samba - Jan 2004 - winbind and Solaris 9 with AD

Hi

have been trying to get winbind working on Solaris 9 but to no effect.

version info:

samba: 3.0.0
openldap: 2.1.23
kerberos: MIT 1.3.1

Have followed the instructions in every howto, usenet posting I could
find:

nscd not running
created relevant links in /lib and /lib/security/sparcv9
applied patch for nsswitch as recommended

kinit -e works
net ads join works
wbinfo -t works
wbinfo -u gives list of all users in all trusted domains
getent doesn't work
samba authentication doesn't work - get the following in winbindd.log:

[2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379)
  NTLM CRAP authentication for user [DEV]\[test7] returned
NT_STATUS_OK (PAM: 0)
[2004/01/19 10:59:27, 3] nsswitch/winbindd_acct.c:(875)
  [ 3551]: create_user: user=>(test7), group=>()
[2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521)
  wb_getgrnam: Did not find group (nobody)

my smb.conf is:

workgroup = DEV
#workgroup = DEV.ANTS.AD.ANPLC.CO.UK
realm = DEV.ANTS.AD.ANPLC.CO.UK
security = ADS
password server = lonsd010.dev.ants.ad.anplc.co.uk
dns proxy = no
idmap gid = 70000-80000
idmap uid = 800000-900000
winbind cache time = 15
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = yes
log level = 9

[temp]
path = /tmp
read list = @users

[docs]
path = /var/tmp/samba-3.0.0
read list = @users

I would appreciate any pointers as to further debugging I could do or
possible problems as being able to use winbind to deal with samba
authentication would make life a great deal easier.




***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received this
communication in error, you should destroy it without copying, disclosing or
otherwise using its contents.  Please notify the sender immediately of the
error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or any
liability for such changes.  If you wish to confirm the origin or content of
this communication, please contact the sender by using an alternative means of
communication.

This communication does not create or modify any contract and, unless otherwise
stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National House,
2 Triton Square, Regents Place, London NW1 3AN.  Registered in England under
Company Registration Number: 2338548.  Regulated by the Financial Services
Authority (FSA).
***************************************************************************

I'm having trouble with this too but getent works for me, I'm not using
AD
though.  

Have you edited nsswitch.conf?  

Passwd: files winbind
Group: files winbind

I'm stuck on getting logging in working...Sun seems to think there may be
some bug with PAM.

-----Original Message-----
From: Unix Service (ANTS) [mailto:Unix.Services@ants.co.uk] 
Sent: 19 January 2004 12:13
To: 'samba@lists.samba.org'
Subject: [Samba] winbind and Solaris 9 with AD


Hi

have been trying to get winbind working on Solaris 9 but to no effect.

version info:

samba: 3.0.0
openldap: 2.1.23
kerberos: MIT 1.3.1

Have followed the instructions in every howto, usenet posting I could
find:

nscd not running
created relevant links in /lib and /lib/security/sparcv9 applied patch for
nsswitch as recommended

kinit -e works
net ads join works
wbinfo -t works
wbinfo -u gives list of all users in all trusted domains
getent doesn't work
samba authentication doesn't work - get the following in winbindd.log:

[2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379)
  NTLM CRAP authentication for user [DEV]\[test7] returned NT_STATUS_OK
(PAM: 0) [2004/01/19 10:59:27, 3] nsswitch/winbindd_acct.c:(875)
  [ 3551]: create_user: user=>(test7), group=>()
[2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521)
  wb_getgrnam: Did not find group (nobody)

my smb.conf is:

workgroup = DEV
#workgroup = DEV.ANTS.AD.ANPLC.CO.UK
realm = DEV.ANTS.AD.ANPLC.CO.UK
security = ADS
password server = lonsd010.dev.ants.ad.anplc.co.uk
dns proxy = no
idmap gid = 70000-80000
idmap uid = 800000-900000
winbind cache time = 15
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = yes
log level = 9

[temp]
path = /tmp
read list = @users

[docs]
path = /var/tmp/samba-3.0.0
read list = @users

I would appreciate any pointers as to further debugging I could do or
possible problems as being able to use winbind to deal with samba
authentication would make life a great deal easier.




***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received
this communication in error, you should destroy it without copying,
disclosing or otherwise using its contents.  Please notify the sender
immediately of the error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or
any liability for such changes.  If you wish to confirm the origin or
content of this communication, please contact the sender by using an
alternative means of communication.

This communication does not create or modify any contract and, unless
otherwise stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National
House, 2 Triton Square, Regents Place, London NW1 3AN.  Registered in
England under Company Registration Number: 2338548.  Regulated by the
Financial Services Authority (FSA).
***************************************************************************

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Hi,

I have the following libraries and links in /usr/lib and 
it works:

libnss_winbind.so
libnss_winbind.so.1 -> libnss_winbind.so
nss_winbind.so.1 -> libnss_winbind.so

