[csw-users] Odd Samba/winbind issue

James Relph james at themacplace.co.uk
Fri Jun 21 10:43:19 CEST 2013 

Hi Jan,

Yes, that's the one I had found, and I already have that link there.  I don't think winbind worked at all until that was in place.  It's samba  that doesn't seem to be working with winbind properly.

James

On 21 Jun 2013, at 09:00, Jan Holzhueter <jh at opencsw.org> wrote:

> Hi,
> ok I looked up the old bug about that:
> https://www.opencsw.org/mantis/view.php?id=5020
> 
> acroding to this you need this:
> ln -s /opt/csw/lib/libnss_winbind.so.1 /lib/nss_winbind.so.1
> 
> Greetings
> Jan
> 
> 
> Am 21.06.13 07:30, schrieb James Relph:
>> Thanks for the speedy reply.  I think I found where you'd already
>> mentioned that online anyway, I've got:
>> 
>> libnss_winbind.so -> /opt/csw/lib/libnss_winbind.so.1
>> nss_winbind.so.1 -> /opt/csw/lib/libnss_winbind.so.1
>> 
>> In /lib.  Winbind itself seems to be working fine, I've got netatalk
>> using that happily, it's the cswsamba version that won't seem to use
>> winbind (it's either not using it properly, or it's using the wrong
>> winbind somehow).  Netatalk, using winbind, is fine.
>> 
>> Best regards,
>> 
>> James.
>> 
>> 
>> On 21 Jun 2013, at 06:24, Jan Holzhueter <jh at opencsw.org
>> <mailto:jh at opencsw.org>> wrote:
>> 
>>> Hi,
>>> if you use the auth via pam you must symlink the nss_winbind to a
>>> special place. I'm not sure which one atm. Check the orginal OI samba
>>> package that should put it in the right place.
>>> We can't add this to our package as this would brake install on sparse
>>> zones.
>>> I wanted to write a short notice about it put did not have the time yet.
>>> It might be that you even need to copy and not symlink the lib. Not sure
>>> here.
>>> 
>>> Greetings
>>> Jan
>>> 
>>> 
>>> 
>>> Am 21.06.13 07:15, schrieb James Relph:
>>>> Hi,
>>>> 
>>>> Apologies for cross posting, but I'm not sure if this is an Oi issue or
>>>> a cswsamba issue.  I've installed cswsamba (3.6.15) and cswsamba_winbind
>>>> on an OI box (151a7).  I've got it bound to AD fine, and winbind itself
>>>> seems to be operating perfectly (I've actually got netatalk happily
>>>> authenticating AD users via winbind).  If I run wbinfo -u or getent
>>>> passwd, I get the expected information back.
>>>> 
>>>> Oddly though Samba itself isn't authenticating users.  If I try and
>>>> login (with a few variations of DOMAIN\username or username at DOMAIN) it
>>>> just kicks it back as an unknown user (see below).  The only thing that
>>>> I can think of is that the cswsamba is actually still calling the
>>>> previously installed (but turned off) winbind that I installed with the
>>>> original OI samba install.  With that not running though I wouldn't have
>>>> thought that would have happened (but if that could be it - how do I
>>>> make sure that cswsamba uses  cswsamba_winbind).  I have symlinked the
>>>> csw nss_winbind libraries into /lib, I just don't know if there's
>>>> anything else that could cause this.
>>>> 
>>>> Thanks for any help.
>>>> 
>>>> James
>>>> 
>>>> Principal Consultant
>>>> 
>>>> 
>>>> Mapping user [DOMAIN]\[james] from workstation [server03]
>>>> attempting to make a user_info for james (james)
>>>> making strings for james's user_info struct
>>>> making blobs for james's user_info struct
>>>> check_ntlm_password:  Checking password for unmapped user
>>>> [DOMAIN]\[james]@[server03] with the new password interface
>>>> check_ntlm_password:  mapped user is: [DOMAIN]\[james]@[server03]
>>>> Finding user DOMAIN\james
>>>> Trying _Get_Pwnam(), username as lowercase is DOMAIN\james
>>>> Trying _Get_Pwnam(), username as given is DOMAIN\james
>>>> Checking combinations of 0 uppercase letters in DOMAIN\james
>>>> Get_Pwnam_internals didn't find user [DOMAIN\james]!
>>>> Finding user james
>>>> Trying _Get_Pwnam(), username as lowercase is james
>>>> Checking combinations of 0 uppercase letters in james
>>>> Get_Pwnam_internals didn't find user [james]!
>>>> Failed to find authenticated user DOMAIN\james via getpwnam(), denying
>>>> access.
>>>> check_ntlm_password: winbind authentication for user [james] FAILED
>>>> with error NT_STATUS_NO_SUCH_USER
>>>> check_ntlm_password:  Authentication for user [james] -> [james]
>>>> FAILED with error NT_STATUS_NO_SUCH_USER
>>>> Got user=[james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]
>>>> domain=[DOMAIN] workstation=[server03] len1=24 len2=124
>>>> Mapping user [DOMAIN]\[james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]
>>>> from workstation [server03]
>>>> attempting to make a user_info for james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP>
>>>> <mailto:james at DOMAIN.CORP> (james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>)
>>>> making strings for james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>'s
>>>> user_info struct
>>>> making blobs for james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>'s
>>>> user_info struct
>>>> check_ntlm_password:  Checking password for unmapped user
>>>> [DOMAIN]\[james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]@[server03] with
>>>> the new password interface
>>>> check_ntlm_password:  mapped user is: [DOMAIN]\[james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP>
>>>> <mailto:james at DOMAIN.CORP>]@[server03]
>>>> check_ntlm_password: winbind authentication for user
>>>> [james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>] FAILED with error
>>>> NT_STATUS_NO_SUCH_USER
>>>> check_ntlm_password:  Authentication for user [james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP>
>>>> <mailto:james at DOMAIN.CORP>] -> [james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP>
>>>> <mailto:james at DOMAIN.CORP>] FAILED with error NT_STATUS_NO_SUCH_USER
>>>> Got user=[james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]
>>>> domain=[DOMAIN] workstation=[server03] len1=24 len2=124
>>>> Mapping user [DOMAIN]\[james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]
>>>> from workstation [server03]
>>>> attempting to make a user_info for james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP>
>>>> <mailto:james at DOMAIN.CORP> (james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>)
>>>> making strings for james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>'s
>>>> user_info struct
>>>> making blobs for james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>'s
>>>> user_info struct
>>>> check_ntlm_password:  Checking password for unmapped user
>>>> [DOMAIN]\[james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>]@[server03] with
>>>> the new password interface
>>>> check_ntlm_password:  mapped user is: [DOMAIN]\[james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP>
>>>> <mailto:james at DOMAIN.CORP>]@[server03]
>>>> check_ntlm_password: winbind authentication for user
>>>> [james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP> <mailto:james at DOMAIN.CORP>] FAILED with error
>>>> NT_STATUS_NO_SUCH_USER
>>>> check_ntlm_password:  Authentication for user [james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP>
>>>> <mailto:james at DOMAIN.CORP>] -> [james at DOMAIN.CORP
>>>> <mailto:james at DOMAIN.CORP>
>>>> <mailto:james at DOMAIN.CORP>] FAILED with error NT_STATUS_NO_SUCH_USER
>>>> 
>>>> 
>>>> _______________________________________________
>>>> users mailing list
>>>> users at lists.opencsw.org <mailto:users at lists.opencsw.org>
>>>> https://lists.opencsw.org/mailman/listinfo/users
>>>> 
>>> 
>>> _______________________________________________
>>> users mailing list
>>> users at lists.opencsw.org <mailto:users at lists.opencsw.org>
>>> https://lists.opencsw.org/mailman/listinfo/users
>> 
> 
> _______________________________________________
> users mailing list
> users at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/users/attachments/20130621/bdeb7230/attachment.html>

More information about the users mailing list