From owner-freebsd-current@FreeBSD.ORG Thu Jan 29 05:57:43 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2AC716A4CF for ; Thu, 29 Jan 2004 05:57:42 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC53843D5D for ; Thu, 29 Jan 2004 05:57:32 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 85685548A2; Thu, 29 Jan 2004 07:57:32 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 223BF6D455; Thu, 29 Jan 2004 07:57:32 -0600 (CST) Date: Thu, 29 Jan 2004 07:57:32 -0600 From: "Jacques A. Vidrine" To: Will Saxon Message-ID: <20040129135732.GB89992@madman.celabo.org> References: <0E972CEE334BFE4291CD07E056C76ED8DB373A@bragi.housing.ufl.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <0E972CEE334BFE4291CD07E056C76ED8DB373A@bragi.housing.ufl.edu> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: Tim Aslat cc: current@freebsd.org Subject: Re: nss_winbind support X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2004 13:57:43 -0000 On Wed, Jan 28, 2004 at 04:33:06PM -0500, Will Saxon wrote: > > > I may have just missed it but there doesn't seem to be a lot of > > > information available on how to set Samba 3 up under FreeBSD 5.x to > > > use nss_winbind and pam_winbind. What information I have > > found doesn't > > > seem to work, maybe because it focuses on joining the domain as an > > > NT-style domain member vs. Active Directory-style membership. > > > > Sorry I can't help with this one, still working it out myself. > > > > I have had it working previously with rpc but not ads. > > Just a followup, in case anyone else cares.. This problem has been worked > on and may be fixed in the samba CVS tree as of the 7th of this month. It > should be in the latest release candidate that has been posted recently. > > You have to copy the libnss_winbind.so module from samba/source/nsswitch/ > into /usr/lib and make symlinks to libnss_winbind.so.1 and perhaps > nss_winbind.so.1 and nss_winbind.so.2 (or so I read). I am now able to > assign microsoft domain user/group permissions on files and directories > and presumably I will be able to replace our fileserver with a samba3 > machine which participates in the Active Diretory and uses kerberos > authentication, etc. > > Very happy about this.... I haven't been following this thread, but the above information does not seem correct. If the Samba port is built WITH_WINBIND_NSS, then the NSS module will be correctly installed as `/usr/local/lib/nss_windbind.so.1'. What problem exactly are you having? -- Jacques Vidrine NTT/Verio SME FreeBSD UNIX Heimdal nectar@celabo.org jvidrine@verio.net nectar@freebsd.org nectar@kth.se