FreeBSD 7.2 domain member problem
in [Samba]
|
From: Michael Wood on 5 Nov 2009 06:41 2009/11/4 Ivo Karabojkov <ivo(a)kit-bg.com>: > I am trying to set a FreeBSD 7.2, Samba 3.3.8 as an AD domain member server. > I am not using LDAP, but idmap_rid. I have properly configured > nsswitch.conf. > > Joining to domain and wbinfo -u work OK, but when I try > pw show user -a > I get only user accounts of FreeBSD. So, I cannot set owners, ACLs... > > My main source is Samba guide chapter 7: > http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html#id2597100 > All tests from Procedure 7.4 of the guide, except getent (eq. to pw show > user -a) work OK. > > It seems that FreeBSD does not use nsswitch. What should I do or what I am > missing? [...] I have no idea what the problem is, but FreeBSD does seem to use nsswitch: http://www.freebsd.org/cgi/man.cgi?query=nsswitch.conf&apropos=0&sektion=0&manpath=FreeBSD+7.2-RELEASE&format=html -- Michael Wood <esiotrot(a)gmail.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Daniel O'Connor on 5 Nov 2009 06:41 On Thu, 5 Nov 2009, Michael Wood wrote: > 2009/11/4 Ivo Karabojkov <ivo(a)kit-bg.com>: > > I am trying to set a FreeBSD 7.2, Samba 3.3.8 as an AD domain > > member server. I am not using LDAP, but idmap_rid. I have properly > > configured nsswitch.conf. > > > > Joining to domain and wbinfo -u work OK, but when I try > > pw show user -a > > I get only user accounts of FreeBSD. So, I cannot set owners, > > ACLs... > > > > My main source is Samba guide chapter 7: > > http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html#id > >2597100 All tests from Procedure 7.4 of the guide, except getent > > (eq. to pw show user -a) work OK. > > > > It seems that FreeBSD does not use nsswitch. What should I do or > > what I am missing? > > [...] > > I have no idea what the problem is, but FreeBSD does seem to use > nsswitch: > http://www.freebsd.org/cgi/man.cgi?query=nsswitch.conf&apropos=0&sekt >ion=0&manpath=FreeBSD+7.2-RELEASE&format=html It does indeed use nsswitch. I suggest testing with getent rather than pw. I believe pw only handles local users/groups (this is a bug ;) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
From: Ivo Karabojkov on 6 Nov 2009 01:30 Yes, FreeBSD supports nsswitch and I tried getent passwd - the result is the same. Maybe I should show my config files in my previous post, sorry: smb.conf: (very similar to Chapter 7, example 7.7 and 7.8 of the Samba Guide) [global] # unix charset = LOCALE workgroup = DOMAIN realm = domain.local # server string = sambaserver.domain.local security = ADS username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 #printcap name = CUPS #idmap backend = idmap_rid:DOMAIN=10000-100000000 idmap backend = rid # ldap ssl = no idmap uid = 10000-100000000 idmap gid = 10000-100000000 allow trusted domains = No winbind enum users = yes winbind enum groups = yes # winbind refresh tickets = Yes winbind nested groups = No hosts allow = 192.168.1. 10.1.55. 127.0.0.1 interfaces = localhost, nfe0, tun* bind interfaces only = Yes case sensitive = No [pub] comment = Public path = /var/samba/pub guest ok = No browseable = Yes nt acl support = Yes /etc/nsswitch.conf: group: files winbind group_compat: nis hosts: files dns networks: files passwd: files winbind passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files /etc/pam.d/login: (I don't think I need this, I don't need AD users to access anything but some samba shares with ACL, but I keep trying) # auth auth sufficient pam_self.so no_warn auth include system auth sufficient /usr/local/lib/pam_winbind.so # account account requisite pam_securetty.so account required pam_nologin.so account include system account sufficient /usr/local/lib/pam_winbind.so # session session include system # password password include system So I'm stil trying, but AD users do not appear in password or group databases of FreeBSD. Should I try LDAP? -- View this message in context: http://old.nabble.com/FreeBSD-7.2-domain-member-problem-tp26204285p26222348.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Daniel O'Connor on 6 Nov 2009 02:50 On Thu, 5 Nov 2009, Ivo Karabojkov wrote: > group: files winbind > group_compat: nis > hosts: files dns > networks: files > passwd: files winbind > passwd_compat: nis > shells: files > services: compat > services_compat: nis > protocols: files Can you try commenting out group_compat and passwd_compat? The other thing to try would be running ktrace on getent and see what it's doing. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
From: Ivo Karabojkov on 6 Nov 2009 17:20
I noticed some error messages in log files too: winbindd-idmap.log: winbindd/idmap.c:idmap_init_passdb_domain(438) Could not init passdb idmap domain [2009/11/06 13:21:23, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) idmap_alloc module ldap already registered! [2009/11/06 13:21:23, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) idmap_alloc module tdb already registered! [2009/11/06 13:21:23, 0] winbindd/idmap.c:smb_register_idmap(149) Idmap module passdb already registered! winbindd.log winbindd/idmap.c:smb_register_idmap(149) Idmap module nss already registered! [2009/11/06 13:21:33, 1] winbindd/winbindd_group.c:winbindd_getgrent(1366) could not look up gid for group HelpServicesGroup > This message repeats for all AD global groups and also AD users. I also attach my ktrace output. ktrace getent passwd http://old.nabble.com/file/p26230478/ktrace.out ktrace.out http://old.nabble.com/file/p26230478/ktrace.out ktrace.out -- View this message in context: http://old.nabble.com/FreeBSD-7.2-domain-member-problem-tp26204285p26230478.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |