Brent Ross (Edm)
2002-Nov-20 19:30 UTC
[Samba] Does anyone have winbind working on Freebsd?
I have been trying to setup a Samba 2.2.6 server on FreeBSD 4.7. I want to use my NT4 domain for authentication of users. It looks like everything is setup properly as far as winbind is concerned, see below for results using wbinfo. I am still prompted for a password when trying to connect to the samba share. I cannot list the shares using "smbclient -L servername -Udomain+username" either, I get a server timeout error and the following error in my log.smbd: error connecting to 10.110.22.7:445 (Invalid argument) Using "getent passwd" only returns the unix users, not any domain users. I configured samba using --with-winbind and --with-winbind-auth-challenge, and followed "Unified logons between NT and Unix using winbind". Joined the samba server to my NT domain successfully. Freebsd 4.7 does not have a /lib folder so at the step for copying libnss_winbind.so to the /lib folder, I am copying to /usr/local/lib. I have also tried using the following folders: /usr/lib /usr/compat/linux/usr/lib /usr/compat/linux/lib but it still doesn't work. Does anyone have any idea why I am receiving the above error? I'm sure if I could correct the error this would all work, and if I could get "getent passwd" to show my domain users as well as just the local unix users, again this would be working. TIA for any help. wbinfo -t returns "Secret is good" wbinfo -u returns a list of all my domain users wbinfo -g returns a list of all domain groups wbinfo -a mydomain+myuser%mypassword returns success for both plaintext and challenge/response Here's my smb.conf: # Samba config file created using SWAT # from 10.110.22.40 (10.110.22.40) # Date: 2002/11/16 15:19:26 # Global parameters [global] workgroup = MYDOMAIN security = DOMAIN encrypt passwords = Yes password server = * winbind uid = 10000-20000 winbind gid = 10000-20000 winbind separator = + winbind enum users = yes winbind enum groups = yes log level = 2 wins server = 192.168.0.7 [work] path = /usr/work valid users = "Domain Users" read only = No Here's my log.smbd: [2002/11/16 15:59:13, 2] param/loadparm.c:do_section(3055) Processing section "[work]" [2002/11/16 15:59:13, 2] lib/interface.c:add_interface(81) added interface ip=10.110.22.78 bcast=10.110.23.255 nmask=255.255.254.0 [2002/11/16 15:59:48, 2] smbd/reply.c:reply_special(92) netbios connect: name1=EDM-GEO name2=EDM-02 [2002/11/16 15:59:48, 2] smbd/reply.c:reply_special(111) netbios connect: local=edm-geo remote=edm-02 [2002/11/16 15:59:48, 2] libsmb/namequery.c:name_query(421) Got a positive name query response from 10.110.22.7 ( 10.110.22.7 ) [2002/11/16 15:59:48, 2] lib/util_sock.c:open_socket_out(874) error connecting to 10.110.22.7:445 (Invalid argument) [2002/11/16 15:59:54, 2] smbd/service.c:make_connection(331) Invalid username/password for work [nobody] [2002/11/16 15:59:56, 2] smbd/service.c:make_connection(331) Invalid username/password for work [nobody] [2002/11/16 16:00:47, 2] smbd/server.c:exit_server(461) Closing connections
I went through this whole thing a couple of months ago. The problem is that you don't have a good nsswitch working on FreeBSD. The nsswitch on FreeBSD does not do dynamic loadable modules, as the way Linux do. The manual you followed is for Linux users. Richard Sharpe gave me a hint to fix this. Basically you need to change source code, so that smbd knows to check with winbind for the domain user. However, no other daemons on your FreeBSD box will be able to use the domain user, as if you have a good nsswitch. Last time I checked, there is nobody in the FreeBSD community working on improving nsswitch. Let me know if you need further help. Chere> From: "Brent Ross (Edm)" <bross@UMAGroup.com> > To: "'samba@lists.samba.org'" <samba@lists.samba.org> > Date: Wed, 20 Nov 2002 12:29:13 -0700 > Subject: [Samba] Does anyone have winbind working on Freebsd? > > I have been trying to setup a Samba 2.2.6 server on FreeBSD 4.7. I want to > use my NT4 domain for authentication of users. It looks like everything is > setup properly as far as winbind is concerned, see below for results using > wbinfo. I am still prompted for a password when trying to connect to the > samba share. I cannot list the shares using "smbclient -L servername > -Udomain+username" either, I get a server timeout error and the following > error in my log.smbd: > error connecting to 10.110.22.7:445 (Invalid argument) > Using "getent passwd" only returns the unix users, not any domain users. I > configured samba using --with-winbind and --with-winbind-auth-challenge, > and followed "Unified logons between NT and Unix using winbind". Joined the > samba server to my NT domain successfully. Freebsd 4.7 does not have a /lib > folder so at the step for copying libnss_winbind.so to the /lib folder, I > am copying to /usr/local/lib. I have also tried using the following > folders: /usr/lib > /usr/compat/linux/usr/lib > /usr/compat/linux/lib > but it still doesn't work. Does anyone have any idea why I am receiving the > above error? I'm sure if I could correct the error this would all work, and > if I could get "getent passwd" to show my domain users as well as just the > local unix users, again this would be working. TIA for any help. > > wbinfo -t returns "Secret is good" > wbinfo -u returns a list of all my domain users > wbinfo -g returns a list of all domain groups > wbinfo -a mydomain+myuser%mypassword returns success for both plaintext and > challenge/response > > Here's my smb.conf: > # Samba config file created using SWAT > # from 10.110.22.40 (10.110.22.40) > # Date: 2002/11/16 15:19:26 > > # Global parameters > [global] > workgroup = MYDOMAIN > security = DOMAIN > encrypt passwords = Yes > password server = * > winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind separator = + > winbind enum users = yes > winbind enum groups = yes > log level = 2 > wins server = 192.168.0.7 > > [work] > path = /usr/work > valid users = "Domain Users" > read only = No > > Here's my log.smbd: > [2002/11/16 15:59:13, 2] param/loadparm.c:do_section(3055) > Processing section "[work]" > [2002/11/16 15:59:13, 2] lib/interface.c:add_interface(81) > added interface ip=10.110.22.78 bcast=10.110.23.255 nmask=255.255.254.0 > [2002/11/16 15:59:48, 2] smbd/reply.c:reply_special(92) > netbios connect: name1=EDM-GEO name2=EDM-02 > [2002/11/16 15:59:48, 2] smbd/reply.c:reply_special(111) > netbios connect: local=edm-geo remote=edm-02 > [2002/11/16 15:59:48, 2] libsmb/namequery.c:name_query(421) > Got a positive name query response from 10.110.22.7 ( 10.110.22.7 ) > [2002/11/16 15:59:48, 2] lib/util_sock.c:open_socket_out(874) > error connecting to 10.110.22.7:445 (Invalid argument) > [2002/11/16 15:59:54, 2] smbd/service.c:make_connection(331) > Invalid username/password for work [nobody] > [2002/11/16 15:59:56, 2] smbd/service.c:make_connection(331) > Invalid username/password for work [nobody] > [2002/11/16 16:00:47, 2] smbd/server.c:exit_server(461) > Closing connections >