samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] Winbind and getent issues

[Samba] Winbind and getent issues

From: Jeremy Farrar <jeremy.farrar_at_nospam>
Date: Tue May 11 2010 - 20:29:08 GMT
To: samba@lists.samba.org

I am currently setting up a cluster of Samba servers using DRBD and CTDB. I
have gotten the DRBD and CTDB configured on my cluster. I have configured
Samba and Winbind to join my active directory domain. Right now I am
struggling to get authentication through Winbind to work. My /var/log/secure
file looks like my system is not even trying to authenticate against AD.

wbinfo -u work great as does wbinfo -g. I am able to successfully
authenticate withe wbinfo -a [Username]%[Password]. getent password and
getent group do not function.

I checked the following links based upon documentation I have read.

ls -la /lib | grep winbind
lrwxrwxrwx 1 root root 24 May 11 14:52 libnss_winbind.so ->
/lib64/libnss_winbind.so
lrwxrwxrwx 1 root root 24 May 11 14:52 libnss_winbind.so.2 ->
/lib64/libnss_winbind.so

Any help would be greatly appreciated. Thanks.

Here is a copy of my nsswitch.conf

passwd: files winbind
shadow: files winbind
group: files winbind

hosts: files dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc: files winbind
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus

Here is a copy of my smb.conf

[global]
   server string = %h
   workgroup = [DOMAIN]
   netbios name = stlnas
   password server = [DOMAIN CONTROLLER]
   realm = [DOMAIN].LOCAL
   security = ads
   idmap backend = tdb
   private dir = /[DOMAIN]/ctdb
   idmap uid = 10000-200000
   idmap gid = 10000-200000
   template shell = /bin/bash
   template homedir = /[DOMAIN]/home/%U
    template homedir = /home/[DOMAIN]/%U
   winbind uid = 10000-200000
   winbind gid = 10000-200000
   winbind trusted domains only = no
   winbind use default domain = true
   winbind offline logon = false
   winbind enum users = yes
   winbind enum groups = yes
   obey pam restrictions = yes
   printcap name = /etc/printcap
   clustering = yes
    max log size = 50
    disable netbios = yes
   passdb backend = tdbsam
#============================ Share Definitions
==============================

[homes]
    comment = Home Directories
    path = /[DOMAIN]/home
    browseable = no
    writable = yes
    acl check permissions = True
    nt acl support = yes
    ea support = yes
    acl map full control = True
    map acl inherit = yes
    inherit acls = yes
    vfs object = mysql_audit
        mysql_audit:host=mysql1.[DOMAIN].local
        mysql_audit:user=smbd
        mysql_audit:pass=password
        mysql_audit:name=smbd
        mysql_audit:port=3306

[[DOMAIN]]
    comment = All Shared Folders
    path = /[DOMAIN]
    copy = homes
    admin users = "[DOMAIN]\[USERNAME]"

Here is my /etc/pam.d/samba:
#%PAM-1.0
auth required pam_nologin.so
auth sufficient pam_winbind.so
auth include system-auth
account include system-auth
account required pam_winbind.so
session include system-auth
password include system-auth
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba