto:susesambaboy@yahoo.com] Sent: Monday, February 18, 2002 4:02 PM To: David Edward Shapiro Cc: samba@lists.samba.org Subject: Re: [Samba] Samba help for domain user setup (samba 3.x) When I set it up, I copied libnss_winbind.so to the /lib directory. I also found somewhere where they told me to do this to: ln -s libnss_winbind.so libnss_winbind.so.2 I ran the ldconfig as it says to in the instructions to make pam_winbind.so available, but it didn't work on my system, rebooting solved that problem for me. Maybe we need to take a step back, what options did you use when you configured samba to begin with ?? ./configure --with-pam --with-winbind --with-acl-support This is what I ran, I have my kernel patched to allow for acl support, you may not need that option. Josh On Monday 18 February 2002 13:53, you wrote:> Yes, I restated samba. I just made a softlink in /lib to > /usr/local/samba/source/nsswitch/libnss_winbind.so with the commands: > > cd /lib > ln -s /usr/local/samba/source/nsswitch/libnss_winbind.so . > > Is that correct? > > Do I really need to reboot the system? > > -----Original Message----- > From: Josh Konkol [mailto:susesambaboy@yahoo.com] > Sent: Monday, February 18, 2002 3:46 PM > To: David Edward Shapiro > Subject: Re: [Samba] Samba help for domain user setup (samba 3.x) > > > After you made that change in nsswitch did you restart smb ?? > > One thing I remember having to do was reboot after I got my setup done.At> that point everything appeared to be working but the libnss_winbind.so > wasn't > being registered (or whatever you want to call it). > > Josh > > On Monday 18 February 2002 13:22, you wrote: > > I had winbindd in /etc/nsswitch.conf. I changed them to use winbind > > instead. I still get a invalid user/password prompt. Here is the > > log.smbd > > > after a connection attempt from workstation bti-c2433 as davidsha(domain> > > > > INS). > > > > David > > > > > > > > -----Original Message----- > > From: Josh Konkol [mailto:susesambaboy@yahoo.com] > > Sent: Monday, February 18, 2002 2:26 PM > > To: David Edward Shapiro > > Subject: Re: [Samba] Samba help for domain user setup (samba 3.x) > > > > > > I don't see anywhere in the logs where you tried to connect. > > > > Maybe I'm missing it I'm not sure. > > > > There are two things to verify: > > > > /etc/nsswitch.conf should contain the following: > > > > passwd: files winbind > > shadow: files winbind > > group: files winbind > > > > # passwd: compat > > # group: compat > > > > > > /etc/pam.d/samba should resemble the following: > > > > auth required /lib/security/pam_winbind.so > > auth required /lib/security/pam_stack.so service=system-auth > > account required /lib/security/pam_winbind.so > > account required /lib/security/pam_stack.so service=system-auth > > > > > > The part of the log I'm interested in is after you've tried to connect. > > It > > > appears as thought I'm seeing the inital daemon loads only. Please send > > me > > > the log.smbd ONE more time, but this time make sure you've tried to > > connect > > > to the share first before sending it. > > > > Josh > > > > > > > > > > _________________________________________________________ > > Do You Yahoo!? > > Get your free @yahoo.com address at http://mail.yahoo.com > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba