Thomas Robers
2006-Aug-22 11:23 UTC
[Samba] Winbind Problem after Update from 3.0.21b -> 3.0.23b
Hi all,
we're using Winbind on a Solaris 9 machine to authenticate our Users, who
are held in a Windows 2003SP1 AD. We are now using Samba 3.0.21b and everything
works as expected. I configured the nsswitch and installed
"libnss_winbind.so"
and "pam_winbind.so" as described in the documentation and winbind is
able
to resolve the AD users and groups and the useres are able to login to the
system.
All Samba versions I tried are compiled from source with GCC version 3.2.2
from sunfreeware.com.
They are all configured as follows:
./configure --prefix=$PREFIX \
--bindir=$PREFIX/bin \
--sbindir=$PREFIX/sbin \
--libexecdir=$PREFIX/libexec \
--datadir=/var/samba \
--sysconfdir=/etc/samba \
--sharedstatedir=/var/samba \
--localstatedir=/var/samba \
--libdir=/opt/samba/lib \
--enable-shared=yes \
--with-privatedir=/var/samba \
--with-lockdir=/var/lock/samba \
--with-piddir=/var/lock/samba \
--with-configdir=/etc/samba \
--with-logfilebase=/var/log/samba \
--with-libdir=/opt/samba/lib \
--with-readline=/usr/local/lib \
--with-libiconv=/usr/local \
--with-krb5=/opt/mit-krb5 \
--with-automount=yes \
--with-pam=yes \
--with-ads=yes \
--with-acl-support=yes \
--with-pam=yes \
--with-pam_smbpass=yes \
--with-included-popt \
--with-winbind=yes
After compiling I copied "libnss_windbind.so" to "/lib" and
made some symbolic links to:
libnss_winbind.so.1 -> libnss_winbind.so
libnss_winbind.so.2 -> libnss_winbind.so
nss_winbind.so.1 -> libnss_winbind.so
nss_winbind.so.2 -> libnss_winbind.so
I also copied "pam_winbind.so" to "/lib/security". And that
worked until
version 3.0.22 (which I tried also). Since Version 3.0.23 it doesn't work
anymore and winbind isn't able to get the users/groups from our Windows
2003SP1 AD.
When I do a "wbinfo -u" I get "Error looking up domain
users" and the winbind logfile
tells me:
[2006/08/21 17:28:46, 6] nsswitch/winbindd.c:new_connection(601)
accepted socket 18
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn INTERFACE_VERSION
[2006/08/21 17:28:46, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(474)
[ 0]: request interface version
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/08/21 17:28:46, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(507)
[ 0]: request location of privileged pipe
[2006/08/21 17:28:46, 6] nsswitch/winbindd.c:new_connection(601)
accepted socket 19
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn LIST_USERS
[2006/08/21 17:28:46, 3] nsswitch/winbindd_user.c:winbindd_list_users(734)
[ 0]: list users
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(399)
refresh_sequence_number: WK time ok
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(427)
refresh_sequence_number: WK seq number is now -1
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:wcache_server_down(297)
wcache_server_down: server for Domain WK down
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:centry_expired(469)
centry_expired: Key UL/TV for domain WK is good.
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:wcache_fetch(556)
wcache_fetch: returning entry UL/TV for domain WK
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:query_user_list(958)
query_user_list: [Cached] - cached list for domain WK status:
NT_STATUS_UNSUCCESSFUL
which does not really helps me to find the problem.
The /etc/samba/smb.conf file looks like:
[global]
workgroup = WK
realm = WK.DOMAIN.DE
security = ADS
winbind separator = \
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/sh
password server = passwd.domain.de
# display charset = ISO8859-15
# unix charset = ISO8859-15
winbind use default domain = yes
log file = /var/log/samba/log.%m
log level = winbind:15
# client use spnego = yes
# client schannel = no
If I switch back to version 3.0.21b or even 3.0.22 with the same configuration
everythings OK immediately and the nsswitch works as it should; winbind is able
to lookup
the AD users and groups and the users are able to login to the system.
I searched the archives but couldn't find anybody with a similar problem
when
upgrading. And the changelog doesn't tell me anything that I should be aware
of,
or have I missed something? Is there any futher possibility to debug the error?
Or is there possibly somebody with a similar problem and was able to solve this?
Any suggestions are welcome.
Many thanks in advance!
Thomas
Thomas Robers
2006-Aug-25 06:22 UTC
[Samba] Winbind Problem after Update from 3.0.21b -> 3.0.23b
Hi,
we're using Winbind on a Solaris 9 machine to authenticate our Users, who
are held in a Windows 2003SP1 AD. We are now using Samba 3.0.21b and everything
works as expected. I configured the nsswitch and installed
"libnss_winbind.so"
and "pam_winbind.so" as described in the documentation and winbind is
able
to resolve the AD users and groups and the useres are able to login to the
system.
All Samba versions I tried are compiled from source with GCC version 3.2.2
from sunfreeware.com.
They are all configured as follows:
./configure --prefix=$PREFIX \
--bindir=$PREFIX/bin \
--sbindir=$PREFIX/sbin \
--libexecdir=$PREFIX/libexec \
--datadir=/var/samba \
--sysconfdir=/etc/samba \
--sharedstatedir=/var/samba \
--localstatedir=/var/samba \
--libdir=/opt/samba/lib \
--enable-shared=yes \
--with-privatedir=/var/samba \
--with-lockdir=/var/lock/samba \
--with-piddir=/var/lock/samba \
--with-configdir=/etc/samba \
--with-logfilebase=/var/log/samba \
--with-libdir=/opt/samba/lib \
--with-readline=/usr/local/lib \
--with-libiconv=/usr/local \
--with-krb5=/opt/mit-krb5 \
--with-automount=yes \
--with-pam=yes \
--with-ads=yes \
--with-acl-support=yes \
--with-pam=yes \
--with-pam_smbpass=yes \
--with-included-popt \
--with-winbind=yes
After compiling I copied "libnss_windbind.so" to "/lib" and
made some symbolic links to:
libnss_winbind.so.1 -> libnss_winbind.so
libnss_winbind.so.2 -> libnss_winbind.so
nss_winbind.so.1 -> libnss_winbind.so
nss_winbind.so.2 -> libnss_winbind.so
I also copied "pam_winbind.so" to "/lib/security". And that
worked until
version 3.0.22 (which I tried also). Since Version 3.0.23 it doesn't work
anymore and winbind isn't able to get the users/groups from our Windows
2003SP1 AD.
When I do a "wbinfo -u" I get "Error looking up domain
users" and the winbind logfile
tells me:
[2006/08/21 17:28:46, 6] nsswitch/winbindd.c:new_connection(601)
accepted socket 18
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn INTERFACE_VERSION
[2006/08/21 17:28:46, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(474)
[ 0]: request interface version
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/08/21 17:28:46, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(507)
[ 0]: request location of privileged pipe
[2006/08/21 17:28:46, 6] nsswitch/winbindd.c:new_connection(601)
accepted socket 19
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn LIST_USERS
[2006/08/21 17:28:46, 3] nsswitch/winbindd_user.c:winbindd_list_users(734)
[ 0]: list users
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(399)
refresh_sequence_number: WK time ok
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(427)
refresh_sequence_number: WK seq number is now -1
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:wcache_server_down(297)
wcache_server_down: server for Domain WK down
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:centry_expired(469)
centry_expired: Key UL/TV for domain WK is good.
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:wcache_fetch(556)
wcache_fetch: returning entry UL/TV for domain WK
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:query_user_list(958)
query_user_list: [Cached] - cached list for domain WK status:
NT_STATUS_UNSUCCESSFUL
which does not really helps me to find the problem.
The /etc/samba/smb.conf file looks like:
[global]
workgroup = WK
realm = WK.DOMAIN.DE
security = ADS
winbind separator = \
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/sh
password server = passwd.domain.de
# display charset = ISO8859-15
# unix charset = ISO8859-15
winbind use default domain = yes
log file = /var/log/samba/log.%m
log level = winbind:15
# client use spnego = yes
# client schannel = no
If I switch back to version 3.0.21b or even 3.0.22 with the same configuration
everythings OK immediately and the nsswitch works as it should; winbind is able
to lookup
the AD users and groups and the users are able to login to the system.
I searched the archives but couldn't find anybody with a similar problem
when
upgrading. And the changelog doesn't tell me anything that I should be aware
of,
or have I missed something? Is there any futher possibility to debug the error?
Or is there possibly somebody with a similar problem and was able to solve this?
Any suggestions are welcome.
Many thanks in advance!
Thomas
Thomas Robers
2006-Aug-25 06:23 UTC
[Samba] Winbind Problem after Update from 3.0.21b -> 3.0.23b
Hi all,
we're using Winbind on a Solaris 9 machine to authenticate our Users, who
are held in a Windows 2003SP1 AD. We are now using Samba 3.0.21b and everything
works as expected. I configured the nsswitch and installed
"libnss_winbind.so"
and "pam_winbind.so" as described in the documentation and winbind is
able
to resolve the AD users and groups and the useres are able to login to the
system.
All Samba versions I tried are compiled from source with GCC version 3.2.2
from sunfreeware.com.
They are all configured as follows:
./configure --prefix=$PREFIX \
--bindir=$PREFIX/bin \
--sbindir=$PREFIX/sbin \
--libexecdir=$PREFIX/libexec \
--datadir=/var/samba \
--sysconfdir=/etc/samba \
--sharedstatedir=/var/samba \
--localstatedir=/var/samba \
--libdir=/opt/samba/lib \
--enable-shared=yes \
--with-privatedir=/var/samba \
--with-lockdir=/var/lock/samba \
--with-piddir=/var/lock/samba \
--with-configdir=/etc/samba \
--with-logfilebase=/var/log/samba \
--with-libdir=/opt/samba/lib \
--with-readline=/usr/local/lib \
--with-libiconv=/usr/local \
--with-krb5=/opt/mit-krb5 \
--with-automount=yes \
--with-pam=yes \
--with-ads=yes \
--with-acl-support=yes \
--with-pam=yes \
--with-pam_smbpass=yes \
--with-included-popt \
--with-winbind=yes
After compiling I copied "libnss_windbind.so" to "/lib" and
made some symbolic links to:
libnss_winbind.so.1 -> libnss_winbind.so
libnss_winbind.so.2 -> libnss_winbind.so
nss_winbind.so.1 -> libnss_winbind.so
nss_winbind.so.2 -> libnss_winbind.so
I also copied "pam_winbind.so" to "/lib/security". And that
worked until
version 3.0.22 (which I tried also). Since Version 3.0.23 it doesn't work
anymore and winbind isn't able to get the users/groups from our Windows
2003SP1 AD.
When I do a "wbinfo -u" I get "Error looking up domain
users" and the winbind logfile
tells me:
[2006/08/21 17:28:46, 6] nsswitch/winbindd.c:new_connection(601)
accepted socket 18
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn INTERFACE_VERSION
[2006/08/21 17:28:46, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(474)
[ 0]: request interface version
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/08/21 17:28:46, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(507)
[ 0]: request location of privileged pipe
[2006/08/21 17:28:46, 6] nsswitch/winbindd.c:new_connection(601)
accepted socket 19
[2006/08/21 17:28:46, 10] nsswitch/winbindd.c:process_request(287)
process_request: request fn LIST_USERS
[2006/08/21 17:28:46, 3] nsswitch/winbindd_user.c:winbindd_list_users(734)
[ 0]: list users
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(399)
refresh_sequence_number: WK time ok
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(427)
refresh_sequence_number: WK seq number is now -1
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:wcache_server_down(297)
wcache_server_down: server for Domain WK down
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:centry_expired(469)
centry_expired: Key UL/TV for domain WK is good.
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:wcache_fetch(556)
wcache_fetch: returning entry UL/TV for domain WK
[2006/08/21 17:28:46, 10] nsswitch/winbindd_cache.c:query_user_list(958)
query_user_list: [Cached] - cached list for domain WK status:
NT_STATUS_UNSUCCESSFUL
which does not really helps me to find the problem.
The /etc/samba/smb.conf file looks like:
[global]
workgroup = WK
realm = WK.DOMAIN.DE
security = ADS
winbind separator = \
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/sh
password server = passwd.domain.de
# display charset = ISO8859-15
# unix charset = ISO8859-15
winbind use default domain = yes
log file = /var/log/samba/log.%m
log level = winbind:15
# client use spnego = yes
# client schannel = no
If I switch back to version 3.0.21b or even 3.0.22 with the same configuration
everythings OK immediately and the nsswitch works as it should; winbind is able
to lookup
the AD users and groups and the users are able to login to the system.
I searched the archives but couldn't find anybody with a similar problem
when
upgrading. And the changelog doesn't tell me anything that I should be aware
of,
or have I missed something? Is there any futher possibility to debug the error?
Or is there possibly somebody with a similar problem and was able to solve this?
Any suggestions are welcome.
Many thanks in advance!
Thomas