On 12/8/2016 2:10 PM, Rowland Penny via samba wrote:> On Thu, 8 Dec 2016 13:54:17 -0500
> lingpanda101 via samba <samba at lists.samba.org> wrote:
>
>> On 12/8/2016 1:14 PM, Rowland Penny via samba wrote:
>>> On Thu, 8 Dec 2016 13:03:49 -0500
>>> lingpanda101 via samba <samba at lists.samba.org> wrote:
>>>
>>>> On 12/8/2016 12:52 PM, Rowland Penny via samba wrote:
>>>>> On Thu, 8 Dec 2016 12:27:20 -0500
>>>>> lingpanda101 via samba <samba at lists.samba.org>
wrote:
>>>>>
>>>>>> I think I have a issue with ldconfig not finding
winbind. I
>>>>>> create the sym links and verified they exist. What am I
missing?
>>>>>> Thanks.
>>>>>>
>>>>>> ldconfig -v | grep "libnss_"
>>>>>> /sbin/ldconfig.real: Path `/lib/x86_64-linux-gnu'
given more than
>>>>>> once /sbin/ldconfig.real: Path
`/usr/lib/x86_64-linux-gnu' given
>>>>>> more than
>>>>>> once /sbin/ldconfig.real:
/lib/x86_64-linux-gnu/ld-2.23.so is the
>>>>>> dynamic linker, ignoring
>>>>>>
>>>>>> libnss_mdns4_minimal.so.2 ->
libnss_mdns4_minimal.so.2
>>>>>> libnss_files.so.2 -> libnss_files-2.23.so
>>>>>> libnss_nis.so.2 -> libnss_nis-2.23.so
>>>>>> libnss_mdns.so.2 -> libnss_mdns.so.2
>>>>>> libnss_dns.so.2 -> libnss_dns-2.23.so
>>>>>> libnss_nisplus.so.2 ->
libnss_nisplus-2.23.so
>>>>>> libnss_mdns6_minimal.so.2 ->
libnss_mdns6_minimal.so.2
>>>>>> libnss_compat.so.2 -> libnss_compat-2.23.so
>>>>>> libnss_mdns_minimal.so.2 ->
libnss_mdns_minimal.so.2
>>>>>> libnss_hesiod.so.2 -> libnss_hesiod-2.23.so
>>>>>> libnss_mdns6.so.2 -> libnss_mdns6.so.2
>>>>>> libnss_mdns4.so.2 -> libnss_mdns4.so.2
>>>>>>
>>>>> What version of Samba are you using ? I got the impression
you
>>>>> were using the distro's packages, in which case you do
not create
>>>>> the symlinks, you just install the packages I referred to
earlier.
>>>>>
>>>>> Rowland
>>>>>
>>>> I compiled using 4.5.1.
>>>>
>>> OK, you need to have these symlinks:
>>>
>>> ln
>>> -s /usr/local/samba/lib/libnss_wins.so.2
/lib/x86_64-linux-gnu/libnss_wins.so.2
>>> ln
>>> -s /usr/local/samba/lib/libnss_wins.so.2
/lib/x86_64-linux-gnu/libnss_wins.so
>>>
>>> ln
>>> -s /usr/local/samba/lib/libnss_winbind.so.2
/lib/x86_64-linux-gnu/libnss_winbind.so.2
>>> ln
>>> -s /usr/local/samba/lib/libnss_winbind.so.2
/lib/x86_64-linux-gnu/libnss_winbind.so
>>>
>>> ln
>>> -s /usr/local/samba/lib/security/pam_winbind.so
/lib/x86_64-linux-gnu/security/pam_winbind.so
>>>
>>> Then run 'ldconfig'
>>>
>>> You will also have to create a file: /usr/share/pam-configs/winbind
>>>
>>> Name: Winbind NT/Active Directory authentication
>>> Default: yes
>>> Priority: 192
>>> Auth-Type: Primary
>>> Auth:
>>> [success=end default=ignore] pam_winbind.so
>>> krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
>>> Auth-Initial: [success=end default=ignore] pam_winbind.so
>>> krb5_auth krb5_ccache_type=FILE cached_login Account-Type: Primary
>>> Account:
>>> [success=end new_authtok_reqd=done default=ignore]
>>> pam_winbind.so Password-Type: Primary
>>> Password:
>>> [success=end default=ignore] pam_winbind.so
>>> use_authtok try_first_pass Password-Initial:
>>> [success=end default=ignore] pam_winbind.so
>>> Session-Type: Additional
>>> Session:
>>> optional pam_winbind.so
>>>
>>> Rowland
>>>
>> I will perform the additional steps. I should point out I do not see
>> anything related to configuring Kerberos in the wiki. I have kept the
>> default configuration. Thanks.
>>
> Now I look at the domain member page, nor do I, but you only need the
> same krb5.conf as on the DC:
>
> [libdefaults]
> default_realm = SAMDOM.EXAMPLE.COM
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> Rowland
>
Still no luck getting getent to retrieve user information. I have uid's
and gid's setup for all users I am attempting to query. I still think I
have a issue with ldconfig. I started over and used 4.5.2 as well. I'm
going to switch to Debian 8.6 just to see if I get different results.
*root at DR210:~# /usr/local/samba/bin/wbinfo --ping-dc*
checking the NETLOGON for domain[DOMAIN] dc connection to
"pfdc1.domain.local" succeeded
*root at DR210:~# cat /var/log/samba/log.wb-DR210*
[2016/12/08 15:48:28.989794, 1]
../source3/passdb/pdb_tdb.c:543(tdbsam_open)
tdbsam_open: Converting version 0.0 database to version 4.0.
[2016/12/08 15:48:28.990276, 1]
../source3/passdb/pdb_tdb.c:304(tdbsam_convert_backup)
tdbsam_convert_backup: updated /usr/local/samba/private/passdb.tdb file.
*root at DR210:~# cat /var/log/samba/log.wb-DOMAIN *
[2016/12/08 15:45:07.390920, 0]
../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
Kinit for DR210$@DOMAIN.LOCAL to access cifs/PFDC1 at DOMAIN.LOCAL
failed: Cannot contact any KDC for requested realm
[2016/12/08 15:45:50.542327, 0]
../source3/winbindd/winbindd_dual.c:107(child_write_response)
Could not write result
[2016/12/08 15:51:04.684796, 0]
../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
Kinit for DR210$@DOMAIN.LOCAL to access
cifs/pfdc1.domain.local at DOMAIN.LOCAL failed: Cannot contact any KDC for
requested realm
[2016/12/09 01:26:36.412240, 0]
../source3/winbindd/winbindd_dual.c:107(child_write_response)
Could not write result
[2016/12/09 06:52:13.917652, 0]
../source3/winbindd/winbindd_dual.c:107(child_write_response)
Could not write result
[2016/12/09 06:57:58.461614, 0]
../source3/winbindd/winbindd_dual.c:107(child_write_response)
Could not write result
[2016/12/09 06:58:33.361393, 0]
../source3/winbindd/winbindd_dual.c:107(child_write_response)
Could not write result
*root at DR210:~# cat /var/log/samba/winbindd.log*
[2016/12/08 15:42:02.257023, 0]
../source3/winbindd/winbindd_cache.c:3244(initialize_winbindd_cache)
initialize_winbindd_cache: clearing cache and re-creating with
version number 2
[2016/12/08 15:42:02.258867, 0]
../lib/util/become_daemon.c:124(daemon_ready)
STATUS=daemon 'winbindd' finished starting up and ready to serve
connections
[2016/12/08 15:44:17.333519, 1] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
tdb(/usr/local/samba/var/lock/mutex.tdb): tdb_lock failed on list 63
ltype=1 (Interrupted system call)
[2016/12/08 15:44:17.333569, 0]
../source3/lib/util_tdb.c:497(tdb_chainlock_with_timeout_internal)
tdb_chainlock_with_timeout_internal: alarm (40) timed out for key
PFDC1 in tdb /usr/local/samba/var/lock/mutex.tdb
[2016/12/08 15:44:17.333614, 1]
../source3/lib/server_mutex.c:97(grab_named_mutex)
Could not get the lock for PFDC1
[2016/12/08 15:44:17.333664, 0]
../source3/winbindd/winbindd_cm.c:1039(cm_prepare_connection)
cm_prepare_connection: mutex grab failed for PFDC1
[2016/12/08 15:45:50.041081, 1]
../source3/winbindd/winbindd.c:395(winbindd_sig_hup_handler)
Reloading services after SIGHUP
[2016/12/08 15:45:50.041662, 0]
../source3/winbindd/winbindd.c:279(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=1)
[2016/12/08 15:47:59.344472, 0]
../source3/winbindd/winbindd_cache.c:3244(initialize_winbindd_cache)
initialize_winbindd_cache: clearing cache and re-creating with
version number 2
[2016/12/08 15:47:59.386085, 0]
../lib/util/become_daemon.c:124(daemon_ready)
STATUS=daemon 'winbindd' finished starting up and ready to serve
connections
[2016/12/08 15:49:24.446952, 1] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log)
tdb(/usr/local/samba/var/lock/mutex.tdb): tdb_lock failed on list 31
ltype=1 (Interrupted system call)
[2016/12/08 15:49:24.446995, 0]
../source3/lib/util_tdb.c:497(tdb_chainlock_with_timeout_internal)
tdb_chainlock_with_timeout_internal: alarm (40) timed out for key
pfdc1.domain.local in tdb /usr/local/samba/var/lock/mutex.tdb
[2016/12/08 15:49:24.447031, 1]
../source3/lib/server_mutex.c:97(grab_named_mutex)
Could not get the lock for pfdc1.domain.local
[2016/12/08 15:49:24.447080, 0]
../source3/winbindd/winbindd_cm.c:1039(cm_prepare_connection)
cm_prepare_connection: mutex grab failed for pfdc1.domain.local
[2016/12/08 15:51:04.907004, 1]
../source3/winbindd/winbindd_cm.c:1065(cm_prepare_connection)
cli_negprot failed: NT_STATUS_CONNECTION_RESET
*root at DR210:~# ldconfig -v | grep "libnss_"*
/sbin/ldconfig.real: Path `/lib/x86_64-linux-gnu' given more than once
/sbin/ldconfig.real: Path `/usr/lib/x86_64-linux-gnu' given more than once
/sbin/ldconfig.real: /lib/x86_64-linux-gnu/ld-2.23.so is the dynamic
linker, ignoring
libnss_mdns.so.2 -> libnss_mdns.so.2
libnss_mdns6_minimal.so.2 -> libnss_mdns6_minimal.so.2
libnss_mdns4.so.2 -> libnss_mdns4.so.2
libnss_mdns_minimal.so.2 -> libnss_mdns_minimal.so.2
libnss_compat.so.2 -> libnss_compat-2.23.so
libnss_hesiod.so.2 -> libnss_hesiod-2.23.so
libnss_mdns6.so.2 -> libnss_mdns6.so.2
libnss_files.so.2 -> libnss_files-2.23.so
libnss_dns.so.2 -> libnss_dns-2.23.so
libnss_nisplus.so.2 -> libnss_nisplus-2.23.so
libnss_nis.so.2 -> libnss_nis-2.23.so
libnss_mdns4_minimal.so.2 -> libnss_mdns4_minimal.so.2
--
- James