samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] smb.conf works for 3.4.0; doesn't work

Re: [Samba] smb.conf works for 3.4.0; doesn't work for 3.4.7

From: Christian PERRIER <bubulle_at_nospam>
Date: Sat May 08 2010 - 08:00:52 GMT
To: samba@lists.samba.org

Quoting Mike Leone (turgon@mike-leone.com):

> directories. Even tho Ubuntu 10.04 seems to have the /etc/pam.d files
> already configured for samba, I copied over the common-account,
> common-auth, common-password, common-session files from the 9.10 server
> to the 10.04 server. Did the same with the nsswitch.conf file.

This is very very probably the source of all your problems.

Even though I don't know the details of changes introduced in Ubuntu
itself (not using Ubuntu myself), the 2:3.4.0-4 version of samba
packages has seen changes in the way PAM modules, and particularly
pam_winbind, are handled in samba packages postinst.

If the version in Ubuntu 9.10 is lower than this, the chances that
your manual changes broke the planned upgrade path are high.

All this is meant to cope with the pam-auth-update utility introduced in
pam 1.0.1-6.

So, these 3 files have the explicit mention:
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.

> If I use sudo, then wbinfo -a DOMAIN+user works. (I used "+" as a delimiter)
>
> Getent passwd fails.
> Getent group fails.
>
> I am seeing this, in log.winbind on the 10.04 server:
>
> [2010/05/07 23:16:59, 1] winbindd/winbindd_user.c:97(winbindd_fill_pwent)
> error getting user id for sid S-1-5-21-2780757143-49591276-3462498634-500
> [2010/05/07 23:16:59, 1] winbindd/winbindd_user.c:856(winbindd_getpwent)
> could not lookup domain user Administrator
> [2010/05/07 23:16:59, 1] winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids)
> Could not get unix ID
>
> and repeating, for all domain users.
>
> I'm pretty much ready to just give up, and use the Windows installed on
> this laptop. That one has no problem accessing shares from the Samba
> server, or the Windows stations on the LAN.

Messing up with files owned by packages without letting the package
maintainer scripts handling this properly for you is quite probably
one of the reasons of your problems.

I'm suggest putting the common-* files you had after upgrading and
before replacing them with those of 9.10 (you kept them somewhere,
right?) in place and reconfigure packages with "dpkg-reconfigure
winbind".

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba