samba - Jan 2003 - Winbind & Samba 2.2.7a on FreeBSD

Hello all,

I've got a weird problem with a fresh install of Samba
from the FreeBSD ports collection (btw. the BSD-box is
also a fresh 4.7 Stable install).

Configured Samba 2.2.7a
- without cups
- with winbind
- with winbind-auth
- with audit
so far, the installation seemed to work fine...

Then I copied the libnss_winbind.so to /usr/lib
and softlinked it to /usr/local/lib as well as
to the other files mentioned in the howto (with 
the .so.1 and .so.2 endings). FreeBSD has no /lib 
directory, so I used the ones below /usr and /usr/local.

I left out the pam step because I just want to provide
the file-serving capabilities of samba to the clients
(hope this is correct - this is my first time playing around 
with winbind because I'm bored with syncronizing NT&Unix 
Accounts).

Then, I joined the domain with
smbpasswd -j MYDOM -r NT4PDC -U Administrator (supplied the 
correct password) and got the success message.

The wbinfo otions -u, -g, -t, -a (challenge/response & plaintext)
do all work fine.
But when I want to connect from a w2ksp2-machine to Samba, it doesn't
seem to hand over the provided user credentials to winbindd (same with
smbclient on localhost).

So here are some questions:
- I don't need the pam configuration if I don't want other services to 
  be authenticated with winbind, do I?
- I don't need more winbind uid's and gid's than Users and Groups on
  the PDC?
- If I enable the "winbind use default domain" option, I don't
need to
  add the NT-Domainname to the Usernames in valid/admin users, do I?
- Which is a good loglevel to see where the authentication fails?
- Any other hints from more experienced samba/winbind/freebsd(non-linux)
  users (maybe you have a look at my smb.conf below)?

btw here's my smb.conf:

[global]
	workgroup = MYDOM
	netbios name = FOO
	interfaces = xl0
	bind interfaces only = Yes
	security = DOMAIN
	encrypt passwords = Yes
	update encrypted = Yes
	password server = NT4PDC, NT4BDC
	wins server = NT4PDC
	winbind uid = 15000-15050
	winbind gid = 15000-15050
	template shell = /sbin/nologin
	winbind separator = +
	winbind cache time = 5
	winbind use default domain = Yes

[sysroot$]
	path = /
	valid users = Admin1, Admin2
	admin users = Admin1, Admin2
	read only = No

[raid$]
	path = /raid
	valid users = Admin1, Admin2
	admin users = Admin1, Admin2
	read only = No


any hints?
would be great ;-)
Wolfram

----- Original Message -----
From: "Wolfram A. Kraushaar" <w_k@gmx.net>
To: <samba@lists.samba.org>
Sent: Friday, January 03, 2003 1:12 AM
Subject: [Samba] Winbind & Samba 2.2.7a on FreeBSD

> Hello all,
>
> I've got a weird problem with a fresh install of Samba
> from the FreeBSD ports collection (btw. the BSD-box is
> also a fresh 4.7 Stable install).
>
> Configured Samba 2.2.7a
> - without cups
> - with winbind
> - with winbind-auth
> - with audit
> so far, the installation seemed to work fine...
>
> Then I copied the libnss_winbind.so to /usr/lib
> and softlinked it to /usr/local/lib as well as
> to the other files mentioned in the howto (with
> the .so.1 and .so.2 endings). FreeBSD has no /lib
> directory, so I used the ones below /usr and /usr/local.
>

libnss_winbind and therefore the auto-magic account mapping won't work on
FreeBSD because FBSD doesn't have functioning nss support.

The winbindd daemon runs fine, but is relegated to being used as a PAM
auth source, or Squid auth source due to the lack of nss support in the
OS.

Jerry