samba - Apr 2003 - Winbind/nsswitch issue on Solaris 9 (Sparc)

Hi all

I need to set up Samba on Solaris 9 (Sparc) as a Windows Domain Member. 
I took the precompiled 64-bit Package 
(samba-2.2.8a-1-sol8-suncc-64bit.pkg) from samba.org, which comes with 
pam-winbind libraries, and it installed fine.

I ran a test before with Samba 2.2.8 on Solaris 8 (Intel), but there I 
compiled myself with ./configure --with-winbind --with-pam --with-quotas 
--with-acl-support.

As this test machine runs ok, I took over its smb.config to a brand new 
Sun Blade 150, as well as the nsswitch setup, just as described in the 
Solaris-Winbind-HOWTO.

The box joined the domain ok, the demons are up and running, wbinfo 
-u/-g/-t give the expected output (Domain users/groups). But getent 
passwd/group give me only local users/groups. So I deinstalled the 
64-bit package, took the source 2.2.8a and compiled as follows:

# ./configure --sysconfdir=/etc/samba --localstatedir=/var/log/samba \
	--with-configdir=/etc/samba --with-pam \
	--with-winbind --with-acl-support --with-included-popt

... installed, and now getent shows local users and groups as well as 
the ones in the domain.

But as soon as I try to log on as a local user, nsswitch complains.

# grep winbind /etc/nsswitch.conf
passwd:     files winbind
group:      files winbind


# telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.


SunOS 5.9

login: coray
Supported configurations for passwd management are as follows:
     passwd: files
     passwd: files ldap
     passwd: files nis
     passwd: files nisplus
     passwd: compat
     passwd: compat AND
     passwd_compat: ldap OR
     passwd_compat: nisplus
Please check your /etc/nsswitch.conf file
Password:
Connection to localhost closed by foreign host.

Why does nsswitch know nothing about winbind?? Anybody installed Winbind 
successfully on Solaris 9?

Here are the details of my conf:

[global]
	workgroup = UB
	netbios name = UB-BLADE1
	server string = Test Samba SolSparc 9
	security = DOMAIN
	encrypt passwords = Yes
	map to guest = Bad User
	obey pam restrictions = Yes
	password server = *
	unix password sync = Yes
	log level = 3
	log file = /var/log/samba/%m.log
	max log size = 0
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	show add printer wizard = No
	add user script = /usr/local/samba/bin/add_user %u
	preferred master = No
	local master = No
	domain master = No
	wins server = x.x.x.x
	winbind uid = 10000-20000
	winbind gid = 10000-20000
	template homedir = /dev/null
	winbind separator = +
	admin users = UB+coray

[files]
	comment = %u=u %U=U %a=a %m=m %M=M %R=R %H=H
	path = /export/files
	write list = UB+coray
	hosts allow = x.x.x.

[EDV]
	path = /export/edv
	valid users = @"UB+UB EDV"
	read only = No
	browseable = No

[WWW]
	path = /export/www
	valid users = @UB+WWW
	read only = No
	browseable = No

[homes]
	comment = Home Directory for %U - TEST ONLY!
	path = /export/home/UB/%u
	valid users = %D+%U
	force user = %u
	read only = No
	create mask = 0664
	directory mask = 0775
	browseable = No

Just as I did with the successful test environment, I followed the 
instructions in the Solaris-Winbind-HOWTO:

# ls -l /lib
lrwxrwxrwx   1 root     root           9 Apr  8 14:33 /lib -> ./usr/lib

# for i in `find /usr/lib | grep winbind`; do ls -l $i;done
bash-2.05# for i in `find /usr/lib|grep winbind`;do ls -l $i;done
-rwxr-xr-x   1 root     other      25888 Apr 14 14:27 
/usr/lib/security/sparcv9/pam_winbind.so
-rwxr-xr-x   1 root     other      20640 Apr 14 14:05 
/usr/lib/libnss_winbind.so
lrwxrwxrwx   1 root     other         19 Apr 14 14:08 
/usr/lib/libnss_winbind.so.1 -> ./libnss_winbind.so
lrwxrwxrwx   1 root     other         19 Apr 14 14:08 
/usr/lib/libnss_winbind.so.2 -> ./libnss_winbind.so
lrwxrwxrwx   1 root     other         19 Apr 14 14:09 
/usr/lib/nss_winbind.so.1 -> ./libnss_winbind.so
lrwxrwxrwx   1 root     other         19 Apr 14 14:09 
/usr/lib/nss_winbind.so.2 -> ./libnss_winbind.so


I am not interested in Win domain users logging in to this machine, they 
just need to access their shares. So the pam_winbind.so library isn't 
necessary I guess...


Any hints are greatly appreciated!


Paul Coray
Administrator Server und Netzwerk

Oeffentliche Bibliothek der Universitaet Basel
EDV-Abteilung
Schoenbeinstrasse 18-20
CH-4056 Basel

Tel: +41 61 267 05 13
Fax: +41 61 267 31 03

mailto:paul.coray@unibas.ch
http://www.ub.unibas.ch

> From: Paul Coray [mailto:paul.coray@unibas.ch]
> # telnet localhost
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 
> 
> SunOS 5.9
> 
> login: coray
> Supported configurations for passwd management are as follows:
>      passwd: files
>      passwd: files ldap
>      passwd: files nis
>      passwd: files nisplus
>      passwd: compat
>      passwd: compat AND
>      passwd_compat: ldap OR
>      passwd_compat: nisplus
> Please check your /etc/nsswitch.conf file
> Password:
> Connection to localhost closed by foreign host.
> 
> Why does nsswitch know nothing about winbind?? Anybody installed Winbind
> successfully on Solaris 9?
There is a known problem, resolved by patch 113476-05, that causes this problem.
I ran into it and that patch fixed it.
> Paul Coray
-Steve Roylance