Alexis Tremblay
2006-May-30 11:08 UTC
[Samba] Winbind on Slackware - no auth but all the rest OK
Hi list, I got a Winbind issue that I'm stuck with since a very long time, this is getting ridiculous. On our Linux shell server (Slackware 9.1), I Installed the whole samba from self-compilation, tried many different configure options but mostly --without-pam --with-ldap, and everything required from all the HowTos I've read. I start winbindd via: # /usr/local/samba/sbin/winbindd -F -i -n -d 9 -S I can query any information from the ADS, wbinfo -u -g -A ... getent passwd, getent group, etc... all works A+OK. Then, in another terminal, as a UNIX local user on the same system I want to "su" to an AD user so I type: $ su - alexis.tremblay where "alexis.tremblay" is my AD user on my PDC, Winbind works, queries via ldap, gets all required info: [...] 0078 status : NT_STATUS_OK child daemon request 48 [ 3879]: lookupsid S-1-5-21-688190787-2786516605-92148756-1107 ads: query_user Current tickets expire at 1149006892, time is now 1148982918 Search for (objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\43\F5\04\29\7D\DE\16\A6\14\14\7E\05\53\04\00\00) gave 1 replies ads query_user gave alexis.tremblay BUT Then, it stops right there, when I type any password at the "password: " prompt (from my `su - alexis.tremblay`), it just drops me. The system never, ever sends the password to the ADS, the "su" command says "Sorry" and that's it. I can "su - alexis.tremblay" as ROOT, without entering any password, and it'll give me a shell! But nothing works as a normal user. Mind that I don't have PAM on this Slackware system, shouldn't be required, I know people have done it without PAM. Please, if someone could point me in the right direction, would be very great! Thanks a lot Alexis Tremblay My configs follow: smb.conf (I tried every immaginable combination, but I reverted to something simple like this): [global] WORKGROUP = MYREALM realm = MYREALM.TLD netbios name = URI password server = ip.of.win2k3.server server string = URI Shell Server %v security = ADS winbind separator = + idmap uid = 500-20000 idmap gid = 500-20000 winbind enum users = Yes winbind enum groups = Yes template homedir = /home/%U template shell = /bin/bash winbind use default domain = yes winbind cache time = 10 obey pam restrictions = no [homes] comment = Home Directories valid users = %U read only = No browseable = No nsswitch.conf: passwd: compat winbind shadow: compat group: compat winbind in /lib/lib_nss* I got: $ ls -l /lib/libnss_* -rwxr-xr-x 1 root root 49707 May 19 2003 /lib/libnss_compat-2.3.2.so* lrwxrwxrwx 1 root root 22 Dec 17 15:05 /lib/libnss_compat.so.2 -> libnss_compat-2.3.2.so* -rwxr-xr-x 1 root root 16948 May 19 2003 /lib/libnss_dns-2.3.2.so* lrwxrwxrwx 1 root root 19 Dec 17 15:05 /lib/libnss_dns.so.2 -> libnss_dns-2.3.2.so* -rwxr-xr-x 1 root root 42833 May 19 2003 /lib/libnss_files-2.3.2.so* lrwxrwxrwx 1 root root 21 Dec 17 15:05 /lib/libnss_files.so.2 -> libnss_files-2.3.2.so* -rwxr-xr-x 1 root root 18513 May 19 2003 /lib/libnss_hesiod-2.3.2.so* lrwxrwxrwx 1 root root 22 Dec 17 15:05 /lib/libnss_hesiod.so.2 -> libnss_hesiod-2.3.2.so* -rwxr-xr-x 1 root root 397975 May 30 11:39 /lib/libnss_ldap-2.3.2.so* lrwxrwxrwx 1 root root 20 May 30 11:39 /lib/libnss_ldap.so -> libnss_ldap-2.3.2.so* lrwxrwxrwx 1 root root 20 May 30 11:39 /lib/libnss_ldap.so.1 -> libnss_ldap-2.3.2.so* lrwxrwxrwx 1 root root 20 May 30 11:39 /lib/libnss_ldap.so.2 -> libnss_ldap-2.3.2.so* -rwxr-xr-x 1 root root 40317 May 19 2003 /lib/libnss_nis-2.3.2.so* lrwxrwxrwx 1 root root 19 Dec 17 15:05 /lib/libnss_nis.so.2 -> libnss_nis-2.3.2.so* -rwxr-xr-x 1 root root 47823 May 19 2003 /lib/libnss_nisplus-2.3.2.so* lrwxrwxrwx 1 root root 23 Dec 17 15:05 /lib/libnss_nisplus.so.2 -> libnss_nisplus-2.3.2.so* -rwxr-xr-x 1 root root 20991 Mar 9 11:59 /lib/libnss_winbind.so* lrwxrwxrwx 1 root root 17 Mar 1 15:22 /lib/libnss_winbind.so.1 -> libnss_winbind.so* lrwxrwxrwx 1 root root 17 Mar 2 15:43 /lib/libnss_winbind.so.2 -> libnss_winbind.so* $ grep -i pam /lib/libnss_* (nothing)
Maybe Matching Threads
Wisdom of the Ancients
