[csw-users] Odd Samba/winbind issue

Jan Holzhueter jh at opencsw.org
Fri Jun 21 10:00:15 CEST 2013 

Hi,
ok I looked up the old bug about that:
https://www.opencsw.org/mantis/view.php?id=5020

acroding to this you need this:
ln -s /opt/csw/lib/libnss_winbind.so.1 /lib/nss_winbind.so.1

Greetings
Jan


Am 21.06.13 07:30, schrieb James Relph:
> Thanks for the speedy reply.  I think I found where you'd already
> mentioned that online anyway, I've got:
> 
> libnss_winbind.so -> /opt/csw/lib/libnss_winbind.so.1
> nss_winbind.so.1 -> /opt/csw/lib/libnss_winbind.so.1
> 
> In /lib.  Winbind itself seems to be working fine, I've got netatalk
> using that happily, it's the cswsamba version that won't seem to use
> winbind (it's either not using it properly, or it's using the wrong
> winbind somehow).  Netatalk, using winbind, is fine.
> 
> Best regards,
> 
> James.
> 
> 
> On 21 Jun 2013, at 06:24, Jan Holzhueter <jh at opencsw.org
> <mailto:jh at opencsw.org>> wrote:
> 
>> Hi,
>> if you use the auth via pam you must symlink the nss_winbind to a
>> special place. I'm not sure which one atm. Check the orginal OI samba
>> package that should put it in the right place.
>> We can't add this to our package as this would brake install on sparse
>> zones.
>> I wanted to write a short notice about it put did not have the time yet.
>> It might be that you even need to copy and not symlink the lib. Not sure
>> here.
>>
>> Greetings
>> Jan
>>
>>
>>
>> Am 21.06.13 07:15, schrieb James Relph:
>>> Hi,
>>>
>>> Apologies for cross posting, but I'm not sure if this is an Oi issue or
>>> a cswsamba issue.  I've installed cswsamba (3.6.15) and cswsamba_winbind
>>> on an OI box (151a7).  I've got it bound to AD fine, and winbind itself
>>> seems to be operating perfectly (I've actually got netatalk happily
>>> authenticating AD users via winbind).  If I run wbinfo -u or getent
>>> passwd, I get the expected information back.
>>>
>>> Oddly though Samba itself isn't authenticating users.  If I try and
>>> login (with a few variations of DOMAIN\username or username at DOMAIN) it
>>> just kicks it back as an unknown user (see below).  The only thing that
>>> I can think of is that the cswsamba is actually still calling the
>>> previously installed (but turned off) winbind that I installed with the
>>> original OI samba install.  With that not running though I wouldn't have
>>> thought that would have happened (but if that could be it - how do I
>>> make sure that cswsamba uses  cswsamba_winbind).  I have symlinked the
>>> csw nss_winbind libraries into /lib, I just don't know if there's
>>> anything else that could cause this.
>>>
>>> Thanks for any help.
>>>
>>> James
>>>
>>> Principal Consultant
>>>
>>>
>>>  Mapping user [DOMAIN]\[james] from workstation [server03]
>>>  attempting to make a user_info for james (james)
>>>  making strings for james's user_info struct
>>>  making blobs for james's user_info struct
>>>  check_ntlm_password:  Checking password for unmapped user
>>> [DOMAIN]\[james]@[server03] with the new password interface
>>>  check_ntlm_password:  mapped user is: [DOMAIN]\[james]@[server03]
>>>  Finding user DOMAIN\james
>>>  Trying _Get_Pwnam(), username as lowercase is DOMAIN\james
>>>  Trying _Get_Pwnam(), username as given is DOMAIN\james
>>>  Checking combinations of 0 uppercase letters in DOMAIN\james
>>>  Get_Pwnam_internals didn't find user [DOMAIN\james]!
>>>  Finding user james
>>>  Trying _Get_Pwnam(), username as lowercase is james
>>>  Checking combinations of 0 uppercase letters in james
>>>  Get_Pwnam_internals didn't find user [james]!
>>>  Failed to find authenticated user DOMAIN\james via getpwnam(), denying
>>> access.
>>>  check_ntlm_password: winbind authentication for user [james] FAILED
>>> with error NT_STATUS_NO_SUCH_USER
>>>  check_ntlm_password:  Authentication for user [james] -> [james]
>>> FAILED with error NT_STATUS_NO_SUCH_USER
>>>  Got user=[james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]
>>> domain=[DOMAIN] workstation=[server03] len1=24 len2=124
>>>  Mapping user [DOMAIN]\[james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]
>>> from workstation [server03]
>>>  attempting to make a user_info for james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP>
>>> <mailto:james at DOMAIN.CORP> (james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>)
>>>  making strings for james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>'s
>>> user_info struct
>>>  making blobs for james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>'s
>>> user_info struct
>>>  check_ntlm_password:  Checking password for unmapped user
>>> [DOMAIN]\[james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]@[server03] with
>>> the new password interface
>>>  check_ntlm_password:  mapped user is: [DOMAIN]\[james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP>
>>> <mailto:james at DOMAIN.CORP>]@[server03]
>>>  check_ntlm_password: winbind authentication for user
>>> [james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>] FAILED with error
>>> NT_STATUS_NO_SUCH_USER
>>>  check_ntlm_password:  Authentication for user [james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP>
>>> <mailto:james at DOMAIN.CORP>] -> [james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP>
>>> <mailto:james at DOMAIN.CORP>] FAILED with error NT_STATUS_NO_SUCH_USER
>>>  Got user=[james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]
>>> domain=[DOMAIN] workstation=[server03] len1=24 len2=124
>>>  Mapping user [DOMAIN]\[james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]
>>> from workstation [server03]
>>>  attempting to make a user_info for james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP>
>>> <mailto:james at DOMAIN.CORP> (james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>)
>>>  making strings for james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>'s
>>> user_info struct
>>>  making blobs for james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>'s
>>> user_info struct
>>>  check_ntlm_password:  Checking password for unmapped user
>>> [DOMAIN]\[james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]@[server03] with
>>> the new password interface
>>>  check_ntlm_password:  mapped user is: [DOMAIN]\[james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP>
>>> <mailto:james at DOMAIN.CORP>]@[server03]
>>>  check_ntlm_password: winbind authentication for user
>>> [james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>] FAILED with error
>>> NT_STATUS_NO_SUCH_USER
>>>  check_ntlm_password:  Authentication for user [james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP>
>>> <mailto:james at DOMAIN.CORP>] -> [james at DOMAIN.CORP
>>> <mailto:james at DOMAIN.CORP>
>>> <mailto:james at DOMAIN.CORP>] FAILED with error NT_STATUS_NO_SUCH_USER
>>>
>>>
>>> _______________________________________________
>>> users mailing list
>>> users at lists.opencsw.org <mailto:users at lists.opencsw.org>
>>> https://lists.opencsw.org/mailman/listinfo/users
>>>
>>
>> _______________________________________________
>> users mailing list
>> users at lists.opencsw.org <mailto:users at lists.opencsw.org>
>> https://lists.opencsw.org/mailman/listinfo/users
>

More information about the users mailing list