[csw-users] Odd Samba/winbind issue
James Relph
james at themacplace.co.uk
Fri Jun 21 07:30:31 CEST 2013
Thanks for the speedy reply. I think I found where you'd already mentioned that online anyway, I've got:
libnss_winbind.so -> /opt/csw/lib/libnss_winbind.so.1
nss_winbind.so.1 -> /opt/csw/lib/libnss_winbind.so.1
In /lib. Winbind itself seems to be working fine, I've got netatalk using that happily, it's the cswsamba version that won't seem to use winbind (it's either not using it properly, or it's using the wrong winbind somehow). Netatalk, using winbind, is fine.
Best regards,
James.
On 21 Jun 2013, at 06:24, Jan Holzhueter <jh at opencsw.org> wrote:
> Hi,
> if you use the auth via pam you must symlink the nss_winbind to a
> special place. I'm not sure which one atm. Check the orginal OI samba
> package that should put it in the right place.
> We can't add this to our package as this would brake install on sparse
> zones.
> I wanted to write a short notice about it put did not have the time yet.
> It might be that you even need to copy and not symlink the lib. Not sure
> here.
>
> Greetings
> Jan
>
>
>
> Am 21.06.13 07:15, schrieb James Relph:
>> Hi,
>>
>> Apologies for cross posting, but I'm not sure if this is an Oi issue or
>> a cswsamba issue. I've installed cswsamba (3.6.15) and cswsamba_winbind
>> on an OI box (151a7). I've got it bound to AD fine, and winbind itself
>> seems to be operating perfectly (I've actually got netatalk happily
>> authenticating AD users via winbind). If I run wbinfo -u or getent
>> passwd, I get the expected information back.
>>
>> Oddly though Samba itself isn't authenticating users. If I try and
>> login (with a few variations of DOMAIN\username or username at DOMAIN) it
>> just kicks it back as an unknown user (see below). The only thing that
>> I can think of is that the cswsamba is actually still calling the
>> previously installed (but turned off) winbind that I installed with the
>> original OI samba install. With that not running though I wouldn't have
>> thought that would have happened (but if that could be it - how do I
>> make sure that cswsamba uses cswsamba_winbind). I have symlinked the
>> csw nss_winbind libraries into /lib, I just don't know if there's
>> anything else that could cause this.
>>
>> Thanks for any help.
>>
>> James
>>
>> Principal Consultant
>>
>>
>> Mapping user [DOMAIN]\[james] from workstation [server03]
>> attempting to make a user_info for james (james)
>> making strings for james's user_info struct
>> making blobs for james's user_info struct
>> check_ntlm_password: Checking password for unmapped user
>> [DOMAIN]\[james]@[server03] with the new password interface
>> check_ntlm_password: mapped user is: [DOMAIN]\[james]@[server03]
>> Finding user DOMAIN\james
>> Trying _Get_Pwnam(), username as lowercase is DOMAIN\james
>> Trying _Get_Pwnam(), username as given is DOMAIN\james
>> Checking combinations of 0 uppercase letters in DOMAIN\james
>> Get_Pwnam_internals didn't find user [DOMAIN\james]!
>> Finding user james
>> Trying _Get_Pwnam(), username as lowercase is james
>> Checking combinations of 0 uppercase letters in james
>> Get_Pwnam_internals didn't find user [james]!
>> Failed to find authenticated user DOMAIN\james via getpwnam(), denying
>> access.
>> check_ntlm_password: winbind authentication for user [james] FAILED
>> with error NT_STATUS_NO_SUCH_USER
>> check_ntlm_password: Authentication for user [james] -> [james]
>> FAILED with error NT_STATUS_NO_SUCH_USER
>> Got user=[james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>]
>> domain=[DOMAIN] workstation=[server03] len1=24 len2=124
>> Mapping user [DOMAIN]\[james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>]
>> from workstation [server03]
>> attempting to make a user_info for james at DOMAIN.CORP
>> <mailto:james at DOMAIN.CORP> (james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>)
>> making strings for james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>'s
>> user_info struct
>> making blobs for james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>'s
>> user_info struct
>> check_ntlm_password: Checking password for unmapped user
>> [DOMAIN]\[james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>]@[server03] with
>> the new password interface
>> check_ntlm_password: mapped user is: [DOMAIN]\[james at DOMAIN.CORP
>> <mailto:james at DOMAIN.CORP>]@[server03]
>> check_ntlm_password: winbind authentication for user
>> [james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>] FAILED with error
>> NT_STATUS_NO_SUCH_USER
>> check_ntlm_password: Authentication for user [james at DOMAIN.CORP
>> <mailto:james at DOMAIN.CORP>] -> [james at DOMAIN.CORP
>> <mailto:james at DOMAIN.CORP>] FAILED with error NT_STATUS_NO_SUCH_USER
>> Got user=[james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>]
>> domain=[DOMAIN] workstation=[server03] len1=24 len2=124
>> Mapping user [DOMAIN]\[james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>]
>> from workstation [server03]
>> attempting to make a user_info for james at DOMAIN.CORP
>> <mailto:james at DOMAIN.CORP> (james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>)
>> making strings for james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>'s
>> user_info struct
>> making blobs for james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>'s
>> user_info struct
>> check_ntlm_password: Checking password for unmapped user
>> [DOMAIN]\[james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>]@[server03] with
>> the new password interface
>> check_ntlm_password: mapped user is: [DOMAIN]\[james at DOMAIN.CORP
>> <mailto:james at DOMAIN.CORP>]@[server03]
>> check_ntlm_password: winbind authentication for user
>> [james at DOMAIN.CORP <mailto:james at DOMAIN.CORP>] FAILED with error
>> NT_STATUS_NO_SUCH_USER
>> check_ntlm_password: Authentication for user [james at DOMAIN.CORP
>> <mailto:james at DOMAIN.CORP>] -> [james at DOMAIN.CORP
>> <mailto:james at DOMAIN.CORP>] FAILED with error NT_STATUS_NO_SUCH_USER
>>
>>
>> _______________________________________________
>> users mailing list
>> users at lists.opencsw.org
>> https://lists.opencsw.org/mailman/listinfo/users
>>
>
> _______________________________________________
> users mailing list
> users at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/users/attachments/20130621/aeda48eb/attachment.html>
More information about the users
mailing list