I'm hoping this is an easy question, but the way my day has gone I seriously doubt it is going to be. Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 server. I am able to join my domain and get information concerning groups and passwords from the domain controller (Windows 2003) without any problem. Where I have run into a problem is using getent to get a copy of the usernames/passwords and groups moved to the Samba machine. When I run getent, only information from the local passwd and group files is displayed. Which leads me to believe this is an nsswitch problem. To be more specific I think I have made a mistake copying the libraries to the proper location. I was not able to find libnss_winbind.so in /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the correct file to copy? And, where should these files be copied to on FreeBSD? From what I have read so far, I am guessing these should be copied to /usr/lib. I have run ldconfig and it shows (using -r) libnss_winbind.so.1 and libnss_winbind.so.2 being listed in the hints file. My nsswitch has the following configuration passwd: files winbind group: files winbind group_compat: nis hosts: files dns networks: files passwd_compat: nis shells: files Any suggestions concerning how to proceed would be greatly appreciated. Thanks, Jay
On Thursday 08 February 2007 10:44, jhall@vandaliamo.net wrote:> To be more specific I think I have made a mistake copying the libraries to > the proper location. I was not able to find libnss_winbind.so in > /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the > correct file to copy? And, where should these files be copied to on > FreeBSD? From what I have read so far, I am guessing these should be > copied to /usr/lib.Why aren't you using the port? It should Just Work(tm). You can keep the nss shared object in /usr/local/lib because FreeBSD will mount the disks very early on.> My nsswitch has the following configuration > passwd: files winbind > group: files winbind > group_compat: nis > hosts: files dns > networks: files > passwd_compat: nis > shells: filesTry removing the _compat entries. For LDAP I have this.. group: files ldap hosts: files dns networks: files passwd: files ldap shells: files And getent works fine. You could try cranking up debugging in Winbindd too (not that I've ever used it) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20070208/cb1395ae/attachment.bin
It was part of the FreeBSD 6.2 install. Jay> Where did you find the genent? I installed from the port but I didn't > find the genent in my FreeBSD system. > > > Thanks > > > ALex > On Thu, 8 Feb 2007 01:30:36 -0000 (GMT) > jhall@vandaliamo.net wrote: > >> > On Thursday 08 February 2007 10:44, jhall@vandaliamo.net wrote: >> >> To be more specific I think I have made a mistake copying the >> libraries >> >> to >> >> the proper location. I was not able to find libnss_winbind.so in >> >> /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is >> this >> >> the >> >> correct file to copy? And, where should these files be copied to on >> >> FreeBSD? From what I have read so far, I am guessing these should be >> >> copied to /usr/lib. >> > >> > Why aren't you using the port? It should Just Work(tm). >> > >> > You can keep the nss shared object in /usr/local/lib because FreeBSD >> will >> > mount the disks very early on. >> > >> >> My nsswitch has the following configuration >> >> passwd: files winbind >> >> group: files winbind >> >> group_compat: nis >> >> hosts: files dns >> >> networks: files >> >> passwd_compat: nis >> >> shells: files >> > >> > Try removing the _compat entries. >> > For LDAP I have this.. >> > group: files ldap >> > hosts: files dns >> > networks: files >> > passwd: files ldap >> > shells: files >> > >> > And getent works fine. You could try cranking up debugging in Winbindd >> too >> > (not that I've ever used it) >> > >> > -- >> > Daniel O'Connor software and network engineer >> > for Genesis Software - http://www.gsoft.com.au >> > "The nice thing about standards is that there >> > are so many of them to choose from." >> > -- Andrew Tanenbaum >> > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C >> > >> >> Unfortunately, some things came up and I going to be here for a while. >> So, I changed the debug level on winbindd to 5. Wow, there is a lot >> logged! >> >> When I use wbinfo -u or wbinfo -g, I can see a request to the DC and >> information being retrieved. However, when I use getent passwd or >> getent >> group, nothing is logged by winbindd. Does this mean the request is not >> getting to winbindd? >> >> Thanks, >> >> >> Jay >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > >
Thanks to everyone for the help. I still cannot get getent passwd or
getent group to work. This is what I have done since last round of
e-mails. If anyone sees anything glaringly obvious, please let me know.
1. Compiled samba from source with --prefix=/usr/local/samba
--with-smbtar --with winbind.
2. Modified /etc/nsswitch.conf with
passwd: files winbind
group: files winbind
3. Copied nss_winbind.so to /usr/lib/libnss_winbind.so and created a
symbolic link to the file for libnss_winbind.so.2. libnss_winbind.so has
permissions of 444 and is owned by root:wheel.
4. Copied nss_wins.so to /usr/lib/libnss_winbind.so and created a
symbolic link to the file for libnss_wins.so.2. libness_wins.so has
permissions of 444 and is owned by root:wheel.
5. Ran ldconfig -r to reload shared objects. libnss_winbind and
libnss_wins are listed.
6. Started winbind. No errors.
7. wbinfo -u and wbinfo -g return the user and group names.
8. getent passwd and getent group only return local groups and users.
If anyone sees anything obviously wrong, please let me know.
Thanks,
Jay
> Hi Jay,
>
> I just went through something similar on the list. If you are able to
> use
> wbinfo -u to see the users, but cannot see them with getent, the issue is
> almost certainly with the libnss_winbind.so library or in your
> nsswitch.conf
> configuration.
>
> I believe where the libraries need to be located depends on your linux
> flavor. I can tell you that on Gentoo with 3.024, they are the following:
>
> /usr/lib/libnss_winbind.so
> /usr/lib/libnss_winbind.so.2 -> libnss_winbind.so
> /usr/lib/libnss_wins.so
> /usr/lib/libnss_wins.so.2 -> libnss_wins.so
>
> I believe I have seen documentation which locates them in lib/security
> for
> Solaris, and I have seen them as both nss_ and libnss_ in various
> documentation and posts, so you should check the install documentation for
> FreeBSD.
>
> The nsswitch.conf check is quite simple - you need to make sure winbind
> is
> listed as an information source. My nsswitch.conf on gentoo needed to
> have
> winbind added on the following:
>
> passwd: files winbind
> group: files winbind
>
> Depending on what you have installed, you may need compat, db, nis, or
> other information stores listed at appropriate places in nsswitch.conf or
> the FreeBSD equivalent. Since I don't run FreeBSD, I don't want to
steer
> you too far off track.
>
> Sincerely,
> Donald
>
> -----Original Message-----
> From: samba-bounces+don=videon-central.com@lists.samba.org
> [mailto:samba-bounces+don=videon-central.com@lists.samba.org] On Behalf Of
> jhall@vandaliamo.net
> Sent: Wednesday, February 07, 2007 7:15 PM
> To: samba@lists.samba.org
> Subject: [Samba] FreeBSD and Winbind
>
> I'm hoping this is an easy question, but the way my day has gone I
> seriously doubt it is going to be.
>
> Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2
> server. I am able to join my domain and get information concerning groups
> and passwords from the domain controller (Windows 2003) without any
> problem.
>
> Where I have run into a problem is using getent to get a copy of the
> usernames/passwords and groups moved to the Samba machine. When I run
> getent, only information from the local passwd and group files is
> displayed. Which leads me to believe this is an nsswitch problem.
>
> To be more specific I think I have made a mistake copying the libraries to
> the proper location. I was not able to find libnss_winbind.so in
> /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the
> correct file to copy? And, where should these files be copied to on
> FreeBSD? From what I have read so far, I am guessing these should be
> copied to /usr/lib.
>
> I have run ldconfig and it shows (using -r) libnss_winbind.so.1 and
> libnss_winbind.so.2 being listed in the hints file.
>
> My nsswitch has the following configuration
> passwd: files winbind
> group: files winbind
> group_compat: nis
> hosts: files dns
> networks: files
> passwd_compat: nis
> shells: files
>
> Any suggestions concerning how to proceed would be greatly appreciated.
>
> Thanks,
>
>
> Jay
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
>
>
>
Ok, Jay,
This is a real long shot, but I did run into a similar problem on SLE9 Suse
Linux system. Same sort of symptoms, wbinfo would work but getent, etc would
not.
Finally determined that the ncsd service was interfering with the operation of
winbind - so
it had to be turned off:
/etc/rc.d/nscd stop
chkconfig nscd off
After that, it all worked.
I'm not familar with FreeBSD, don't even know if there IS an nscd
service on it, but it's the last thing I can think of.
Don
----- Original Message ----
From: "jhall@vandaliamo.net" <jhall@vandaliamo.net>
To: don@videon-central.com
Cc: samba@lists.samba.org
Sent: Friday, February 9, 2007 8:36:07 PM
Subject: RE: [Samba] FreeBSD and Winbind
Thanks to everyone for the help. I still cannot get getent passwd or
getent group to work. This is what I have done since last round of
e-mails. If anyone sees anything glaringly obvious, please let me know.
1. Compiled samba from source with --prefix=/usr/local/samba
--with-smbtar --with winbind.
2. Modified /etc/nsswitch.conf with
passwd: files winbind
group: files winbind
3. Copied nss_winbind.so to /usr/lib/libnss_winbind.so and created a
symbolic link to the file for libnss_winbind.so.2. libnss_winbind.so has
permissions of 444 and is owned by root:wheel.
4. Copied nss_wins.so to /usr/lib/libnss_winbind.so and created a
symbolic link to the file for libnss_wins.so.2. libness_wins.so has
permissions of 444 and is owned by root:wheel.
5. Ran ldconfig -r to reload shared objects. libnss_winbind and
libnss_wins are listed.
6. Started winbind. No errors.
7. wbinfo -u and wbinfo -g return the user and group names.
8. getent passwd and getent group only return local groups and users.
If anyone sees anything obviously wrong, please let me know.
Thanks,
Jay
> Hi Jay,
>
> I just went through something similar on the list. If you are able to
> use
> wbinfo -u to see the users, but cannot see them with getent, the issue is
> almost certainly with the libnss_winbind.so library or in your
> nsswitch.conf
> configuration.
>
> I believe where the libraries need to be located depends on your linux
> flavor. I can tell you that on Gentoo with 3.024, they are the following:
>
> /usr/lib/libnss_winbind.so
> /usr/lib/libnss_winbind.so.2 -> libnss_winbind.so
> /usr/lib/libnss_wins.so
> /usr/lib/libnss_wins.so.2 -> libnss_wins.so
>
> I believe I have seen documentation which locates them in lib/security
> for
> Solaris, and I have seen them as both nss_ and libnss_ in various
> documentation and posts, so you should check the install documentation for
> FreeBSD.
>
> The nsswitch.conf check is quite simple - you need to make sure winbind
> is
> listed as an information source. My nsswitch.conf on gentoo needed to
> have
> winbind added on the following:
>
> passwd: files winbind
> group: files winbind
>
> Depending on what you have installed, you may need compat, db, nis, or
> other information stores listed at appropriate places in nsswitch.conf or
> the FreeBSD equivalent. Since I don't run FreeBSD, I don't want to
steer
> you too far off track.
>
> Sincerely,
> Donald
>
> -----Original Message-----
> From: samba-bounces+don=videon-central.com@lists.samba.org
> [mailto:samba-bounces+don=videon-central.com@lists.samba.org] On Behalf Of
> jhall@vandaliamo.net
> Sent: Wednesday, February 07, 2007 7:15 PM
> To: samba@lists.samba.org
> Subject: [Samba] FreeBSD and Winbind
>
> I'm hoping this is an easy question, but the way my day has gone I
> seriously doubt it is going to be.
>
> Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2
> server. I am able to join my domain and get information concerning groups
> and passwords from the domain controller (Windows 2003) without any
> problem.
>
> Where I have run into a problem is using getent to get a copy of the
> usernames/passwords and groups moved to the Samba machine. When I run
> getent, only information from the local passwd and group files is
> displayed. Which leads me to believe this is an nsswitch problem.
>
> To be more specific I think I have made a mistake copying the libraries to
> the proper location. I was not able to find libnss_winbind.so in
> /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the
> correct file to copy? And, where should these files be copied to on
> FreeBSD? From what I have read so far, I am guessing these should be
> copied to /usr/lib.
>
> I have run ldconfig and it shows (using -r) libnss_winbind.so.1 and
> libnss_winbind.so.2 being listed in the hints file.
>
> My nsswitch has the following configuration
> passwd: files winbind
> group: files winbind
> group_compat: nis
> hosts: files dns
> networks: files
> passwd_compat: nis
> shells: files
>
> Any suggestions concerning how to proceed would be greatly appreciated.
>
> Thanks,
>
>
> Jay
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com
On Thu, 8 Feb 2007 (jhall@vandaliamo.net) wrote>I'm hoping this is an easy question, but the way my day has gone I >seriously doubt it is going to be. > >Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 >server. I am able to join my domain and get information concerning groups >and passwords from the domain controller (Windows 2003) without any >problem. > >Where I have run into a problem is using getent to get a copy of the >usernames/passwords and groups moved to the Samba machine. When I run >getent, only information from the local passwd and group files is >displayed. Which leads me to believe this is an nsswitch problem.I had a similar problem when adding a Samba Domain Server to a network with a Samba PDC... 'wbinfo -u/-g' produced a list of domain user/group names, but getent only produced the local names. AFAICS when winbind is responding via NSS it is filtering according to the valid and invalid user settings in the [GLOBAL] section of the local smb.conf. I have a domain called RHEA. The new Samba Domain Server is AUREUS. The following entry in [GLOBALS] in the smb.conf for AUREUS did the trick: valid users = "+RHEA\domain admins" "+RHEA\domain users" \ "+RHEA\domain guests" Noting that I haven't changed the "winbind separator" from the default. Chris -- Chris Hall