Sean Patrick Ingles
2002-Nov-05 20:58 UTC
FW: [Samba] getent not working / winbindd issues
I was looking through all my SaMBa documentation with a fine-tooth comb, and I noticed there is a line in the HOWTO, Section 12.4.3 "Pluggable Authentication Modules" in the last paragraph it states: "PAM is configured by providing control files in the directory /etc/pam.d/ for each of the services that require authentication. When an authentication request is made by an application the PAM code in the C library looks up this control file to determine what modules to load to do the authentication check and in what order. This interface makes adding a new authentication service for Winbind very easy, all that needs to be done is that the pam_winbind.so module is copied to /lib/security/ and the PAM control files for relevant services are updated to allow authentication via winbind. See the PAM documentation for more details." What exactly are the "relevant services" for SaMBa? I've only been updating the "/etc/pam.d/login" file. Below is my original question, which remains un-answered and I can't seem to find any solution to it :( Looks like I'll just have to deploy this fileserver with 2 logins, 1 to the domain and 1 to the fileserver :( -SP -----Original Message----- From: Sean Patrick Ingles Sent: Tuesday, November 05, 2002 10:55 AM To: samba@samba.org Subject: [Samba] getent not working / winbindd issues I first start smbd -D and nmbd -D Then I start winbindd Then I join the domain (smbpasswd -j DOMAIN -r DOMAINCONTROLLER -U Administrator) It works Then I check my Secret (wbinfo -t) and it's good Then I list users and groups (wbinfo -u and wbinfo -g) and it works fine However I still cannot get "getent passwd" and "getent group" working, it just lists the local users or groups and hangs... I verified that the libraries were in the /lib folder and symlinked, and here is the output from ldconfig: [root@tux samba]# ldconfig -v | grep winbind libnss_winbind.so -> libnss_winbind.so I restarted winbindd and typed "getent passwd" and it just lists my local passwords and hangs. Nothing is generated in my log.winbindd when I do this either. I am also noticing that _occasionally_ the box will not allow anyone to login until after I kill winbindd and sometimes winbindd locks up most of the processor until I KILL -9 it. uname -a: Linux tux.#########.net 2.4.19 #1 Fri Oct 25 15:39:52 EDT 2002 i686 unknown Here is my /etc/nsswitch.conf (abbreviated): passwd: files winbind shadow: files winbind group: files winbind Here is my smb.conf: [global] workgroup = vsionline server string = Samba %v -- TEST -- security = domain password server = vsi-vsi-albany winbind uid = 10000-20000 winbind gid = 10000-20000 winbind separator = + winbind cache time = 10 winbind enum users = Yes winbind enum groups = Yes For reference, here is my /etc/pam.d/login: [root@tux pam.d]# cat login #%PAM-1.0 auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so [root@tux pam.d]# Any assistance anyone can provide will be much appreciated! -SP ========================================================== \ / ____/ / Sean Patrick Ingles \ / / / Jr. Network Engineer \ / ___ / / \ / / / Vision Systems, Inc. __/ ____/ _/ 142 State Street Albany, NY 12207 www.visionsys.com Landline: +1 518.434.4300 x1406 ingless@visionsys.com Fax: +1 518.434.4304 =========================================================-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba