From owner-freebsd-questions@FreeBSD.ORG Fri Sep 16 15:23:18 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC7AF16A41F for ; Fri, 16 Sep 2005 15:23:17 +0000 (GMT) (envelope-from dougs@dawnsign.com) Received: from mercury.dawnsign.com (216-70-236-236.cust.telepacific.net [216.70.236.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id A42A543D67 for ; Fri, 16 Sep 2005 15:23:12 +0000 (GMT) (envelope-from dougs@dawnsign.com) Received: by mercury.dawnsign.com with Internet Mail Service (5.5.2657.72) id ; Fri, 16 Sep 2005 08:23:12 -0700 Message-ID: From: Doug Sampson To: "'freebsd-questions@freebsd.org'" Date: Fri, 16 Sep 2005 08:23:11 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Subject: FW: [Samba] getent & winbindd on FreeBSD 5.4 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Sep 2005 15:23:18 -0000 I posted this to the Samba list yesterday and since this is related to FreeBSD I thought I'd post to this list. Can anyone shed some light on the 'getent' command in FreeBSD 5.4? It isn't working and I'd like to know if it's because it's based on Linux instead of FreeBSD thus rendering it's usefulness to nil. ~Doug -----Original Message----- Sent: Thursday, September 15, 2005 04:44 PM To: samba@lists.samba.org Subject: [Samba] getent & winbindd on FreeBSD 5.4 I'm trying to get a FreeBSD 5.4 server to join a NT4 domain as a member domain server using winbindd. I've compiled Samba with WinBIND support, ACL Support, Syslog support, UTMP support, SMB PAM module, and with installed POPT library. I've reviewed Chapter 20 of TOSHARG and implemented a good portion of it into our smb.conf file but am having trouble making the 'getent' command work. Running Samba 3.0.20.1. The 'getent' command is found in /usr/compat/linux/usr/bin/. I can join the domain fine and execute 'wbinfo -u' with the expected domain user listing as well as with the 'wbinfo -g' command. However when I attempt to execute 'getent passwd' it shows only the local user accounts. Executing 'getent group' also produces only the local groups. It seems the getent command that comes with the linux_base port on FreeBSD 5.4 may or may not be working. I am unable to verify it though. Doing a 'tdbdump winbind_cache.tdb' reveals that the users are being enumerated but without a corresponding *nix user id. I don't know if the tdbsam is supposed to reveal such information. TOSHARG states that for getent to work, the nsswitch.conf must be properly configured. Mine is as follows: # /etc/nsswitch.conf passwd: compat winbind group: compat winbind hosts: files winbind wins dns networks: files shells: files NSSwitch depends on PAM modules for authentications so here's my login file: # # $FreeBSD: src/etc/pam.d/login,v 1.16 2003/06/14 12:35:05 des Exp $ # # PAM configuration for the "login" service # # auth auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass auth required pam_stack.so service=system-auth auth required pam_nologin.so no_warn auth sufficient pam_self.so no_warn auth include system # account account sufficient pam_winbind.so account required pam_stack.so service=system-auth account include system # session session required pam_stack.so service=system-auth session include system # password password required pam_stack.so service=system-auth password include system # smb.conf [global] workgroup = DSP server string = Samba Server security = DOMAIN passdb backend = tdbsam log file = /var/log/samba/log.%m max log size = 50 os level = 33 local master = No dns proxy = No wins server = 192.168.1.1 idmap uid = 15000-20000 idmap gid = 15000-20000 template homedir = /usr/home/%D/%U template shell = /bin/bash winbind separator = + hosts allow = 192.168.1., 192.168.2., 127. [homes] comment = Home Directories read only = No browseable = No [MacData] comment = Production Data path = /data valid users = @DSP+PRODUCTION read only = No create mask = 0765 The odd thing is- there's no /etc/pam.d/samba file even though I specified that the PAM samba module be installed. Is my PAM whacked? Also, I am unsure if I need to map users to NT account using a text file similar to /etc/smb/smbusers or some file similar to that? When I execute 'pw groupshow DSP+PRODUCTION', the log.smbd shows this: [2005/09/15 16:17:24, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(195) Unable to open/create TDB passwd [2005/09/15 16:17:24, 0] passdb/pdb_tdb.c:tdbsam_getsampwrid(488) pdb_getsampwrid: Unable to open TDB rid database! log.wb-DSP shows this: [2005/09/15 16:17:24, 0] rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700) rpc_pipe_bind failed I'm a newb so would appreciate any advice! ~Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba