Compiled heimdal 0.7, openldap-2.2.26 and samba-3.0.20pre2 on Suse 9.1 Pro Windows 2003 Server with all patches, no firewall. Joined ADS OK: kinit Administrator@BSS.PHY.PRIVATE.CAM.AC.UK Administrator@BSS.PHY.PRIVATE.CAM.AC.UK's Password: w1:/usr/local/samba/lib# net ads join Using short domain name -- BSS Joined 'W1' to realm 'BSS.PHY.PRIVATE.CAM.AC.UK' machine trust account is on server. My smb.conf: " [global] # separate domain and username with '\', like DOMAIN\username winbind separator = + # use uids from 10000 to 20000 for domain users idmap uid = 10000-20000 # use gids from 10000 to 20000 for domain groups idmap gid = 10000-20000 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell (only needed if they have telnet access) template homedir = /home/%U template shell = /bin/bash winbind cache time = 600 winbind trusted domains only = yes workgroup = BSS # to remove domain from username # winbind use default domain = yes obey pam restrictions = Yes realm = bss.phy.private.cam.ac.uk security = ADS encrypt passwords = yes password server = sd1.bss.phy.private.cam.ac.uk " w1:/usr/local/samba/lib# nmbd w1:/usr/local/samba/lib# winbindd -d 5 all fine: " [2005/07/27 15:30:11, 5] lib/util.c:init_names(260) Netbios name list:- my_netbios_names[0]="W1" [2005/07/27 15:30:11, 2] lib/interface.c:add_interface(81) added interface ip=131.111.75.196 bcast=131.111.75.255 nmask=255.255.255.0 [2005/07/27 15:30:11, 5] lib/gencache.c:gencache_init(59) Opening cache file at /usr/local/samba//var/locks/gencache.tdb [2005/07/27 15:30:11, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2005/07/27 15:30:11, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'ldap' [2005/07/27 15:30:11, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'tdb' [2005/07/27 15:30:11, 2] lib/tallocmsg.c:register_msg_pool_usage(56) Registered MSG_REQ_POOL_USAGE [2005/07/27 15:30:11, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2005/07/27 15:30:11, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain BSS BSS.PHY.PRIVATE.CAM.AC.UK S-1-5-21-571314010-3273254802-3516507047 [2005/07/27 15:30:11, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain BUILTIN S-1-5-32 [2005/07/27 15:30:11, 2] nsswitch/winbindd_util.c:add_trusted_domain(166) Added domain W1 S-1-5-21-1038852147-1775589294-3259616702 [2005/07/27 15:30:12, 5] nsswitch/winbindd_util.c:init_child_recv(407) Received child initialization response for domain BSS " wbinfo all fine: binfo -t -bash: binfo: command not found w1:/usr/local/samba/lib# wbinfo -t checking the trust secret via RPC calls succeeded w1:/usr/local/samba/lib# wbinfo -u Administrator Guest SUPPORT_388945a0 SD1$ krbtgt bob mr w1$ w1:/usr/local/samba/lib# wbinfo -g Domain Computers Domain Controllers Schema Admins Enterprise Admins Domain Admins Domain Users Domain Guests Group Policy Creator Owners DnsUpdateProxy getent group just gives the local UNIX groups. nsswitch.conf: passwd: compat winbind shadow: compat group: compat winbind I've used: cp libnss_winbind.so /lib/ cp pam_winbind.so /lib/security/ from the samba distro with a soft link: ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 ldconfig -v | grep winbindd libnss_winbind.so -> libnss_winbind.so.2 ll /lib/libnss_winbind.so.2 lrwxrwxrwx 1 root root 22 Jul 27 11:05 /lib/libnss_winbind.so.2 -> /lib/libnss_winbind.so w1:/usr/local/samba/lib# ll /lib/libnss_winbind.so -rwxr-xr-x 1 root root 21084 Jul 27 15:20 /lib/libnss_winbind.so in the winbindd log I get this when using getent passwd: "[2005/07/27 15:34:10, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [ 0]: request interface version [2005/07/27 15:34:10, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [ 0]: request location of privileged pipe [2005/07/27 15:34:10, 3] nsswitch/winbindd_user.c:winbindd_setpwent_internal(429) [ 0]: setpwent [2005/07/27 15:34:10, 3] nsswitch/winbindd_user.c:winbindd_getpwent(623) [ 0]: getpwent [2005/07/27 15:34:10, 3] nsswitch/winbindd_user.c:winbindd_endpwent(505) [ 0]: endpwent " and this for getent group: " [2005/07/27 15:34:46, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [ 0]: request interface version [2005/07/27 15:34:46, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [ 0]: request location of privileged pipe [2005/07/27 15:34:46, 3] nsswitch/winbindd_group.c:winbindd_setgrent_internal(382) [ 0]: setgrent [2005/07/27 15:34:46, 3] nsswitch/winbindd_group.c:winbindd_getgrent(578) [ 0]: getgrent [2005/07/27 15:34:46, 4] nsswitch/winbindd_group.c:get_sam_group_entries(521) get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well [2005/07/27 15:34:46, 3] nsswitch/winbindd_group.c:get_sam_group_entries(526) get_sam_group_entries: Failed to enumerate domain local groups! [2005/07/27 15:34:46, 4] nsswitch/winbindd_group.c:get_sam_group_entries(521) get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well [2005/07/27 15:34:46, 3] nsswitch/winbindd_group.c:get_sam_group_entries(526) get_sam_group_entries: Failed to enumerate domain local groups! [2005/07/27 15:34:46, 3] nsswitch/winbindd_group.c:winbindd_endgrent(444) [ 0]: endgrent "
If I try and access the public share using: smbclient -L w1 " [2005/07/27 15:48:08, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [ 0]: request interface version [2005/07/27 15:48:08, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [ 0]: request location of privileged pipe [2005/07/27 15:48:08, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(355) [ 0]: domain_info [BSS] [2005/07/27 15:48:08, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(535) [ 0]: pam auth crap domain: [BSS] user: mr [2005/07/27 15:48:08, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [ 0]: request interface version [2005/07/27 15:48:08, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [ 0]: request location of privileged pipe [2005/07/27 15:48:08, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(355) [ 0]: domain_info [BSS] [2005/07/27 15:48:08, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(535) [ 0]: pam auth crap domain: [BSS] user: mr " and smbclient -L w1 -U mr Password: session setup failed: NT_STATUS_LOGON_FAILURE gives: " [2005/07/27 15:48:57, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [ 0]: request interface version [2005/07/27 15:48:57, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [ 0]: request location of privileged pipe [2005/07/27 15:48:57, 3] nsswitch/winbindd_misc.c:winbindd_domain_info(355) [ 0]: domain_info [BSS] [2005/07/27 15:48:57, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(535) [ 0]: pam auth crap domain: [BSS] user: mr [2005/07/27 15:48:57, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(460) [ 0]: request interface version [2005/07/27 15:48:57, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493) [ 0]: request location of privileged pipe [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam bss+mr [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam BSS+mr [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam BSS+MR [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam mr [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam MR [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam mr [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam MR [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam bss+mr [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam BSS+mr [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam BSS+MR [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam mr [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam MR [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam mr [2005/07/27 15:48:57, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(333) [ 0]: getpwnam MR " The user mr does exist on the Windows2003 Server and wbinfo does find it.
I've just re-compiled samba3.0.20pre2 and the libnss_winbind.so file is the same. I thought I might have screwed this up as wbinfo -u is working, but getent passwd is not. An strace of getent passwd shows it opening libnss_winbind.so fine and dandy using the soft link from libnss_winbind.so.2 Changing severity as I believe one of the main iprovements in 3.0.20 is to be able to grab uid and gid from ADS when SFU is installed (I have installed it on the Windows 2003 DC and was hoping to test it). I do have winbind + pam.d working on other computers with an older version of samba, but in that case joined to a samba domain. I was worried this might be a Suse 9.1 problem with nsswitch, but it does seem to be with libss_winbind.so instead. If any other info is needed I am happy to supply.. even login to test computer.
*** This bug has been marked as a duplicate of 2929 ***