/Patrik
On Mon, 2004-01-19 at 13:13, Unix Service (ANTS) wrote:
> Hi
> 
> have been trying to get winbind working on Solaris 9 but to no effect.
> 
> version info:
> 
> samba: 3.0.0
> openldap: 2.1.23
> kerberos: MIT 1.3.1
> 
> Have followed the instructions in every howto, usenet posting I could
> find:
> 
> nscd not running
> created relevant links in /lib and /lib/security/sparcv9
> applied patch for nsswitch as recommended
> 
> kinit -e works
> net ads join works
> wbinfo -t works
> wbinfo -u gives list of all users in all trusted domains
> getent doesn't work
> samba authentication doesn't work - get the following in winbindd.log:
> 
> [2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379)
>   NTLM CRAP authentication for user [DEV]\[test7] returned
> NT_STATUS_OK (PAM: 0)
> [2004/01/19 10:59:27, 3] nsswitch/winbindd_acct.c:(875)
>   [ 3551]: create_user: user=>(test7), group=>()
> [2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521)
>   wb_getgrnam: Did not find group (nobody)
> 
> my smb.conf is:
> 
> workgroup = DEV
> #workgroup = DEV.ANTS.AD.ANPLC.CO.UK
> realm = DEV.ANTS.AD.ANPLC.CO.UK
> security = ADS
> password server = lonsd010.dev.ants.ad.anplc.co.uk
> dns proxy = no
> idmap gid = 70000-80000
> idmap uid = 800000-900000
> winbind cache time = 15
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> encrypt passwords = yes
> log level = 9
> 
> [temp]
> path = /tmp
> read list = @users
> 
> [docs]
> path = /var/tmp/samba-3.0.0
> read list = @users
> 
> I would appreciate any pointers as to further debugging I could do or
> possible problems as being able to use winbind to deal with samba
> authentication would make life a great deal easier.
> 
> 
> 
> 
> ***************************************************************************
> This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received this
communication in error, you should destroy it without copying, disclosing or
otherwise using its contents.  Please notify the sender immediately of the
error.
> 
> Internet communications are not necessarily secure and may be intercepted
or changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or any
liability for such changes.  If you wish to confirm the origin or content of
this communication, please contact the sender by using an alternative means of
communication.
> 
> This communication does not create or modify any contract and, unless
otherwise stated, is not intended to be contractually binding.
> 
> Abbey National Treasury Services plc. Registered Office:  Abbey National
House, 2 Triton Square, Regents Place, London NW1 3AN.  Registered in England
under Company Registration Number: 2338548.  Regulated by the Financial Services
Authority (FSA).
> ***************************************************************************
-- 
"In a world without fences who needs Gates"
Patrik Gustavsson, Senior Technical Consultant
patrik.gustavsson@sun.com     Telephone: +46 60 671540
http://glen.sweden            Mobile: +46 70 3551040
SUN MICROSYSTEMS              Fax: +46 60 671550
--------------------------------------------------------------

Patrik,

Hello!  I have been waiting for you to get back, you may be able to help me.
I am having trouble making winbind work with Solaris 9.  I was wondering if
you could post a copy of your pam.conf again so that I can double check that
I have a correct copy of it?

The problem I am having is that when I try to log in with an NT username and
password the login process hangs after I put the password in.  I don't know
why this happens because getent works.  I decided to log what is going on in
PAM, here is what I got -

Jan 14 13:29:55 sun001 pam_winbind[15352]: [ID 571141 auth.debug]
libpam_winbind:pam_sm_close_sessio
n handler
Jan 14 13:29:59 sun001 login: [ID 634615 auth.debug]
pam_authtok_get:pam_sm_authenticate: flags = 0 Jan 14 13:30:05 sun001 login:
[ID 378613 auth.debug] pam_dhkeys: user ganguly not found Jan 14 13:30:05
sun001 login: [ID 896952 auth.debug] pam_unix_auth: entering
pam_sm_authenticate() Jan 14 13:30:05 sun001 login: [ID 219349 auth.debug]
pam_unix_auth: user ganguly not found Jan 14 13:30:05 sun001
pam_winbind[15369]: [ID 572310 auth.info] Verify user `ganguly' Jan 14
13:30:05 sun001 pam_winbind[15369]: [ID 614614 auth.notice] user
'ganguly'
granted acces Jan 14 13:30:05 sun001 login[15369]: [ID 509786 auth.debug]
roles pam_sm_authenticate, service = tel net user = ganguly ruser = not set
rhost = 192.168.224.90

Thanks for any help you can offer!

Sapan

-----Original Message-----
From: Patrik Gustavsson [mailto:Patrik.Gustavsson@Sun.COM] 
Sent: 19 January 2004 14:39
To: Unix Service (ANTS)
Cc: 'samba@lists.samba.org'
Subject: Re: [Samba] winbind and Solaris 9 with AD


Hi,

I have the following libraries and links in /usr/lib and 
it works:

libnss_winbind.so
libnss_winbind.so.1 -> libnss_winbind.so
nss_winbind.so.1 -> libnss_winbind.so

/Patrik
On Mon, 2004-01-19 at 13:13, Unix Service (ANTS) wrote:
> Hi
> 
> have been trying to get winbind working on Solaris 9 but to no effect.
> 
> version info:
> 
> samba: 3.0.0
> openldap: 2.1.23
> kerberos: MIT 1.3.1
> 
> Have followed the instructions in every howto, usenet posting I could
> find:
> 
> nscd not running
> created relevant links in /lib and /lib/security/sparcv9 applied patch 
> for nsswitch as recommended
> 
> kinit -e works
> net ads join works
> wbinfo -t works
> wbinfo -u gives list of all users in all trusted domains getent 
> doesn't work samba authentication doesn't work - get the following
in
> winbindd.log:
> 
> [2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379)
>   NTLM CRAP authentication for user [DEV]\[test7] returned 
> NT_STATUS_OK (PAM: 0) [2004/01/19 10:59:27, 3] 
> nsswitch/winbindd_acct.c:(875)
>   [ 3551]: create_user: user=>(test7), group=>()
> [2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521)
>   wb_getgrnam: Did not find group (nobody)
> 
> my smb.conf is:
> 
> workgroup = DEV
> #workgroup = DEV.ANTS.AD.ANPLC.CO.UK
> realm = DEV.ANTS.AD.ANPLC.CO.UK
> security = ADS
> password server = lonsd010.dev.ants.ad.anplc.co.uk
> dns proxy = no
> idmap gid = 70000-80000
> idmap uid = 800000-900000
> winbind cache time = 15
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> encrypt passwords = yes
> log level = 9
> 
> [temp]
> path = /tmp
> read list = @users
> 
> [docs]
> path = /var/tmp/samba-3.0.0
> read list = @users
> 
> I would appreciate any pointers as to further debugging I could do or 
> possible problems as being able to use winbind to deal with samba 
> authentication would make life a great deal easier.
> 
> 
> 
> 
> **********************************************************************
> *****
> This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received
this communication in error, you should destroy it without copying,
disclosing or otherwise using its contents.  Please notify the sender
immediately of the error.
> 
> Internet communications are not necessarily secure and may be 
> intercepted or changed after they are sent.  Abbey National Treasury 
> Services plc does not accept liability for any loss you may suffer as 
> a result of interception or any liability for such changes.  If you 
> wish to confirm the origin or content of this communication, please 
> contact the sender by using an alternative means of communication.
> 
> This communication does not create or modify any contract and, unless 
> otherwise stated, is not intended to be contractually binding.
> 
> Abbey National Treasury Services plc. Registered Office:  Abbey 
> National House, 2 Triton Square, Regents Place, London NW1 3AN.
Registered in England under Company Registration Number: 2338548.  Regulated
by the Financial Services Authority (FSA).
>
***************************************************************************
-- 
"In a world without fences who needs Gates"
Patrik Gustavsson, Senior Technical Consultant
patrik.gustavsson@sun.com     Telephone: +46 60 671540
http://glen.sweden            Mobile: +46 70 3551040
SUN MICROSYSTEMS              Fax: +46 60 671550
--------------------------------------------------------------


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Hi

Thanks to everyone for their intial replies.

I have edited nsswitch.conf and I have the links that Patrik mentioned.

I'm not really too fussed about getent working ( only in so far as getent
not working maybe indicates a more general problem )  or allowing users to
log on - I just want users without unix accounts to be able to access samba
shares without having to use username.map or leaving shares wide open.

So all I'm looking at is using winbind for samba authentication only - has
anybody got this working on Solaris 9 with 3.0.0 and security=ADS?

tim



***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received this
communication in error, you should destroy it without copying, disclosing or
otherwise using its contents.  Please notify the sender immediately of the
error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or any
liability for such changes.  If you wish to confirm the origin or content of
this communication, please contact the sender by using an alternative means of
communication.

This communication does not create or modify any contract and, unless otherwise
stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National House,
2 Triton Square, Regents Place, London NW1 3AN.  Registered in England under
Company Registration Number: 2338548.  Regulated by the Financial Services
Authority (FSA).
***************************************************************************

Looked through source and noticed there were some debug entries at level 10
for winbind - so upped log level and this time I get this:

[2004/01/19 18:18:47, 10] nsswitch/winbindd.c:(305)
  process_request: request fn CREATE_USER
[2004/01/19 18:18:48, 3] nsswitch/winbindd_acct.c:(875)
  [17805]: create_user: user=>(test7), group=>()
[2004/01/19 18:18:48, 5] libads/ldap_utils.c:(52)
  Search for (objectCategory=user) gave 18764 replies
[2004/01/19 18:18:48, 5] nsswitch/winbindd_acct.c:(521)
  wb_getgrnam: Did not find group (nobody)



-----Original Message-----
From: Patrik Gustavsson [mailto:Patrik.Gustavsson@Sun.COM] 
Sent: 19 January 2004 14:39
To: Unix Service (ANTS)
Cc: 'samba@lists.samba.org'
Subject: Re: [Samba] winbind and Solaris 9 with AD


Hi,

I have the following libraries and links in /usr/lib and 
it works:

libnss_winbind.so
libnss_winbind.so.1 -> libnss_winbind.so
nss_winbind.so.1 -> libnss_winbind.so

/Patrik
On Mon, 2004-01-19 at 13:13, Unix Service (ANTS) wrote:
> Hi
> 
> have been trying to get winbind working on Solaris 9 but to no effect.
> 
> version info:
> 
> samba: 3.0.0
> openldap: 2.1.23
> kerberos: MIT 1.3.1
> 
> Have followed the instructions in every howto, usenet posting I could
> find:
> 
> nscd not running
> created relevant links in /lib and /lib/security/sparcv9 applied patch 
> for nsswitch as recommended
> 
> kinit -e works
> net ads join works
> wbinfo -t works
> wbinfo -u gives list of all users in all trusted domains getent 
> doesn't work samba authentication doesn't work - get the following
in
> winbindd.log:
> 
> [2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379)
>   NTLM CRAP authentication for user [DEV]\[test7] returned 
> NT_STATUS_OK (PAM: 0) [2004/01/19 10:59:27, 3] 
> nsswitch/winbindd_acct.c:(875)
>   [ 3551]: create_user: user=>(test7), group=>()
> [2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521)
>   wb_getgrnam: Did not find group (nobody)
> 
> my smb.conf is:
> 
> workgroup = DEV
> #workgroup = DEV.ANTS.AD.ANPLC.CO.UK
> realm = DEV.ANTS.AD.ANPLC.CO.UK
> security = ADS
> password server = lonsd010.dev.ants.ad.anplc.co.uk
> dns proxy = no
> idmap gid = 70000-80000
> idmap uid = 800000-900000
> winbind cache time = 15
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> encrypt passwords = yes
> log level = 9
> 
> [temp]
> path = /tmp
> read list = @users
> 
> [docs]
> path = /var/tmp/samba-3.0.0
> read list = @users
> 
> I would appreciate any pointers as to further debugging I could do or 
> possible problems as being able to use winbind to deal with samba 
> authentication would make life a great deal easier.
> 
> 
> 
> 
> **********************************************************************
> *****
> This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received
this communication in error, you should destroy it without copying,
disclosing or otherwise using its contents.  Please notify the sender
immediately of the error.
> 
> Internet communications are not necessarily secure and may be 
> intercepted or changed after they are sent.  Abbey National Treasury 
> Services plc does not accept liability for any loss you may suffer as 
> a result of interception or any liability for such changes.  If you 
> wish to confirm the origin or content of this communication, please 
> contact the sender by using an alternative means of communication.
> 
> This communication does not create or modify any contract and, unless 
> otherwise stated, is not intended to be contractually binding.
> 
> Abbey National Treasury Services plc. Registered Office:  Abbey 
> National House, 2 Triton Square, Regents Place, London NW1 3AN.
Registered in England under Company Registration Number: 2338548.  Regulated
by the Financial Services Authority (FSA).
>
***************************************************************************
-- 
"In a world without fences who needs Gates"
Patrik Gustavsson, Senior Technical Consultant
patrik.gustavsson@sun.com     Telephone: +46 60 671540
http://glen.sweden            Mobile: +46 70 3551040
SUN MICROSYSTEMS              Fax: +46 60 671550
--------------------------------------------------------------



***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received this
communication in error, you should destroy it without copying, disclosing or
otherwise using its contents.  Please notify the sender immediately of the
error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or any
liability for such changes.  If you wish to confirm the origin or content of
this communication, please contact the sender by using an alternative means of
communication.

This communication does not create or modify any contract and, unless otherwise
stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National House,
2 Triton Square, Regents Place, London NW1 3AN.  Registered in England under
Company Registration Number: 2338548.  Regulated by the Financial Services
Authority (FSA).
***************************************************************************

Have done some more digging through the log files and found the following (
see extracts at bottom ):

21.22.05 smbd asks winbind to create user
21.22.05 winbindd appears to do this successfully ( wb_storepwnam: Success )
21.22.13 smbd never seems to receive notification of this and times out.

I don't know enough about the smbd/winbindd interaction to work out
what's
happening ( will look at a working linux box to try and get an idea ) - has
anyone seen this before or know what could possibly cause this behaviour?

thanks

tim

Log.smbd:

[2004/01/19 21:22:05, 3] auth/auth_util.c:(1009)
  User test7 does not exist, trying to add it
[2004/01/19 21:22:05, 10] auth/auth_util.c:(74)
  auth_add_user_script: no 'add user script'.  Asking winbindd
[2004/01/19 21:22:05, 10] nsswitch/wb_client.c:(390)
  winbind_create_user: test7
[2004/01/19 21:22:05, 5] lib/username.c:(288)
  Finding user DEV\test7
[2004/01/19 21:22:05, 5] lib/username.c:(223)
  Trying _Get_Pwnam(), username as lowercase is dev\test7
[2004/01/19 21:22:05, 5] lib/username.c:(230)
  Trying _Get_Pwnam(), username as given is DEV\test7
[2004/01/19 21:22:05, 5] lib/username.c:(239)
  Trying _Get_Pwnam(), username as uppercase is DEV\TEST7
[2004/01/19 21:22:05, 5] lib/username.c:(247)
  Checking combinations of 0 uppercase letters in dev\test7
[2004/01/19 21:22:05, 5] lib/username.c:(251)
  Get_Pwnam_internals didn't find user [DEV\test7]!
[2004/01/19 21:22:05, 5] lib/username.c:(288)
  Finding user test7
[2004/01/19 21:22:05, 5] lib/username.c:(223)
  Trying _Get_Pwnam(), username as lowercase is test7
^C[2004/01/19 21:22:05, 5] lib/username.c:(239)
  Trying _Get_Pwnam(), username as uppercase is TEST7
[2004/01/19 21:22:05, 5] lib/username.c:(247)
  Checking combinations of 0 uppercase letters in test7
[2004/01/19 21:22:05, 5] lib/username.c:(251)
  Get_Pwnam_internals didn't find user [test7]!
[2004/01/19 21:22:05, 0] auth/auth_util.c:(1017)
  make_server_info_info3: pdb_init_sam failed!
[2004/01/19 21:22:05, 5] auth/auth.c:(268)
  check_ntlm_password: winbind authentication for user [test7] FAILED with
error
 NT_STATUS_NO_SUCH_USER
[2004/01/19 21:22:05, 2] auth/auth.c:(309)
  check_ntlm_password:  Authentication for user [test7] -> [test7] FAILED
with e
rror NT_STATUS_NO_SUCH_USER
[2004/01/19 21:22:05, 5] auth/auth_util.c:(1185)
  attempting to free (and zero) a user_info structure
[2004/01/19 21:22:05, 10] auth/auth_util.c:(1188)
  structure was created for test7
[2004/01/19 21:22:06, 6] lib/util_sock.c:(407)
  write_socket(16,98)
[2004/01/19 21:22:06, 6] lib/util_sock.c:(410)
  write_socket(16,98) wrote 98
[2004/01/19 21:22:13, 10] lib/util_sock.c:(336)
  read_socket_data: recv of 4 returned 0. Error = Error 0
[2004/01/19 21:22:13, 10] lib/util_sock.c:(512)
  receive_smb: length < 0!
[2004/01/19 21:22:13, 3] smbd/process.c:(1099)
  timeout_processing: End of file from client (client has disconnected).
[2004/01/19 21:22:13, 5] lib/gencache.c:(88)
  Closing cache file
[2004/01/19 21:22:13, 5] libsmb/namecache.c:(79)

Log.winbind:

[2004/01/19 21:22:05, 10] nsswitch/winbindd.c:(305)
  process_request: request fn CREATE_USER
[2004/01/19 21:22:05, 3] nsswitch/winbindd_acct.c:(875)
  [27622]: create_user: user=>(test7), group=>()
[2004/01/19 21:22:05, 5] nsswitch/winbindd_acct.c:(521)
  wb_getgrnam: Did not find group (nobody)
[2004/01/19 21:22:05, 10] sam/idmap_tdb.c:(125)
  db_allocate_id: ID_USERID (*id).uid = 800000
[2004/01/19 21:22:05, 10] nsswitch/winbindd_acct.c:(157)
  passwd2string: converting passwd struct for test7
[2004/01/19 21:22:05, 10] nsswitch/winbindd_acct.c:(486)
  wb_storepwnam: Success ->
"test7:x:800000:60001:test7:/home/ANTS431/test7:/bin
/false"
[2004/01/19 21:22:05, 10] nsswitch/winbindd.c:(502)
  client_write: wrote 1304 bytes.
[2004/01/19 21:22:13, 10] nsswitch/winbindd.c:(455)
  client_read: read 0 bytes. Need 1568 more for a full request.


***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received this
communication in error, you should destroy it without copying, disclosing or
otherwise using its contents.  Please notify the sender immediately of the
error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or any
liability for such changes.  If you wish to confirm the origin or content of
this communication, please contact the sender by using an alternative means of
communication.

This communication does not create or modify any contract and, unless otherwise
stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National House,
2 Triton Square, Regents Place, London NW1 3AN.  Registered in England under
Company Registration Number: 2338548.  Regulated by the Financial Services
Authority (FSA).
***************************************************************************

Hi 

have started compsring the winbindd log from the Solaris 9 host which isnt't
working and a linux host which is and the first thing I've noticed is the
following:

they both look the same up to the following point:

Solaris:
[2004/01/20 17:48:31, 10] nsswitch/winbindd.c:(455)
  client_read: read 1568 bytes. Need 0 more for a full request.
[2004/01/20 17:48:31, 10] nsswitch/winbindd.c:(305)
  process_request: request fn CREATE_USER
[2004/01/20 17:48:31, 3] nsswitch/winbindd_acct.c:(875)
  [28202]: create_user: user=>(test7), group=>()

Linux:
[2004/01/20 17:45:13, 10] nsswitch/winbindd.c:winbind_client_read(455)
  client_read: read 1568 bytes. Need 0 more for a full request.
[2004/01/20 17:45:13, 10] nsswitch/winbindd.c:process_request(305)
  process_request: request fn GETPWNAM
[2004/01/20 17:45:13, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(112)
  [ 4318]: getpwnam dev+test7

Why is the linux box now calling a different function to the solaris host -
is it because the linux host has already "created" the user and has it
cached some where ( if so, how can I delete the cache entry to see a
successful call to create_user etc. ).

thanks

tim


***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received this
communication in error, you should destroy it without copying, disclosing or
otherwise using its contents.  Please notify the sender immediately of the
error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or any
liability for such changes.  If you wish to confirm the origin or content of
this communication, please contact the sender by using an alternative means of
communication.

This communication does not create or modify any contract and, unless otherwise
stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National House,
2 Triton Square, Regents Place, London NW1 3AN.  Registered in England under
Company Registration Number: 2338548.  Regulated by the Financial Services
Authority (FSA).
***************************************************************************

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 20 Jan 2004, Unix Service (ANTS) wrote:
> Why is the linux box now calling a different function to the solaris
> host - is it because the linux host has already "created" the
user and
> has it cached some where ( if so, how can I delete the cache entry to
> see a successful call to create_user etc. ).
wbinfo -x 'username'



cheers, jerry
  ----------------------------------------------------------------------
  Hewlett-Packard            ------------------------- http://www.hp.com
  SAMBA Team                 ---------------------- http://www.samba.org
  GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
  "If we're adding to the noise, turn off this song" --Switchfoot
(2003)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFADfNyIR7qMdg1EfYRAtfgAKDDnk0zur2urnCJ5EhrMBDeAvXlKgCfeKBy
LP/jQE1NkML2bHX8o/QUIY8=oEMD
-----END PGP SIGNATURE-----

You should note that I'm not using ADS, I'm in an NT4 domain.

OK, from memory this is what I did.  (If anyone can see any errors in this,
please let me know!) 

First I compiled Samba with the following -

./configure --with-winbind --with-pam --with-pam_smbpass
--with-included-popt
make
make install

I then created these links in /usr/lib, I think I had to copy
libnss_winbind.so from samba/sources/nsswitch directory (compile directory)
to /usr/lib  

libnss_winbind.so
libnss_winbind.so.1 -> libnss_winbind.so
nss_winbind.so.1 -> libnss_winbind.so

After that I dropped in my smb.conf from an Linux machine I had already
built with samba 3.  Here is what it looks like -

# Global parameters
[global]
        workgroup = MYDOMAIN
        server string = SUN001
        log file = /var/log/samba/log.%m
        max log size = 50
        name resolve order = wins lmhosts bcast
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        local master = No
        dns proxy = No
        wins server = 192.168.224.25
        ldap suffix = dc=uk,dc=trt,dc=thales
        ldap machine suffix = dc=uk,dc=trt,dc=thales
        ldap user suffix = dc=uk,dc=trt,dc=thales
        ldap group suffix = dc=uk,dc=trt,dc=thales
        ldap idmap suffix = ou=idmap,dc=uk,dc=trt,dc=thales
        ldap admin dn = cn=root,dc=uk,dc=trt,dc=thales
        idmap backend = ldap:ldap://lnxs001
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /mnt/spare/%U
        template shell = /bin/bash
        winbind separator = -
        winbind use default domain = Yes

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[public]
        path = /public
        read only = No
        guest ok = Yes

My LDAP server is a separate Redhat 9.0 machine with OpenLDAP running.

Next I ran 'smbpasswd -w xxxxx' where xxxxx is my LDAP admin password,
this
gives samba write access to your LDAP server.

Then I had to make my samba server a member of my domain -
	
	net rpc join -S NT4PDC -w DOMNAME -U Administrator%passwd

Now I edited nsswitch.conf

Passwd: files winbind
Group: files winbind



Then I created the startup scripts for samba and winbind (don't for get to
chmod it to make it executable) -

#!/sbin/sh
##
        ## samba.server
        ##

        if [ ! -d /usr/bin ]
        then                    # /usr not mounted
                exit
        fi

        killproc() {            # kill the named process(es)
                pid=`/usr/bin/ps -e |
                     /usr/bin/grep -w $1 |
                     /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
                [ "$pid" != "" ] && kill $pid
        }

        # Start/stop processes required for Samba server

        case "$1" in

        'start')
        #
        # Edit these lines to suit your installation (paths, workgroup,
host)
        #
        echo Starting SMBD
           /usr/local/samba/sbin/smbd -D -d 10 -s
/usr/local/samba/lib/smb.conf
        echo Starting NMBD
           /usr/local/samba/sbin/nmbd -D -l /usr/local/samba/var/log -s
/usr/local/samba/lib/smb.conf

        echo Starting Winbind Daemon
           /usr/local/samba/sbin/winbindd -B -d 10 -s
/usr/local/samba/lib/smb.conf
           ;;

        'stop')
           killproc nmbd
           killproc smbd
           killproc winbindd
           ;;

        *)
           echo "Usage: /etc/init.d/samba.server { start | stop }"
           ;;
        esac 

After I started samba up with this script and ran getent it worked.  

I could type out all of my OpenLDAP config for you too but at this stage it
probably isn't very useful to you.  What I think you should try first is
using a simpler idmap backend first.  Make that work and then do the LDAP
stuff.


-----Original Message-----
From: Wright, Tim (ANTS) [mailto:tim.wright@ants.co.uk] 
Sent: 21 January 2004 16:37
To: 'Ganguly, Sapan '
Subject: RE: [Samba] winbind and Solaris 9 with AD


hi

I've been looking at my problem and compring the Solaris 9 box to a working
Linux box. I noticed that if I take the winbind entry out of nsswitch.conf
on the linux box then samba will no longer accept connections from users
with no unix account or relevanr username map.

So I'm assuming that if I can get getent working on the Solaris box then the
samba authentication problem will be solved as well.

So would you be able to provide me with a step by step of how you built and
configured samba/winbind on the host where getent works ( including other
stuff like kerberos and openldap compiles )? I can't offer much in return
but if I can get getent working then I will look at getting logging on to
the box working as well ( unless of course you 've already cracked it
yourself ).

anyway any help you could give me would be greatly appreciated.

thanks

tim

-----Original Message-----
From: Ganguly, Sapan [mailto:Sapan.Ganguly@thalesgroup.com] 
Sent: 19 January 2004 13:06
To: 'Unix Service (ANTS)'; 'samba@lists.samba.org'
Subject: RE: [Samba] winbind and Solaris 9 with AD



I'm having trouble with this too but getent works for me, I'm not using
AD
though.  

Have you edited nsswitch.conf?  

Passwd: files winbind
Group: files winbind

I'm stuck on getting logging in working...Sun seems to think there may be
some bug with PAM.

-----Original Message-----
From: Unix Service (ANTS) [mailto:Unix.Services@ants.co.uk] 
Sent: 19 January 2004 12:13
To: 'samba@lists.samba.org'
Subject: [Samba] winbind and Solaris 9 with AD


Hi

have been trying to get winbind working on Solaris 9 but to no effect.

version info:

samba: 3.0.0
openldap: 2.1.23
kerberos: MIT 1.3.1

Have followed the instructions in every howto, usenet posting I could
find:

nscd not running
created relevant links in /lib and /lib/security/sparcv9 applied patch for
nsswitch as recommended

kinit -e works
net ads join works
wbinfo -t works
wbinfo -u gives list of all users in all trusted domains
getent doesn't work
samba authentication doesn't work - get the following in winbindd.log:

[2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379)
  NTLM CRAP authentication for user [DEV]\[test7] returned NT_STATUS_OK
(PAM: 0) [2004/01/19 10:59:27, 3] nsswitch/winbindd_acct.c:(875)
  [ 3551]: create_user: user=>(test7), group=>()
[2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521)
  wb_getgrnam: Did not find group (nobody)

my smb.conf is:

workgroup = DEV
#workgroup = DEV.ANTS.AD.ANPLC.CO.UK
realm = DEV.ANTS.AD.ANPLC.CO.UK
security = ADS
password server = lonsd010.dev.ants.ad.anplc.co.uk
dns proxy = no
idmap gid = 70000-80000
idmap uid = 800000-900000
winbind cache time = 15
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = yes
log level = 9

[temp]
path = /tmp
read list = @users

[docs]
path = /var/tmp/samba-3.0.0
read list = @users

I would appreciate any pointers as to further debugging I could do or
possible problems as being able to use winbind to deal with samba
authentication would make life a great deal easier.




***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received
this communication in error, you should destroy it without copying,
disclosing or otherwise using its contents.  Please notify the sender
immediately of the error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or
any liability for such changes.  If you wish to confirm the origin or
content of this communication, please contact the sender by using an
alternative means of communication.

This communication does not create or modify any contract and, unless
otherwise stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National
House, 2 Triton Square, Regents Place, London NW1 3AN.  Registered in
England under Company Registration Number: 2338548.  Regulated by the
Financial Services Authority (FSA).
***************************************************************************

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received
this communication in error, you should destroy it without copying,
disclosing or otherwise using its contents.  Please notify the sender
immediately of the error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or
any liability for such changes.  If you wish to confirm the origin or
content of this communication, please contact the sender by using an
alternative means of communication.

This communication does not create or modify any contract and, unless
otherwise stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National
House, 2 Triton Square, Regents Place, London NW1 3AN.  Registered in
England under Company Registration Number: 2338548.  Regulated by the
Financial Services Authority (FSA).
***************************************************************************

P.S I used the pam.conf that Patrik Gustavsson posted here.

-----Original Message-----
From: Wright, Tim (ANTS) [mailto:tim.wright@ants.co.uk] 
Sent: 21 January 2004 16:37
To: 'Ganguly, Sapan '
Subject: RE: [Samba] winbind and Solaris 9 with AD


hi

I've been looking at my problem and compring the Solaris 9 box to a working
Linux box. I noticed that if I take the winbind entry out of nsswitch.conf
on the linux box then samba will no longer accept connections from users
with no unix account or relevanr username map.

So I'm assuming that if I can get getent working on the Solaris box then the
samba authentication problem will be solved as well.

So would you be able to provide me with a step by step of how you built and
configured samba/winbind on the host where getent works ( including other
stuff like kerberos and openldap compiles )? I can't offer much in return
but if I can get getent working then I will look at getting logging on to
the box working as well ( unless of course you 've already cracked it
yourself ).

anyway any help you could give me would be greatly appreciated.

thanks

tim

-----Original Message-----
From: Ganguly, Sapan [mailto:Sapan.Ganguly@thalesgroup.com] 
Sent: 19 January 2004 13:06
To: 'Unix Service (ANTS)'; 'samba@lists.samba.org'
Subject: RE: [Samba] winbind and Solaris 9 with AD



I'm having trouble with this too but getent works for me, I'm not using
AD
though.  

Have you edited nsswitch.conf?  

Passwd: files winbind
Group: files winbind

I'm stuck on getting logging in working...Sun seems to think there may be
some bug with PAM.

-----Original Message-----
From: Unix Service (ANTS) [mailto:Unix.Services@ants.co.uk] 
Sent: 19 January 2004 12:13
To: 'samba@lists.samba.org'
Subject: [Samba] winbind and Solaris 9 with AD


Hi

have been trying to get winbind working on Solaris 9 but to no effect.

version info:

samba: 3.0.0
openldap: 2.1.23
kerberos: MIT 1.3.1

Have followed the instructions in every howto, usenet posting I could
find:

nscd not running
created relevant links in /lib and /lib/security/sparcv9 applied patch for
nsswitch as recommended

kinit -e works
net ads join works
wbinfo -t works
wbinfo -u gives list of all users in all trusted domains
getent doesn't work
samba authentication doesn't work - get the following in winbindd.log:

[2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379)
  NTLM CRAP authentication for user [DEV]\[test7] returned NT_STATUS_OK
(PAM: 0) [2004/01/19 10:59:27, 3] nsswitch/winbindd_acct.c:(875)
  [ 3551]: create_user: user=>(test7), group=>()
[2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521)
  wb_getgrnam: Did not find group (nobody)

my smb.conf is:

workgroup = DEV
#workgroup = DEV.ANTS.AD.ANPLC.CO.UK
realm = DEV.ANTS.AD.ANPLC.CO.UK
security = ADS
password server = lonsd010.dev.ants.ad.anplc.co.uk
dns proxy = no
idmap gid = 70000-80000
idmap uid = 800000-900000
winbind cache time = 15
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = yes
log level = 9

[temp]
path = /tmp
read list = @users

[docs]
path = /var/tmp/samba-3.0.0
read list = @users

I would appreciate any pointers as to further debugging I could do or
possible problems as being able to use winbind to deal with samba
authentication would make life a great deal easier.




***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received
this communication in error, you should destroy it without copying,
disclosing or otherwise using its contents.  Please notify the sender
immediately of the error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or
any liability for such changes.  If you wish to confirm the origin or
content of this communication, please contact the sender by using an
alternative means of communication.

This communication does not create or modify any contract and, unless
otherwise stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National
House, 2 Triton Square, Regents Place, London NW1 3AN.  Registered in
England under Company Registration Number: 2338548.  Regulated by the
Financial Services Authority (FSA).
***************************************************************************

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received
this communication in error, you should destroy it without copying,
disclosing or otherwise using its contents.  Please notify the sender
immediately of the error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or
any liability for such changes.  If you wish to confirm the origin or
content of this communication, please contact the sender by using an
alternative means of communication.

This communication does not create or modify any contract and, unless
otherwise stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National
House, 2 Triton Square, Regents Place, London NW1 3AN.  Registered in
England under Company Registration Number: 2338548.  Regulated by the
Financial Services Authority (FSA).
***************************************************************************

-----Original Message-----
Hi Tim,

	I have winbind working with Solaris 9 ok, my only problem came because I have
idmap in LDAP and I'd put double quotes around the dn of the LDAP admin
account which broke things. Don't think I had to do anything special to
compile this, make sure you have installed the latest Solaris 9 patch cluster
from sunsolve. I compiled with these options,

./configure --with-kerberos=/usr/local --with-ads --with-acl-support --with-pam
--with-winbind

I don't think --with-pam is needed if you only want winbind to work for smb
connections to Samba (ie not for telnet etc.). Does wbinfo -u work? thats
fundamental to getent working. Also I assume you have MIT kerberos 1.3.1
installed as Samba will not work with Sun kereros,

	thanks Andy.


From: Ganguly, Sapan [mailto:Sapan.Ganguly@thalesgroup.com]
Posted At: 22 January 2004 11:09
Posted To: Samba
Conversation: [Samba] winbind and Solaris 9 with AD
Subject: RE: [Samba] winbind and Solaris 9 with AD



P.S I used the pam.conf that Patrik Gustavsson posted here.

-----Original Message-----
From: Wright, Tim (ANTS) [mailto:tim.wright@ants.co.uk] 
Sent: 21 January 2004 16:37
To: 'Ganguly, Sapan '
Subject: RE: [Samba] winbind and Solaris 9 with AD


hi

I've been looking at my problem and compring the Solaris 9 box to a working
Linux box. I noticed that if I take the winbind entry out of nsswitch.conf
on the linux box then samba will no longer accept connections from users
with no unix account or relevanr username map.

So I'm assuming that if I can get getent working on the Solaris box then the
samba authentication problem will be solved as well.

So would you be able to provide me with a step by step of how you built and
configured samba/winbind on the host where getent works ( including other
stuff like kerberos and openldap compiles )? I can't offer much in return
but if I can get getent working then I will look at getting logging on to
the box working as well ( unless of course you 've already cracked it
yourself ).

anyway any help you could give me would be greatly appreciated.

thanks

tim

-----Original Message-----
From: Ganguly, Sapan [mailto:Sapan.Ganguly@thalesgroup.com] 
Sent: 19 January 2004 13:06
To: 'Unix Service (ANTS)'; 'samba@lists.samba.org'
Subject: RE: [Samba] winbind and Solaris 9 with AD



I'm having trouble with this too but getent works for me, I'm not using
AD
though.  

Have you edited nsswitch.conf?  

Passwd: files winbind
Group: files winbind

I'm stuck on getting logging in working...Sun seems to think there may be
some bug with PAM.

-----Original Message-----
From: Unix Service (ANTS) [mailto:Unix.Services@ants.co.uk] 
Sent: 19 January 2004 12:13
To: 'samba@lists.samba.org'
Subject: [Samba] winbind and Solaris 9 with AD


Hi

have been trying to get winbind working on Solaris 9 but to no effect.

version info:

samba: 3.0.0
openldap: 2.1.23
kerberos: MIT 1.3.1

Have followed the instructions in every howto, usenet posting I could
find:

nscd not running
created relevant links in /lib and /lib/security/sparcv9 applied patch for
nsswitch as recommended

kinit -e works
net ads join works
wbinfo -t works
wbinfo -u gives list of all users in all trusted domains
getent doesn't work
samba authentication doesn't work - get the following in winbindd.log:

[2004/01/19 10:59:27, 5] nsswitch/winbindd_pam.c:(379)
  NTLM CRAP authentication for user [DEV]\[test7] returned NT_STATUS_OK
(PAM: 0) [2004/01/19 10:59:27, 3] nsswitch/winbindd_acct.c:(875)
  [ 3551]: create_user: user=>(test7), group=>()
[2004/01/19 10:59:27, 5] nsswitch/winbindd_acct.c:(521)
  wb_getgrnam: Did not find group (nobody)

my smb.conf is:

workgroup = DEV
#workgroup = DEV.ANTS.AD.ANPLC.CO.UK
realm = DEV.ANTS.AD.ANPLC.CO.UK
security = ADS
password server = lonsd010.dev.ants.ad.anplc.co.uk
dns proxy = no
idmap gid = 70000-80000
idmap uid = 800000-900000
winbind cache time = 15
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
encrypt passwords = yes
log level = 9

[temp]
path = /tmp
read list = @users

[docs]
path = /var/tmp/samba-3.0.0
read list = @users

I would appreciate any pointers as to further debugging I could do or
possible problems as being able to use winbind to deal with samba
authentication would make life a great deal easier.




***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received
this communication in error, you should destroy it without copying,
disclosing or otherwise using its contents.  Please notify the sender
immediately of the error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or
any liability for such changes.  If you wish to confirm the origin or
content of this communication, please contact the sender by using an
alternative means of communication.

This communication does not create or modify any contract and, unless
otherwise stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National
House, 2 Triton Square, Regents Place, London NW1 3AN.  Registered in
England under Company Registration Number: 2338548.  Regulated by the
Financial Services Authority (FSA).
***************************************************************************

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received
this communication in error, you should destroy it without copying,
disclosing or otherwise using its contents.  Please notify the sender
immediately of the error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or
any liability for such changes.  If you wish to confirm the origin or
content of this communication, please contact the sender by using an
alternative means of communication.

This communication does not create or modify any contract and, unless
otherwise stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National
House, 2 Triton Square, Regents Place, London NW1 3AN.  Registered in
England under Company Registration Number: 2338548.  Regulated by the
Financial Services Authority (FSA).
***************************************************************************
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

BBCi at http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain personal views
which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use,
copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC
monitors e-mails sent or received.
Further communication will signify your consent to this.

Hi
have resolved the problem as to why getent and samba authentication via
winbind were not working.
It's really stupid - we were building 64 bit and then copying the 64 bit
winbind nss lib into /usr/lib - doh!. So getent ( 32 bit ) would try and
load a 64 bit winbind nss lib which obviously could not work , and it was
failing silently. Recompiling 32 bit version of library has done the trick
and getent works ok and users do not need unix accounts to access samba
areas.


Will post full build procedure tomorrow and am now trying to get the logging
on to the Solaris 9 host using AD account details. Isn't working yet - have
redirected all auth.debug to a file and am getting the following:

Jan 22 22:02:18 ants725 pam_winbind[21561]: [ID 614614 auth.notice] user
'test7' granted acces
Jan 22 22:02:18 ants725 login[21561]: [ID 468494 auth.crit] login account
failure: No account present for user

i.e. the pam authentication is working but then login doen't appear to be
able to find the user's account.

Anyway - will have a play and post back if I get any further.

thanks to everyone who replied to my post - sorry it was such an idiotic
problem in the end.

tim 


***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received this
communication in error, you should destroy it without copying, disclosing or
otherwise using its contents.  Please notify the sender immediately of the
error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or any
liability for such changes.  If you wish to confirm the origin or content of
this communication, please contact the sender by using an alternative means of
communication.

This communication does not create or modify any contract and, unless otherwise
stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National House,
2 Triton Square, Regents Place, London NW1 3AN.  Registered in England under
Company Registration Number: 2338548.  Regulated by the Financial Services
Authority (FSA).
***************************************************************************

I wonder if that is my problem too?  How do you force it all to compile at
32 bit?

-----Original Message-----
From: Unix Service (ANTS) [mailto:Unix.Services@ants.co.uk] 
Sent: 25 January 2004 17:43
To: 'samba@lists.samba.org'
Subject: RE: [Samba] winbind and Solaris 9 with AD


Hi
have resolved the problem as to why getent and samba authentication via
winbind were not working. It's really stupid - we were building 64 bit and
then copying the 64 bit winbind nss lib into /usr/lib - doh!. So getent ( 32
bit ) would try and load a 64 bit winbind nss lib which obviously could not
work , and it was failing silently. Recompiling 32 bit version of library
has done the trick and getent works ok and users do not need unix accounts
to access samba areas.


Will post full build procedure tomorrow and am now trying to get the logging
on to the Solaris 9 host using AD account details. Isn't working yet - have
redirected all auth.debug to a file and am getting the following:

Jan 22 22:02:18 ants725 pam_winbind[21561]: [ID 614614 auth.notice] user
'test7' granted acces Jan 22 22:02:18 ants725 login[21561]: [ID 468494
auth.crit] login account
failure: No account present for user

i.e. the pam authentication is working but then login doen't appear to be
able to find the user's account.

Anyway - will have a play and post back if I get any further.

thanks to everyone who replied to my post - sorry it was such an idiotic
problem in the end.

tim 


***************************************************************************
This communication (including any attachments) contains confidential
information.  If you are not the intended recipient and you have received
this communication in error, you should destroy it without copying,
disclosing or otherwise using its contents.  Please notify the sender
immediately of the error.

Internet communications are not necessarily secure and may be intercepted or
changed after they are sent.  Abbey National Treasury Services plc does not
accept liability for any loss you may suffer as a result of interception or
any liability for such changes.  If you wish to confirm the origin or
content of this communication, please contact the sender by using an
alternative means of communication.

This communication does not create or modify any contract and, unless
otherwise stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National
House, 2 Triton Square, Regents Place, London NW1 3AN.  Registered in
England under Company Registration Number: 2338548.  Regulated by the
Financial Services Authority (FSA).
***************************************************************************

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba