Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

This is Interesting: Free IT Magazines Now Free shipping to   
Web Server Talk Web Server Talk > Internet Protocols > Samba > FW: [Samba] getent & winbindd on FreeBSD 5.4




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    FW: [Samba] getent & winbindd on FreeBSD 5.4  
Doug Sampson


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
09-16-05 10:58 PM

I posted my original post to FreeBSD-questions@freebsd.org and since then
have had a running dialog with another poster. It now seems I am having
trouble with the NSSWITCH function. I am now reporting back to the Samba
list in hopes someone can help me out at this point.

Can anyone help me out here?

~Doug

-----Original Message-----
Sent: Friday, September 16, 2005 12:48 PM
To: 'Dan Nelson'
Cc: 'freebsd-questions@freebsd.org'
Subject: RE: [Samba] getent & winbindd on FreeBSD 5.4


> Yes, that getent command should suffice for printing users and groups,
> including any NSS-provided ones.  You can also use the 'id'
> or 'pw user
> show' commands to print similar info.

aries-root@/usr/local/etc: pw group show DSP-PRODUCTION
pw: unknown group `DSP-PRODUCTION'
aries-root@/usr/local/etc:

> PAM only handles authentication during login; looking up user/group
> names is handled by NSS.  If your nsswitch.conf has "passwd: compat
> winbind" in it, you have a /usr/local/lib/nss_winbind.so.1 file, and
> getent can't find users that windbind should be providing, I'd start
> looking for nss_winbind debugging options.

I don't know if this helps but here we go. I looked at /var/log/debug.log
and I'm seeing lots of entries similar to the ones below:

Sep 16 03:01:21 aries sendmail[6798]: NSSWITCH(nss_method_lookup): winbi
nd,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6798]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): winbi
nd,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): winbi
nd,
hosts, ghbyaddr, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyaddr, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): winbi
nd,
hosts, ghbyaddr, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyaddr, not found
Sep 16 03:01:21 aries sendmail[6838]: NSSWITCH(nss_method_lookup): winbi
nd,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6838]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6843]: NSSWITCH(nss_method_lookup): winbi
nd,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6843]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyname, not found
Sep 16 09:55:07 aries sshd[7716]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyaddr, not found
Sep 16 09:55:07 aries sshd[7716]: NSSWITCH(nss_method_lookup): wins, hos
ts,
ghbyaddr, not found
Sep 16 09:55:09 aries sshd[7719]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyaddr, not found
Sep 16 09:55:09 aries sshd[7719]: NSSWITCH(nss_method_lookup): wins, hos
ts,
ghbyaddr, not found
Sep 16 10:18:19 aries sshd[7771]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyaddr, not found
Sep 16 10:18:19 aries sshd[7771]: NSSWITCH(nss_method_lookup): wins, hos
ts,
ghbyaddr, not found

Does this mean there is a problem with NSSWITCH? Please note that there are
references to sshd and sendmail among other services but none related to
winbindd as far as I can see.

I ran winbindd -d4 per your suggestion to use debugging options and tried
again by issuing getent passwd. Output of log.winbindd as follows:

[2005/09/16 12:26:18, 1] nsswitch/winbindd.c:main(935)
winbindd version 3.0.20 started.
Copyright The Samba Team 2000-2004
[2005/09/16 12:26:18, 3] param/loadparm.c:lp_load(4082)
lp_load: refreshing parameters
[2005/09/16 12:26:18, 3] param/loadparm.c:init_globals(1366)
Initialising global parameters
[2005/09/16 12:26:18, 3] param/params.c:pm_process(574)
params.c:pm_process() - Processing configuration file
"/usr/local/etc/smb.conf"
[2005/09/16 12:26:18, 3] param/loadparm.c:do_section(3542)
Processing section "[global]"
doing parameter workgroup = DSP
doing parameter netbios name = Aries
[2005/09/16 12:26:18, 4] param/loadparm.c:handle_netbios_name(2881)
handle_netbios_name: set global_myname to: ARIES
doing parameter server string = Samba Server
doing parameter security = domain
doing parameter hosts allow = 192.168.1. 192.168.2. 127.
doing parameter encrypt passwords = yes
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 50
doing parameter password server = *
doing parameter passdb backend = tdbsam
doing parameter auth methods = winbind
doing parameter socket options = TCP_NODELAY
doing parameter local master = no
doing parameter os level = 33
doing parameter wins server = 192.168.1.1
doing parameter dns proxy = no
doing parameter idmap uid = 15000-20000
doing parameter idmap gid = 15000-20000
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind separator = -
doing parameter template homedir = /usr/home/%D/%U
doing parameter template shell = /bin/bash
[2005/09/16 12:26:18, 2] param/loadparm.c:do_section(3559)
Processing section "[homes]"
doing parameter comment = Home Directories
doing parameter browseable = no
doing parameter writable = yes
[2005/09/16 12:26:18, 2] param/loadparm.c:do_section(3559)
Processing section "[MacData]"
doing parameter comment = Production Data
doing parameter path = /data
doing parameter valid users = @Production
doing parameter public = no
doing parameter writable = yes
doing parameter printable = no
doing parameter create mask = 0765
[2005/09/16 12:26:18, 4] param/loadparm.c:lp_load(4113)
pm_process() returned Yes
[2005/09/16 12:26:18, 3] param/loadparm.c:lp_add_ipc(2475)
adding IPC service
[2005/09/16 12:26:18, 3] param/loadparm.c:lp_add_ipc(2475)
adding IPC service
[2005/09/16 12:26:18, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.1.9 bcast=192.168.1.255 nmask=255.255.255.0
[2005/09/16 12:26:18, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.1.9 bcast=192.168.1.255 nmask=255.255.255.0
[2005/09/16 12:26:18, 2] lib/tallocmsg.c:register_msg_pool_usage(56)
Registered MSG_REQ_POOL_USAGE
[2005/09/16 12:26:18, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2005/09/16 12:26:18, 2] nsswitch/winbindd_util.c:add_trusted_domain(166
)
Added domain DSP  S-1-5-21-2008768363-1786319642-1659389152
[2005/09/16 12:26:18, 2] nsswitch/winbindd_util.c:add_trusted_domain(166
)
Added domain BUILTIN  S-1-5-32
[2005/09/16 12:26:18, 2] nsswitch/winbindd_util.c:add_trusted_domain(166
)
Added domain ARIES  S-1-5-21-249124048-3777273079-1200472844
[2005/09/16 12:26:25, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
[    0]: request interface version
[2005/09/16 12:26:25, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
[    0]: request location of privileged pipe
[2005/09/16 12:26:25, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(406
)
[    0]: gid to sid 65534
[2005/09/16 12:26:37, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
[    0]: request interface version
[2005/09/16 12:26:37, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
[    0]: request location of privileged pipe
[2005/09/16 12:26:37, 3] nsswitch/winbindd_user.c:winbindd_list_users(73
5)
[    0]: list users
[2005/09/16 12:26:37, 4]
passdb/secrets. c:secrets_fetch_trust_account_password(2
81)
Using cleartext machine password
[2005/09/16 12:26:37, 4] libsmb/namequery.c:get_dc_list(1406)
get_dc_list: returning 2 ip addresses in an unordered list
[2005/09/16 12:26:37, 4] libsmb/namequery.c:get_dc_list(1407)
get_dc_list: 192.168.1.1:0 192.168.1.6:0
[2005/09/16 12:26:37, 3] lib/util.c:fcntl_lock(1826)
fcntl_lock: fcntl lock gave errno 35 (Resource temporarily unavailable)
[2005/09/16 12:26:37, 3] lib/util.c:fcntl_lock(1845)
fcntl_lock: lock failed at offset 0 count 1 op 8 type 1 (Resource
temporarily unavailable)
[2005/09/16 12:26:37, 4] libsmb/clidgram.c:cli_send_mailslot(100)
send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from ARIES<00> to
DSP<1c> IP 192.168.1.6
[2005/09/16 12:26:37, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(102)
cm_get_ipc_userpass: Retrieved auth-user from secrets.tdb [DSP\dspadmin]
[2005/09/16 12:26:37, 4] lib/time.c:get_serverzone(125)
Serverzone is 25200
[2005/09/16 12:26:37, 3] nsswitch/winbindd_rpc.c:query_user_list(46)
rpc: query_user_list
[2005/09/16 12:26:42, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
[    0]: request interface version
[2005/09/16 12:26:42, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
[    0]: request location of privileged pipe
[2005/09/16 12:26:42, 3] nsswitch/winbindd_group.c:winbindd_list_groups(
811)
[    0]: list groups
[2005/09/16 12:26:42, 4]
nsswitch/winbindd_group.c:get_sam_group_entries(521)
get_sam_group_entries: Native Mode 2k domain; enumerating local groups as
well
[2005/09/16 12:26:42, 3]
nsswitch/winbindd_group.c:get_sam_group_entries(526)
get_sam_group_entries: Failed to enumerate domain local groups!
[2005/09/16 12:26:42, 4]
nsswitch/winbindd_group.c:get_sam_group_entries(521)
get_sam_group_entries: Native Mode 2k domain; enumerating local groups as
well
[2005/09/16 12:26:42, 3]
nsswitch/winbindd_group.c:get_sam_group_entries(526)
get_sam_group_entries: Failed to enumerate domain local groups!
[2005/09/16 12:26:42, 3] nsswitch/winbindd_rpc.c:enum_dom_groups(141)
rpc: enum_dom_groups

After issuing 'pw group show DSP-PRODUCTION', the following pops up in the
debug log:

[2005/09/16 12:32:47, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
[    0]: request interface version
[2005/09/16 12:32:47, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
[    0]: request location of privileged pipe
[2005/09/16 12:32:47, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(
535)
[    0]: pam auth crap domain: [] user:

First question: why does NSSWITCH think I have a W2K domain instead of a NT4
domain?

Second question: DSP is the actual domain name. Aries is the NetBIOS name of
the server. I don't understand why winbindd tries to enumerate ARIES as a
domain name. Aren't the BUILT-IN accounts sufficient for the local samba
machine?

Content of /etc/nsswitch.conf as follows:

passwd: compat winbind
group: compat winbind
hosts: files winbind wins dns
networks: files
shells: files
<*blank line*>

The original nsswitch.conf file was as follows prior to editing:

group: compat
group_compat: files nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: files nis
shells: files
<*blank line*>

Note I have not installed NIS server nor NIS client.

Comments?

~Doug

 ________________________________________
_______
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/li...eebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 07:42 PM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 

Back To The Top
Home | Usercp | Faq | Register