[Samba] Strange behaviour of winbind on solaris 8 - Samba

This is a discussion on [Samba] Strange behaviour of winbind on solaris 8 - Samba ; Dear All, I came across a really strange behaviour when using winbind on solaris 8. Normally "nscd" should be turned off because it's causing problems in the username resolution etc. When I turn it off I can login e.g. using ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 21

Thread: [Samba] Strange behaviour of winbind on solaris 8

  1. [Samba] Strange behaviour of winbind on solaris 8

    Dear All,

    I came across a really strange behaviour when using winbind on solaris 8.
    Normally "nscd" should be turned off because it's causing problems in the
    username resolution etc. When I turn it off I can login e.g. using ssh as an
    AD users but when i start a command like "ls" it gets put in the background
    immediately? When "nscd" is turn on and login again I can issue commands
    with no problems, but doing an ls -alrt on a directory gets stuck if a file
    is owned by user that is not a AD user.

    my /etc/nsswitch.conf


    #
    # /etc/nsswitch.dns:
    #
    # An example file that could be copied over to /etc/nsswitch.conf; it uses
    # DNS for hosts lookups, otherwise it does not use any other naming service.
    #
    # "hosts:" and "services:" in this file are used only if the
    # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.

    passwd: files [NOTFOUND=CONTINUE] winbind [NOTFOUND=return]
    group: files [NOTFOUND=CONTINUE] winbind [NOTFOUND=return]

    # You must also set up the /etc/resolv.conf file for DNS name
    # server lookup. See resolv.conf(4).
    hosts: files dns
    ipnodes: files
    # Uncomment the following line and comment out the above to resolve
    # both IPv4 and IPv6 addresses from the ipnodes databases. Note that
    # IPv4 addresses are searched in all of the ipnodes databases before
    # searching the hosts databases. Before turning this option on, consult
    # the Network Administration Guide for more details on using IPv6.
    #ipnodes: files dns

    networks: files
    protocols: files
    rpc: files
    ethers: files
    netmasks: files
    bootparams: files
    publickey: files
    # At present there isn't a 'files' backend for netgroup; the system will
    # figure it out pretty quickly, and won't use netgroups at all.
    netgroup: files
    automount: files
    aliases: files
    services: files
    sendmailvars: files
    printers: user files

    auth_attr: files
    prof_attr: files
    project: files
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Strange behaviour of winbind on solaris 8

    Oliver Weinmann wrote:
    > Dear All,
    >
    > I came across a really strange behaviour when using winbind on solaris 8.
    > Normally "nscd" should be turned off because it's causing problems in the
    > username resolution etc. When I turn it off I can login e.g. using ssh as an
    > AD users but when i start a command like "ls" it gets put in the background
    > immediately? When "nscd" is turn on and login again I can issue commands
    > with no problems, but doing an ls -alrt on a directory gets stuck if a file
    > is owned by user that is not a AD user.
    >
    > my /etc/nsswitch.conf
    >
    >
    > #
    > # /etc/nsswitch.dns:
    > #
    > # An example file that could be copied over to /etc/nsswitch.conf; it uses
    > # DNS for hosts lookups, otherwise it does not use any other naming service.
    > #
    > # "hosts:" and "services:" in this file are used only if the
    > # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
    >
    > passwd: files [NOTFOUND=CONTINUE] winbind [NOTFOUND=return]
    > group: files [NOTFOUND=CONTINUE] winbind [NOTFOUND=return]
    >
    > # You must also set up the /etc/resolv.conf file for DNS name
    > # server lookup. See resolv.conf(4).
    > hosts: files dns
    > ipnodes: files
    > # Uncomment the following line and comment out the above to resolve
    > # both IPv4 and IPv6 addresses from the ipnodes databases. Note that
    > # IPv4 addresses are searched in all of the ipnodes databases before
    > # searching the hosts databases. Before turning this option on, consult
    > # the Network Administration Guide for more details on using IPv6.
    > #ipnodes: files dns
    >
    > networks: files
    > protocols: files
    > rpc: files
    > ethers: files
    > netmasks: files
    > bootparams: files
    > publickey: files
    > # At present there isn't a 'files' backend for netgroup; the system will
    > # figure it out pretty quickly, and won't use netgroups at all.
    > netgroup: files
    > automount: files
    > aliases: files
    > services: files
    > sendmailvars: files
    > printers: user files
    >
    > auth_attr: files
    > prof_attr: files
    > project: files
    >

    Can you get the ls to work with numeric uids? And, I noticed that you
    don't have any entries for shadow... you're not using shadow passwords,
    right?
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] Strange behaviour of winbind on solaris 8

    forgot to mention that the nss_winbind links are there:

    bash-2.03# ls -alrt /usr/lib/nss_w*
    lrwxrwxrwx 1 root other 28 Apr 23 14:30
    /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
    lrwxrwxrwx 1 root other 28 Apr 23 14:30
    /usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
    lrwxrwxrwx 1 root other 28 Apr 23 14:30
    /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1

    Changed the crle to only /usr/lib:/opt/csw/lib and disabled nscd at boot.

    After reboot i can no longer resolve usernames, wbinfo -t/-g/-u work fine.


    getent passwd and getent group are not showing AD users.

    when logging in as an AD users i can see the following in the
    /var/adm/messages logfile:

    Apr 28 13:20:09 rose8 sshd[516]: [ID 129890 auth.error] pam_winbind(sshd):
    request failed: No such user, PAM error was No account present for user
    (13), NT error was NT_STATUS_NO_SUCH_USER
    Apr 28 13:20:18 rose8 sshd[524]: [ID 800047 auth.error] error: PAM: No
    account present for user for illegal user oweinmann from
    vb8860.vegagroup.net



    On 4/28/08, Oliver Weinmann wrote:
    >
    > I got:
    >
    >
    > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so*
    > -rwxr-xr-x 1 root bin 74744 Apr 21 14:45
    > /usr/lib/libnss_winbind.so.1
    > lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > /usr/lib/libnss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
    > lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > /usr/lib/libnss_winbind.so -> /usr/lib/libnss_winbind.so.1
    >
    > so that's fine.
    >
    > i didn't have crle setup correctly since i have build against libraries
    > from blastwave and they reside under /opt/csw/lib
    >
    > so i did:
    >
    >
    > bash-2.03# crle -u -l /usr/lib:/usr/local/lib:/opt/csw/lib
    > bash-2.03# crle
    >
    > Configuration file [version 4]: /var/ld/ld.config
    > Default Library Path (ELF): /usr/lib:/usr/local/lib:/opt/csw/lib
    > Trusted Directories (ELF): /usr/lib/secure (system default)
    >
    > Command line:
    > crle -c /var/ld/ld.config -l /usr/lib:/usr/local/lib:/opt/csw/lib
    >
    > and I did change my nsswitch.conf to reflect the shadow entry. Still not
    > working without nscd. I had no problems under Linux at all but under
    > Solaris I'm lost.
    >
    >
    >
    > On 4/28/08, Scott Lovenberg wrote:
    > >
    > > Oliver Weinmann wrote:
    > >
    > >
    > >
    > > On 4/28/08, Scott Lovenberg wrote:
    > > >
    > > > Oliver Weinmann wrote:
    > > >
    > > > > Dear All,
    > > > >
    > > > > I came across a really strange behaviour when using winbind on
    > > > > solaris 8.
    > > > > Normally "nscd" should be turned off because it's causing problems
    > > > > in the
    > > > > username resolution etc. When I turn it off I can login e.g. using
    > > > > ssh as an
    > > > > AD users but when i start a command like "ls" it gets put in the
    > > > > background
    > > > > immediately? When "nscd" is turn on and login again I can issue
    > > > > commands
    > > > > with no problems, but doing an ls -alrt on a directory gets stuck if
    > > > > a file
    > > > > is owned by user that is not a AD user.
    > > > >
    > > > > my /etc/nsswitch.conf
    > > > >
    > > > >
    > > > > #
    > > > > # /etc/nsswitch.dns:
    > > > > #
    > > > > # An example file that could be copied over to /etc/nsswitch.conf;
    > > > > it uses
    > > > > # DNS for hosts lookups, otherwise it does not use any other naming
    > > > > service.
    > > > > #
    > > > > # "hosts:" and "services:" in this file are used only if the
    > > > > # /etc/netconfig file has a "-" for nametoaddr_libs of "inet"
    > > > > transports.
    > > > >
    > > > > passwd: files [NOTFOUND=CONTINUE] winbind [NOTFOUND=return]
    > > > > group: files [NOTFOUND=CONTINUE] winbind [NOTFOUND=return]
    > > > >
    > > > > # You must also set up the /etc/resolv.conf file for DNS name
    > > > > # server lookup. See resolv.conf(4).
    > > > > hosts: files dns
    > > > > ipnodes: files
    > > > > # Uncomment the following line and comment out the above to resolve
    > > > > # both IPv4 and IPv6 addresses from the ipnodes databases. Note that
    > > > > # IPv4 addresses are searched in all of the ipnodes databases before
    > > > > # searching the hosts databases. Before turning this option on,
    > > > > consult
    > > > > # the Network Administration Guide for more details on using IPv6.
    > > > > #ipnodes: files dns
    > > > >
    > > > > networks: files
    > > > > protocols: files
    > > > > rpc: files
    > > > > ethers: files
    > > > > netmasks: files
    > > > > bootparams: files
    > > > > publickey: files
    > > > > # At present there isn't a 'files' backend for netgroup; the system
    > > > > will
    > > > > # figure it out pretty quickly, and won't use netgroups at all.
    > > > > netgroup: files
    > > > > automount: files
    > > > > aliases: files
    > > > > services: files
    > > > > sendmailvars: files
    > > > > printers: user files
    > > > >
    > > > > auth_attr: files
    > > > > prof_attr: files
    > > > > project: files
    > > > >
    > > > >
    > > > Can you get the ls to work with numeric uids? And, I noticed that you
    > > > don't have any entries for shadow... you're not using shadow passwords,
    > > > right?

    > >
    > >
    > > I have no entry in nsswitch.conf for shadow. I'm mainly using AD users
    > > so I didn't add an entry for shadow pw's. I turned off nscd now and logged
    > > in as an AD user. The problem is not only when running ls. It happens on
    > > many commands:
    > >
    > > e.g.
    > >
    > >
    > > bash-2.03$ ls -alrt
    > >
    > > [1]+ Stopped ls -alrt
    > > bash-2.03$ pwd
    > > /home/oweinmann
    > > bash-2.03$ grep home /etc/passwd
    > >
    > > [2]+ Stopped grep home /etc/passwd
    > > bash-2.03$
    > >
    > > the commands gets put in the background immidiately. I have no clue why?
    > > When i turn nscd back on this works fine:
    > >
    > > bash-2.03$ ls -alrt
    > > total 8
    > > -rw-r--r-- 1 oweinmann domain users 0 Apr 28 08:57 test1
    > > -rw-r--r-- 1 oweinmann domain users 0 Apr 28 08:57 test2
    > > -rw-r--r-- 1 oweinmann domain users 0 Apr 28 08:57 test3
    > > -rw-r--r-- 1 oweinmann domain users 0 Apr 28 08:57 test4
    > >
    > > but the command then hangs because it can't lookup the user of a file.
    > >
    > >
    > >
    > > And you've got proper library links and all?
    > >
    > > Chapter 24. Winbind: Use of Domain Accounts
    > >
    > > The libraries needed to run the winbindd daemon through nsswitch need to
    > > be copied to their proper locations:
    > > [...]
    > >
    > > And, in the case of Sun Solaris:
    > >
    > > root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1*root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1*root# *ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2*
    > >
    > > As root, edit /etc/nsswitch.conf to allow user and group entries to be
    > > visible from the winbindd daemon. My /etc/nsswitch.conf file looked like
    > > this after editing:
    > >
    > > passwd: files winbind
    > > shadow: files
    > > group: files winbind
    > >
    > > The libraries needed by the winbindd daemon will be automatically
    > > entered into the ldconfig cache the next time your system reboots, but
    > > it is faster (and you do not need to reboot) if you do it manually:
    > >
    > > The Sun Solaris dynamic link loader management tool is called crle. The
    > > use of this tool is necessary to instruct the dynamic link loader to search
    > > directories that contain library files that were not supplied as part of the
    > > original operating system platform. The following example shows how to use
    > > this tool to add the directory /usr/local/lib to the dynamic link
    > > loader's search path:
    > >
    > > root# crle -u -l /usr/lib:/usr/local/lib
    > >
    > > When executed without arguments, crle reports the current dynamic link
    > > loader configuration. This is demonstrated here:
    > >
    > > root# crle
    > >
    > > Configuration file [version 4]: /var/ld/ld.config
    > > Default Library Path (ELF): /lib:/usr/lib:/usr/local/lib
    > > Trusted Directories (ELF): /lib/secure:/usr/lib/secure (system default)
    > >
    > > Command line:
    > > crle -c /var/ld/ld.config -l /lib:/usr/lib:/usr/local/lib
    > >
    > > From this it is apparent that the /usr/local/lib directory is included
    > > in the search dynamic link libraries in order to satisfy object module
    > > dependencies.
    > >

    > >
    > >

    >
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  4. Re: [Samba] Strange behaviour of winbind on solaris 8

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Oliver Weinmann wrote:
    | forgot to mention that the nss_winbind links are there:
    |
    | bash-2.03# ls -alrt /usr/lib/nss_w*
    | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    | /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
    | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    | /usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
    | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1

    Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
    like it might be rwx for root only.







    cheers, jerry
    - --
    ================================================== ===================
    Samba ------- http://www.samba.org
    Likewise Software --------- http://www.likewisesoftware.com
    "What man is a man who does not make the world better?" --Balian
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2.2 (Darwin)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    0OxWwTr/wJPDW67YmZCAfQo=
    =6S2v
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  5. Re: [Samba] Strange behaviour of winbind on solaris 8

    Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777

    bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    /usr/lib/libnss_winbind.so

    nscd is turned off. I can login as an AD users but I cant start any command.



    login as: oweinmann
    Using keyboard-interactive authentication.
    Password:
    Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
    bash-2.03$ ls -alrt

    [1]+ Stopped ls -alrt
    bash-2.03$ id

    [2]+ Stopped id
    bash-2.03$ group

    [3]+ Stopped group
    bash-2.03$ echo "TEST"
    TEST
    bash-2.03$
    Some commands are working and some others are put in background and the
    session closes after one or two minutes?

    When I turn on nscd everything is fine, except ls -alrt not working.



    On 4/28/08, Gerald (Jerry) Carter wrote:
    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Oliver Weinmann wrote:
    > | forgot to mention that the nss_winbind links are there:
    > |
    > | bash-2.03# ls -alrt /usr/lib/nss_w*
    > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > | /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
    > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > | /usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
    > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1
    >
    > Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
    > like it might be rwx for root only.
    >
    >
    >
    >
    >
    >
    >
    > cheers, jerry
    > - --
    > ================================================== ===================
    > Samba ------- http://www.samba.org
    > Likewise Software --------- http://www.likewisesoftware.com
    > "What man is a man who does not make the world better?" --Balian
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.2.2 (Darwin)
    > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
    >
    > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    > 0OxWwTr/wJPDW67YmZCAfQo=
    > =6S2v
    > -----END PGP SIGNATURE-----
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  6. Re: [Samba] Strange behaviour of winbind on solaris 8

    I will try to get hands on the latest patches for solaris 8 and see if that
    fixes the nscd problems. I can't believe that samba-winbind is not running
    100% well on a Solaris 8 machine.


    On 4/28/08, Oliver Weinmann wrote:
    >
    > Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777
    >
    > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    > -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    > /usr/lib/libnss_winbind.so
    >
    > nscd is turned off. I can login as an AD users but I cant start any
    > command.
    >
    >
    > login as: oweinmann
    > Using keyboard-interactive authentication.
    > Password:
    > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
    > bash-2.03$ ls -alrt
    >
    > [1]+ Stopped ls -alrt
    > bash-2.03$ id
    >
    > [2]+ Stopped id
    > bash-2.03$ group
    >
    > [3]+ Stopped group
    > bash-2.03$ echo "TEST"
    > TEST
    > bash-2.03$
    > Some commands are working and some others are put in background and the
    > session closes after one or two minutes?
    >
    > When I turn on nscd everything is fine, except ls -alrt not working.
    >
    >
    >
    > On 4/28/08, Gerald (Jerry) Carter wrote:
    > >
    > > -----BEGIN PGP SIGNED MESSAGE-----
    > > Hash: SHA1
    > >
    > > Oliver Weinmann wrote:
    > > | forgot to mention that the nss_winbind links are there:
    > > |
    > > | bash-2.03# ls -alrt /usr/lib/nss_w*
    > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > | /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
    > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > | /usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
    > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1
    > >
    > > Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
    > > like it might be rwx for root only.
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > > cheers, jerry
    > > - --
    > > ================================================== ===================
    > > Samba ------- http://www.samba.org
    > > Likewise Software --------- http://www.likewisesoftware.com
    > > "What man is a man who does not make the world better?" --Balian
    > > -----BEGIN PGP SIGNATURE-----
    > > Version: GnuPG v1.4.2.2 (Darwin)
    > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
    > >
    > > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    > > 0OxWwTr/wJPDW67YmZCAfQo=
    > > =6S2v
    > > -----END PGP SIGNATURE-----
    > >

    >
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  7. Re: [Samba] Strange behaviour of winbind on solaris 8

    which output gives ldd -r /usr/lib/nss_winbind.so ?

    I have the following naming and permission for nss_winbind:

    lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so ->
    nss_winbind.so.1
    -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1

    Please try with the exactly same naming and permissions of your files.



    Oliver Weinmann schrieb:
    > I will try to get hands on the latest patches for solaris 8 and see if that
    > fixes the nscd problems. I can't believe that samba-winbind is not running
    > 100% well on a Solaris 8 machine.
    >
    >
    > On 4/28/08, Oliver Weinmann wrote:
    >
    >> Just for fun i changed the perms of /usr/lib/libnss_winbind.so to 777
    >>
    >> bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    >> bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    >> -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    >> /usr/lib/libnss_winbind.so
    >>
    >> nscd is turned off. I can login as an AD users but I cant start any
    >> command.
    >>
    >>
    >> login as: oweinmann
    >> Using keyboard-interactive authentication.
    >> Password:
    >> Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
    >> bash-2.03$ ls -alrt
    >>
    >> [1]+ Stopped ls -alrt
    >> bash-2.03$ id
    >>
    >> [2]+ Stopped id
    >> bash-2.03$ group
    >>
    >> [3]+ Stopped group
    >> bash-2.03$ echo "TEST"
    >> TEST
    >> bash-2.03$
    >> Some commands are working and some others are put in background and the
    >> session closes after one or two minutes?
    >>
    >> When I turn on nscd everything is fine, except ls -alrt not working.
    >>
    >>
    >>
    >> On 4/28/08, Gerald (Jerry) Carter wrote:
    >>
    >>> -----BEGIN PGP SIGNED MESSAGE-----
    >>> Hash: SHA1
    >>>
    >>> Oliver Weinmann wrote:
    >>> | forgot to mention that the nss_winbind links are there:
    >>> |
    >>> | bash-2.03# ls -alrt /usr/lib/nss_w*
    >>> | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    >>> | /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
    >>> | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    >>> | /usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
    >>> | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    >>> | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1
    >>>
    >>> Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
    >>> like it might be rwx for root only.
    >>>
    >>>
    >>>
    >>>
    >>>
    >>>
    >>>
    >>> cheers, jerry
    >>> - --
    >>> ================================================== ===================
    >>> Samba ------- http://www.samba.org
    >>> Likewise Software --------- http://www.likewisesoftware.com
    >>> "What man is a man who does not make the world better?" --Balian
    >>> -----BEGIN PGP SIGNATURE-----
    >>> Version: GnuPG v1.4.2.2 (Darwin)
    >>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
    >>>
    >>> iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    >>> 0OxWwTr/wJPDW67YmZCAfQo=
    >>> =6S2v
    >>> -----END PGP SIGNATURE-----
    >>>
    >>>

    >>


    --
    Mit freundlichen Grüßen
    Dietrich Streifert
    --
    Visionet GmbH
    Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    Registergericht: Handelsregister Fürth, HRB 6573
    Geschäftsführer: Stefan Lindner



    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  8. Re: [Samba] Strange behaviour of winbind on solaris 8

    Please try to login (or su) to the user oweinmann and issue then ldd -r
    /usr/lib/nss_winbind.so

    For some reason I think that non root users are not able to read one of
    the involved files.

    This could be

    /etc/nsswitch.conf
    /usr/lib/nss_winbind.so

    or some of the files found by the ldd -r command. The fact that you can
    issue commands while nscd is running points to this fact becaus nscd is
    running as root and has permissions to read all of those files.

    /etc/nsswitch.conf should be readable by everyone.

    I compiled samba myself with a full stack of openssl, iconv, heimdal
    kerberos, cyrus-sasl, openldap and samba. While people often speak of
    the Windows DLL hell this is the Solaris shared library hell :-( But it
    works.



    Oliver Weinmann schrieb:
    > Hi,
    >
    > bash-2.03# ldd -r /usr/lib/nss_winbind.so
    > libthread.so.1 => /usr/lib/libthread.so.1
    > libsocket.so.1 => /usr/lib/libsocket.so.1
    > libdl.so.1 => /usr/lib/libdl.so.1
    > libc.so.1 => /usr/lib/libc.so.1
    > libnsl.so.1 => /usr/lib/libnsl.so.1
    > libmp.so.2 => /usr/lib/libmp.so.2
    > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >
    > I changed the permissions and files exactly to be the same but i still
    > cant issue commands...
    >
    > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    > -rwxr-xr-x 1 root other 74744 Apr 29 09:03
    > /usr/lib/nss_winbind.so.1
    > lrwxrwxrwx 1 root other 25 Apr 29 09:04
    > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
    >
    > Could this also be a problem of a compiling? Have you compiled the
    > samba yourself or are you using prebuilt packages?
    >
    > On 4/29/08, *Dietrich Streifert* > > wrote:
    >
    > which output gives ldd -r /usr/lib/nss_winbind.so ?
    >
    > I have the following naming and permission for nss_winbind:
    >
    > lrwxrwxrwx 1 root other 16 Jan 15 2004
    > nss_winbind.so -> nss_winbind.so.1
    > -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1
    >
    > Please try with the exactly same naming and permissions of your files.
    >
    >
    >
    > Oliver Weinmann schrieb:
    >
    > I will try to get hands on the latest patches for solaris 8
    > and see if that
    > fixes the nscd problems. I can't believe that samba-winbind is
    > not running
    > 100% well on a Solaris 8 machine.
    >
    >
    > On 4/28/08, Oliver Weinmann > liver.weinmann@googlemail.com>> wrote:
    >
    >
    > Just for fun i changed the perms of
    > /usr/lib/libnss_winbind.so to 777
    >
    > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    > -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    > /usr/lib/libnss_winbind.so
    >
    > nscd is turned off. I can login as an AD users but I cant
    > start any
    > command.
    >
    >
    > login as: oweinmann
    > Using keyboard-interactive authentication.
    > Password:
    > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
    > bash-2.03$ ls -alrt
    >
    > [1]+ Stopped ls -alrt
    > bash-2.03$ id
    >
    > [2]+ Stopped id
    > bash-2.03$ group
    >
    > [3]+ Stopped group
    > bash-2.03$ echo "TEST"
    > TEST
    > bash-2.03$
    > Some commands are working and some others are put in
    > background and the
    > session closes after one or two minutes?
    >
    > When I turn on nscd everything is fine, except ls -alrt
    > not working.
    >
    >
    >
    > On 4/28/08, Gerald (Jerry) Carter > > wrote:
    >
    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Oliver Weinmann wrote:
    > | forgot to mention that the nss_winbind links are there:
    > |
    > | bash-2.03# ls -alrt /usr/lib/nss_w*
    > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > | /usr/lib/nss_winbind.so.2 ->
    > /usr/lib/libnss_winbind.so.1
    > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > | /usr/lib/nss_winbind.so.1 ->
    > /usr/lib/libnss_winbind.so.1
    > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1
    >
    > Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
    > like it might be rwx for root only.
    >
    >
    >
    >
    >
    >
    >
    > cheers, jerry
    > - --
    > ================================================== ===================
    > Samba -------
    > http://www.samba.org
    > Likewise Software ---------
    > http://www.likewisesoftware.com
    >
    > "What man is a man who does not make the world
    > better?" --Balian
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.2.2 (Darwin)
    > Comment: Using GnuPG with Mozilla -
    > http://enigmail.mozdev.org
    >
    > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    > 0OxWwTr/wJPDW67YmZCAfQo=
    > =6S2v
    > -----END PGP SIGNATURE-----
    >
    >
    >
    >
    >
    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >


    --
    Mit freundlichen Grüßen
    Dietrich Streifert
    --
    Visionet GmbH
    Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    Registergericht: Handelsregister Fürth, HRB 6573
    Geschäftsführer: Stefan Lindner



    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  9. Re: [Samba] Strange behaviour of winbind on solaris 8

    su to user oweinmann works but when i ussie the ldd -r
    /usr/lib/nss_winbind.so command it gets put in the background.. i then do
    fg 2 and this is the output:

    bash-2.03$ ldd -r /usr/lib/nss_winbind.so

    [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
    bash-2.03$ fg 2
    ldd -r /usr/lib/nss_winbind.so
    libthread.so.1 => /usr/lib/libthread.so.1
    libsocket.so.1 => /usr/lib/libsocket.so.1
    libdl.so.1 => /usr/lib/libdl.so.1
    libc.so.1 => /usr/lib/libc.so.1
    libnsl.so.1 => /usr/lib/libnsl.so.1
    libmp.so.2 => /usr/lib/libmp.so.2
    /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1

    bash-2.03$ ls -alrt /etc/nsswitch.conf

    [2]+ Stopped ls -alrt /etc/nsswitch.conf
    bash-2.03$ fg 2
    ls -alrt /etc/nsswitch.conf
    -rw-r--r-- 1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf





    On 4/29/08, Dietrich Streifert wrote:
    >
    > Please try to login (or su) to the user oweinmann and issue then ldd -r
    > /usr/lib/nss_winbind.so
    >
    > For some reason I think that non root users are not able to read one of
    > the involved files.
    >
    > This could be
    >
    > /etc/nsswitch.conf
    > /usr/lib/nss_winbind.so
    >
    > or some of the files found by the ldd -r command. The fact that you can
    > issue commands while nscd is running points to this fact becaus nscd is
    > running as root and has permissions to read all of those files.
    >
    > /etc/nsswitch.conf should be readable by everyone.
    >
    > I compiled samba myself with a full stack of openssl, iconv, heimdal
    > kerberos, cyrus-sasl, openldap and samba. While people often speak of the
    > Windows DLL hell this is the Solaris shared library hell :-( But it works..
    >
    >
    >
    > Oliver Weinmann schrieb:
    >
    > Hi,
    >
    > bash-2.03# ldd -r /usr/lib/nss_winbind.so
    > libthread.so.1 => /usr/lib/libthread.so.1
    > libsocket.so.1 => /usr/lib/libsocket.so.1
    > libdl.so.1 => /usr/lib/libdl.so.1
    > libc.so.1 => /usr/lib/libc.so.1
    > libnsl.so.1 => /usr/lib/libnsl.so.1
    > libmp.so.2 => /usr/lib/libmp.so.2
    > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >
    > I changed the permissions and files exactly to be the same but i still
    > cant issue commands...
    >
    > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    > -rwxr-xr-x 1 root other 74744 Apr 29 09:03
    > /usr/lib/nss_winbind.so.1
    > lrwxrwxrwx 1 root other 25 Apr 29 09:04
    > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
    >
    > Could this also be a problem of a compiling? Have you compiled the samba
    > yourself or are you using prebuilt packages?
    >
    > On 4/29/08, Dietrich Streifert wrote:
    > >
    > > which output gives ldd -r /usr/lib/nss_winbind.so ?
    > >
    > > I have the following naming and permission for nss_winbind:
    > >
    > > lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so ->
    > > nss_winbind.so.1
    > > -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1
    > >
    > > Please try with the exactly same naming and permissions of your files.
    > >
    > >
    > >
    > > Oliver Weinmann schrieb:
    > >
    > > > I will try to get hands on the latest patches for solaris 8 and see if
    > > > that
    > > > fixes the nscd problems. I can't believe that samba-winbind is not
    > > > running
    > > > 100% well on a Solaris 8 machine.
    > > >
    > > >
    > > > On 4/28/08, Oliver Weinmann wrote:
    > > >
    > > >
    > > > > Just for fun i changed the perms of /usr/lib/libnss_winbind.so to
    > > > > 777
    > > > >
    > > > > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    > > > > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    > > > > -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    > > > > /usr/lib/libnss_winbind.so
    > > > >
    > > > > nscd is turned off. I can login as an AD users but I cant start any
    > > > > command.
    > > > >
    > > > >
    > > > > login as: oweinmann
    > > > > Using keyboard-interactive authentication.
    > > > > Password:
    > > > > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
    > > > > bash-2.03$ ls -alrt
    > > > >
    > > > > [1]+ Stopped ls -alrt
    > > > > bash-2.03$ id
    > > > >
    > > > > [2]+ Stopped id
    > > > > bash-2.03$ group
    > > > >
    > > > > [3]+ Stopped group
    > > > > bash-2.03$ echo "TEST"
    > > > > TEST
    > > > > bash-2.03$
    > > > > Some commands are working and some others are put in background and
    > > > > the
    > > > > session closes after one or two minutes?
    > > > >
    > > > > When I turn on nscd everything is fine, except ls -alrt not working..
    > > > >
    > > > >
    > > > >
    > > > > On 4/28/08, Gerald (Jerry) Carter wrote:
    > > > >
    > > > >
    > > > > > -----BEGIN PGP SIGNED MESSAGE-----
    > > > > > Hash: SHA1
    > > > > >
    > > > > > Oliver Weinmann wrote:
    > > > > > | forgot to mention that the nss_winbind links are there:
    > > > > > |
    > > > > > | bash-2.03# ls -alrt /usr/lib/nss_w*
    > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > | /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
    > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > | /usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
    > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1
    > > > > >
    > > > > > Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
    > > > > > like it might be rwx for root only.
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > > cheers, jerry
    > > > > > - --
    > > > > >
    > > > > > ================================================== ===================
    > > > > > Samba -------
    > > > > > http://www.samba.org
    > > > > > Likewise Software ---------
    > > > > > http://www.likewisesoftware.com
    > > > > > "What man is a man who does not make the world better?"
    > > > > > --Balian
    > > > > > -----BEGIN PGP SIGNATURE-----
    > > > > > Version: GnuPG v1.4.2.2 (Darwin)
    > > > > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
    > > > > >
    > > > > > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    > > > > > 0OxWwTr/wJPDW67YmZCAfQo=
    > > > > > =6S2v
    > > > > > -----END PGP SIGNATURE-----
    > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >

    > > --
    > > Mit freundlichen Grüßen
    > > Dietrich Streifert
    > > --
    > > Visionet GmbH
    > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > Registergericht: Handelsregister Fürth, HRB 6573
    > > Geschäftsführer: Stefan Lindner
    > >
    > >
    > >
    > >

    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  10. Re: [Samba] Strange behaviour of winbind on solaris 8

    Are there any messages in /var/adm/messages which are related to nss ?

    As I can see you are using bash as your shell.

    Try using csh. Does something change?

    Oliver Weinmann schrieb:
    > su to user oweinmann works but when i ussie the ldd -r
    > /usr/lib/nss_winbind.so command it gets put in the background.. i
    > then do fg 2 and this is the output:
    >
    > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
    >
    > [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
    > bash-2.03$ fg 2
    > ldd -r /usr/lib/nss_winbind.so
    > libthread.so.1 => /usr/lib/libthread.so.1
    > libsocket.so.1 => /usr/lib/libsocket.so.1
    > libdl.so.1 => /usr/lib/libdl.so.1
    > libc.so.1 => /usr/lib/libc.so.1
    > libnsl.so.1 => /usr/lib/libnsl.so.1
    > libmp.so.2 => /usr/lib/libmp.so.2
    > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >
    > bash-2.03$ ls -alrt /etc/nsswitch.conf
    >
    > [2]+ Stopped ls -alrt /etc/nsswitch.conf
    > bash-2.03$ fg 2
    > ls -alrt /etc/nsswitch.conf
    > -rw-r--r-- 1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf
    >
    >
    >
    >
    >
    >
    > On 4/29/08, *Dietrich Streifert* > > wrote:
    >
    > Please try to login (or su) to the user oweinmann and issue then
    > ldd -r /usr/lib/nss_winbind.so
    >
    > For some reason I think that non root users are not able to read
    > one of the involved files.
    >
    > This could be
    >
    > /etc/nsswitch.conf
    > /usr/lib/nss_winbind.so
    >
    > or some of the files found by the ldd -r command. The fact that
    > you can issue commands while nscd is running points to this fact
    > becaus nscd is running as root and has permissions to read all of
    > those files.
    >
    > /etc/nsswitch.conf should be readable by everyone.
    >
    > I compiled samba myself with a full stack of openssl, iconv,
    > heimdal kerberos, cyrus-sasl, openldap and samba. While people
    > often speak of the Windows DLL hell this is the Solaris shared
    > library hell :-( But it works.
    >
    >
    >
    > Oliver Weinmann schrieb:
    >> Hi,
    >>
    >> bash-2.03# ldd -r /usr/lib/nss_winbind.so
    >> libthread.so.1 => /usr/lib/libthread.so.1
    >> libsocket.so.1 => /usr/lib/libsocket.so.1
    >> libdl.so.1 => /usr/lib/libdl.so.1
    >> libc.so.1 => /usr/lib/libc.so.1
    >> libnsl.so.1 => /usr/lib/libnsl.so.1
    >> libmp.so.2 => /usr/lib/libmp.so.2
    >> /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >>
    >> I changed the permissions and files exactly to be the same but i
    >> still cant issue commands...
    >>
    >> bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    >> -rwxr-xr-x 1 root other 74744 Apr 29 09:03
    >> /usr/lib/nss_winbind.so.1
    >> lrwxrwxrwx 1 root other 25 Apr 29 09:04
    >> /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
    >>
    >> Could this also be a problem of a compiling? Have you compiled
    >> the samba yourself or are you using prebuilt packages?
    >>
    >> On 4/29/08, *Dietrich Streifert* >> > wrote:
    >>
    >> which output gives ldd -r /usr/lib/nss_winbind.so ?
    >>
    >> I have the following naming and permission for nss_winbind:
    >>
    >> lrwxrwxrwx 1 root other 16 Jan 15 2004
    >> nss_winbind.so -> nss_winbind.so.1
    >> -rwxr-xr-x 1 root other 44540 Apr 28 17:35
    >> nss_winbind.so.1
    >>
    >> Please try with the exactly same naming and permissions of
    >> your files.
    >>
    >>
    >>
    >> Oliver Weinmann schrieb:
    >>
    >> I will try to get hands on the latest patches for solaris
    >> 8 and see if that
    >> fixes the nscd problems. I can't believe that
    >> samba-winbind is not running
    >> 100% well on a Solaris 8 machine.
    >>
    >>
    >> On 4/28/08, Oliver Weinmann
    >> >> liver.weinmann@googlemail.com>> wrote:
    >>
    >>
    >> Just for fun i changed the perms of
    >> /usr/lib/libnss_winbind.so to 777
    >>
    >> bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    >> bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    >> -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    >> /usr/lib/libnss_winbind.so
    >>
    >> nscd is turned off. I can login as an AD users but I
    >> cant start any
    >> command.
    >>
    >>
    >> login as: oweinmann
    >> Using keyboard-interactive authentication.
    >> Password:
    >> Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
    >> bash-2.03$ ls -alrt
    >>
    >> [1]+ Stopped ls -alrt
    >> bash-2.03$ id
    >>
    >> [2]+ Stopped id
    >> bash-2.03$ group
    >>
    >> [3]+ Stopped group
    >> bash-2.03$ echo "TEST"
    >> TEST
    >> bash-2.03$
    >> Some commands are working and some others are put in
    >> background and the
    >> session closes after one or two minutes?
    >>
    >> When I turn on nscd everything is fine, except ls
    >> -alrt not working.
    >>
    >>
    >>
    >> On 4/28/08, Gerald (Jerry) Carter >> > wrote:
    >>
    >>
    >> -----BEGIN PGP SIGNED MESSAGE-----
    >> Hash: SHA1
    >>
    >> Oliver Weinmann wrote:
    >> | forgot to mention that the nss_winbind links
    >> are there:
    >> |
    >> | bash-2.03# ls -alrt /usr/lib/nss_w*
    >> | lrwxrwxrwx 1 root other 28 Apr 23
    >> 14:30
    >> | /usr/lib/nss_winbind.so.2 ->
    >> /usr/lib/libnss_winbind.so.1
    >> | lrwxrwxrwx 1 root other 28 Apr 23
    >> 14:30
    >> | /usr/lib/nss_winbind.so.1 ->
    >> /usr/lib/libnss_winbind.so.1
    >> | lrwxrwxrwx 1 root other 28 Apr 23
    >> 14:30
    >> | /usr/lib/nss_winbind.so ->
    >> /usr/lib/libnss_winbind.so.1
    >>
    >> Check the perms on /usr/lib/libnss_winbind.so.1.
    >> Sounds
    >> like it might be rwx for root only.
    >>
    >>
    >>
    >>
    >>
    >>
    >>
    >> cheers, jerry
    >> - --
    >> ================================================== ===================
    >> Samba -------
    >> http://www.samba.org
    >> Likewise Software ---------
    >> http://www.likewisesoftware.com
    >>
    >> "What man is a man who does not make the world
    >> better?" --Balian
    >> -----BEGIN PGP SIGNATURE-----
    >> Version: GnuPG v1.4.2.2 (Darwin)
    >> Comment: Using GnuPG with Mozilla -
    >> http://enigmail.mozdev.org
    >>
    >>
    >> iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    >> 0OxWwTr/wJPDW67YmZCAfQo=
    >> =6S2v
    >> -----END PGP SIGNATURE-----
    >>
    >>
    >>
    >>
    >>
    >>
    >> --
    >> Mit freundlichen Grüßen
    >> Dietrich Streifert
    >> --
    >> Visionet GmbH
    >> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >> Registergericht: Handelsregister Fürth, HRB 6573
    >> Geschäftsführer: Stefan Lindner
    >>
    >>
    >>
    >>

    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >
    >


    --
    Mit freundlichen Grüßen
    Dietrich Streifert
    --
    Visionet GmbH
    Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    Registergericht: Handelsregister Fürth, HRB 6573
    Geschäftsführer: Stefan Lindner



    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  11. Re: [Samba] Strange behaviour of winbind on solaris 8

    Hi,

    no, there was nothing in /var/adm/messages, but guess what with the csh ls
    -alrt and such commands work fine... But i get kicked out of the ssh session
    after 2 minutes...


    On 4/29/08, Dietrich Streifert wrote:
    >
    > Are there any messages in /var/adm/messages which are related to nss ?
    >
    > As I can see you are using bash as your shell.
    >
    > Try using csh. Does something change?
    >
    > Oliver Weinmann schrieb:
    >
    > su to user oweinmann works but when i ussie the ldd -r
    > /usr/lib/nss_winbind.so command it gets put in the background.. i thendo
    > fg 2 and this is the output:
    >
    > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
    >
    > [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
    > bash-2.03$ fg 2
    > ldd -r /usr/lib/nss_winbind.so
    > libthread.so.1 => /usr/lib/libthread.so.1
    > libsocket.so.1 => /usr/lib/libsocket.so.1
    > libdl.so.1 => /usr/lib/libdl.so.1
    > libc.so.1 => /usr/lib/libc.so.1
    > libnsl.so.1 => /usr/lib/libnsl.so.1
    > libmp.so.2 => /usr/lib/libmp.so.2
    > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >
    > bash-2.03$ ls -alrt /etc/nsswitch.conf
    >
    > [2]+ Stopped ls -alrt /etc/nsswitch.conf
    > bash-2.03$ fg 2
    > ls -alrt /etc/nsswitch.conf
    > -rw-r--r-- 1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf
    >
    >
    >
    >
    >
    > On 4/29/08, Dietrich Streifert wrote:
    > >
    > > Please try to login (or su) to the user oweinmann and issue then ldd -r
    > > /usr/lib/nss_winbind.so
    > >
    > > For some reason I think that non root users are not able to read one of
    > > the involved files.
    > >
    > > This could be
    > >
    > > /etc/nsswitch.conf
    > > /usr/lib/nss_winbind.so
    > >
    > > or some of the files found by the ldd -r command. The fact that you can
    > > issue commands while nscd is running points to this fact becaus nscd is
    > > running as root and has permissions to read all of those files.
    > >
    > > /etc/nsswitch.conf should be readable by everyone.
    > >
    > > I compiled samba myself with a full stack of openssl, iconv, heimdal
    > > kerberos, cyrus-sasl, openldap and samba. While people often speak of the
    > > Windows DLL hell this is the Solaris shared library hell :-( But it works.
    > >
    > >
    > >
    > > Oliver Weinmann schrieb:
    > >
    > > Hi,
    > >
    > > bash-2.03# ldd -r /usr/lib/nss_winbind.so
    > > libthread.so.1 => /usr/lib/libthread.so.1
    > > libsocket.so.1 => /usr/lib/libsocket.so.1
    > > libdl.so.1 => /usr/lib/libdl.so.1
    > > libc.so.1 => /usr/lib/libc.so.1
    > > libnsl.so.1 => /usr/lib/libnsl.so.1
    > > libmp.so.2 => /usr/lib/libmp.so.2
    > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    > >
    > > I changed the permissions and files exactly to be the same but i still
    > > cant issue commands...
    > >
    > > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    > > -rwxr-xr-x 1 root other 74744 Apr 29 09:03
    > > /usr/lib/nss_winbind.so.1
    > > lrwxrwxrwx 1 root other 25 Apr 29 09:04
    > > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
    > >
    > > Could this also be a problem of a compiling? Have you compiled the samba
    > > yourself or are you using prebuilt packages?
    > >
    > > On 4/29/08, Dietrich Streifert wrote:
    > > >
    > > > which output gives ldd -r /usr/lib/nss_winbind.so ?
    > > >
    > > > I have the following naming and permission for nss_winbind:
    > > >
    > > > lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so
    > > > -> nss_winbind.so.1
    > > > -rwxr-xr-x 1 root other 44540 Apr 28 17:35 nss_winbind.so.1
    > > >
    > > > Please try with the exactly same naming and permissions of your files..
    > > >
    > > >
    > > >
    > > > Oliver Weinmann schrieb:
    > > >
    > > > > I will try to get hands on the latest patches for solaris 8 and see
    > > > > if that
    > > > > fixes the nscd problems. I can't believe that samba-winbind is not
    > > > > running
    > > > > 100% well on a Solaris 8 machine.
    > > > >
    > > > >
    > > > > On 4/28/08, Oliver Weinmann wrote:
    > > > >
    > > > >
    > > > > > Just for fun i changed the perms of /usr/lib/libnss_winbind.so to
    > > > > > 777
    > > > > >
    > > > > > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    > > > > > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    > > > > > -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    > > > > > /usr/lib/libnss_winbind.so
    > > > > >
    > > > > > nscd is turned off. I can login as an AD users but I cant start
    > > > > > any
    > > > > > command.
    > > > > >
    > > > > >
    > > > > > login as: oweinmann
    > > > > > Using keyboard-interactive authentication.
    > > > > > Password:
    > > > > > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
    > > > > > bash-2.03$ ls -alrt
    > > > > >
    > > > > > [1]+ Stopped ls -alrt
    > > > > > bash-2.03$ id
    > > > > >
    > > > > > [2]+ Stopped id
    > > > > > bash-2.03$ group
    > > > > >
    > > > > > [3]+ Stopped group
    > > > > > bash-2.03$ echo "TEST"
    > > > > > TEST
    > > > > > bash-2.03$
    > > > > > Some commands are working and some others are put in background
    > > > > > and the
    > > > > > session closes after one or two minutes?
    > > > > >
    > > > > > When I turn on nscd everything is fine, except ls -alrt not
    > > > > > working.
    > > > > >
    > > > > >
    > > > > >
    > > > > > On 4/28/08, Gerald (Jerry) Carter wrote:
    > > > > >
    > > > > >
    > > > > > > -----BEGIN PGP SIGNED MESSAGE-----
    > > > > > > Hash: SHA1
    > > > > > >
    > > > > > > Oliver Weinmann wrote:
    > > > > > > | forgot to mention that the nss_winbind links are there:
    > > > > > > |
    > > > > > > | bash-2.03# ls -alrt /usr/lib/nss_w*
    > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > | /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
    > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > | /usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
    > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1
    > > > > > >
    > > > > > > Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
    > > > > > > like it might be rwx for root only.
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > > cheers, jerry
    > > > > > > - --
    > > > > > >
    > > > > > > ================================================== ===================
    > > > > > > Samba -------
    > > > > > > http://www.samba.org
    > > > > > > Likewise Software ---------
    > > > > > > http://www.likewisesoftware.com
    > > > > > > "What man is a man who does not make the world better?"
    > > > > > > --Balian
    > > > > > > -----BEGIN PGP SIGNATURE-----
    > > > > > > Version: GnuPG v1.4.2.2 (Darwin)
    > > > > > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
    > > > > > >
    > > > > > > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    > > > > > > 0OxWwTr/wJPDW67YmZCAfQo=
    > > > > > > =6S2v
    > > > > > > -----END PGP SIGNATURE-----
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > --
    > > > Mit freundlichen Grüßen
    > > > Dietrich Streifert
    > > > --
    > > > Visionet GmbH
    > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > Geschäftsführer: Stefan Lindner
    > > >
    > > >
    > > >
    > > >

    > >
    > > --
    > > Mit freundlichen Grüßen
    > > Dietrich Streifert
    > > --
    > > Visionet GmbH
    > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > Registergericht: Handelsregister Fürth, HRB 6573
    > > Geschäftsführer: Stefan Lindner
    > >
    > >
    > >
    > >
    > >

    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  12. Re: [Samba] Strange behaviour of winbind on solaris 8

    So there must be something in your bash init files, /etc/profile or
    ~/.bashrc (sorry I'm not a bash user) which causes the problem.

    Maybe something which forms the shell prompt like whoami etc.

    Maybe there is something like a autologout set for the csh or in sshd
    with idle session timeout.


    Oliver Weinmann schrieb:
    > Hi,
    >
    > no, there was nothing in /var/adm/messages, but guess what with the
    > csh ls -alrt and such commands work fine... But i get kicked out of
    > the ssh session after 2 minutes...
    >
    >
    > On 4/29/08, *Dietrich Streifert* > > wrote:
    >
    > Are there any messages in /var/adm/messages which are related to nss ?
    >
    > As I can see you are using bash as your shell.
    >
    > Try using csh. Does something change?
    >
    > Oliver Weinmann schrieb:
    >> su to user oweinmann works but when i ussie the ldd -r
    >> /usr/lib/nss_winbind.so command it gets put in the background..
    >> i then do fg 2 and this is the output:
    >>
    >> bash-2.03$ ldd -r /usr/lib/nss_winbind.so
    >>
    >> [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
    >> bash-2.03$ fg 2
    >> ldd -r /usr/lib/nss_winbind.so
    >> libthread.so.1 => /usr/lib/libthread.so.1
    >> libsocket.so.1 => /usr/lib/libsocket.so.1
    >> libdl.so.1 => /usr/lib/libdl.so.1
    >> libc.so.1 => /usr/lib/libc.so.1
    >> libnsl.so.1 => /usr/lib/libnsl.so.1
    >> libmp.so.2 => /usr/lib/libmp.so.2
    >> /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >>
    >> bash-2.03$ ls -alrt /etc/nsswitch.conf
    >>
    >> [2]+ Stopped ls -alrt /etc/nsswitch.conf
    >> bash-2.03$ fg 2
    >> ls -alrt /etc/nsswitch.conf
    >> -rw-r--r-- 1 root sys 1320 Apr 28 13:19
    >> /etc/nsswitch.conf
    >>
    >>
    >>
    >>
    >>
    >>
    >> On 4/29/08, *Dietrich Streifert* >> > wrote:
    >>
    >> Please try to login (or su) to the user oweinmann and issue
    >> then ldd -r /usr/lib/nss_winbind.so
    >>
    >> For some reason I think that non root users are not able to
    >> read one of the involved files.
    >>
    >> This could be
    >>
    >> /etc/nsswitch.conf
    >> /usr/lib/nss_winbind.so
    >>
    >> or some of the files found by the ldd -r command. The fact
    >> that you can issue commands while nscd is running points to
    >> this fact becaus nscd is running as root and has permissions
    >> to read all of those files.
    >>
    >> /etc/nsswitch.conf should be readable by everyone.
    >>
    >> I compiled samba myself with a full stack of openssl, iconv,
    >> heimdal kerberos, cyrus-sasl, openldap and samba. While
    >> people often speak of the Windows DLL hell this is the
    >> Solaris shared library hell :-( But it works.
    >>
    >>
    >>
    >> Oliver Weinmann schrieb:
    >>> Hi,
    >>>
    >>> bash-2.03# ldd -r /usr/lib/nss_winbind.so
    >>> libthread.so.1 => /usr/lib/libthread.so.1
    >>> libsocket.so.1 => /usr/lib/libsocket.so.1
    >>> libdl.so.1 => /usr/lib/libdl.so.1
    >>> libc.so.1 => /usr/lib/libc.so.1
    >>> libnsl.so.1 => /usr/lib/libnsl.so.1
    >>> libmp.so.2 => /usr/lib/libmp.so.2
    >>> /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >>>
    >>> I changed the permissions and files exactly to be the same
    >>> but i still cant issue commands...
    >>>
    >>> bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    >>> -rwxr-xr-x 1 root other 74744 Apr 29 09:03
    >>> /usr/lib/nss_winbind.so.1
    >>> lrwxrwxrwx 1 root other 25 Apr 29 09:04
    >>> /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
    >>>
    >>> Could this also be a problem of a compiling? Have you
    >>> compiled the samba yourself or are you using prebuilt packages?
    >>>
    >>> On 4/29/08, *Dietrich Streifert*
    >>> >>> > wrote:
    >>>
    >>> which output gives ldd -r /usr/lib/nss_winbind.so ?
    >>>
    >>> I have the following naming and permission for nss_winbind:
    >>>
    >>> lrwxrwxrwx 1 root other 16 Jan 15 2004
    >>> nss_winbind.so -> nss_winbind.so.1
    >>> -rwxr-xr-x 1 root other 44540 Apr 28 17:35
    >>> nss_winbind.so.1
    >>>
    >>> Please try with the exactly same naming and permissions
    >>> of your files.
    >>>
    >>>
    >>>
    >>> Oliver Weinmann schrieb:
    >>>
    >>> I will try to get hands on the latest patches for
    >>> solaris 8 and see if that
    >>> fixes the nscd problems. I can't believe that
    >>> samba-winbind is not running
    >>> 100% well on a Solaris 8 machine.
    >>>
    >>>
    >>> On 4/28/08, Oliver Weinmann
    >>> >>> liver.weinmann@googlemail.com>> wrote:
    >>>
    >>>
    >>> Just for fun i changed the perms of
    >>> /usr/lib/libnss_winbind.so to 777
    >>>
    >>> bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    >>> bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    >>> -rwxrwxrwx 1 root other 74744 Apr 28
    >>> 13:32
    >>> /usr/lib/libnss_winbind.so
    >>>
    >>> nscd is turned off. I can login as an AD users
    >>> but I cant start any
    >>> command.
    >>>
    >>>
    >>> login as: oweinmann
    >>> Using keyboard-interactive authentication.
    >>> Password:
    >>> Last login: Mon Apr 28 15:17:11 2008 from
    >>> vb8860.vegagrou
    >>> bash-2.03$ ls -alrt
    >>>
    >>> [1]+ Stopped ls -alrt
    >>> bash-2.03$ id
    >>>
    >>> [2]+ Stopped id
    >>> bash-2.03$ group
    >>>
    >>> [3]+ Stopped group
    >>> bash-2.03$ echo "TEST"
    >>> TEST
    >>> bash-2.03$
    >>> Some commands are working and some others are
    >>> put in background and the
    >>> session closes after one or two minutes?
    >>>
    >>> When I turn on nscd everything is fine, except
    >>> ls -alrt not working.
    >>>
    >>>
    >>>
    >>> On 4/28/08, Gerald (Jerry) Carter
    >>> > wrote:
    >>>
    >>>
    >>> -----BEGIN PGP SIGNED MESSAGE-----
    >>> Hash: SHA1
    >>>
    >>> Oliver Weinmann wrote:
    >>> | forgot to mention that the nss_winbind
    >>> links are there:
    >>> |
    >>> | bash-2.03# ls -alrt /usr/lib/nss_w*
    >>> | lrwxrwxrwx 1 root other 28
    >>> Apr 23 14:30
    >>> | /usr/lib/nss_winbind.so.2 ->
    >>> /usr/lib/libnss_winbind.so.1
    >>> | lrwxrwxrwx 1 root other 28
    >>> Apr 23 14:30
    >>> | /usr/lib/nss_winbind.so.1 ->
    >>> /usr/lib/libnss_winbind.so.1
    >>> | lrwxrwxrwx 1 root other 28
    >>> Apr 23 14:30
    >>> | /usr/lib/nss_winbind.so ->
    >>> /usr/lib/libnss_winbind.so.1
    >>>
    >>> Check the perms on
    >>> /usr/lib/libnss_winbind.so.1. Sounds
    >>> like it might be rwx for root only.
    >>>
    >>>
    >>>
    >>>
    >>>
    >>>
    >>>
    >>> cheers, jerry
    >>> - --
    >>> ================================================== ===================
    >>> Samba
    >>> ------- http://www.samba.org
    >>>
    >>> Likewise Software ---------
    >>> http://www.likewisesoftware.com
    >>>
    >>> "What man is a man who does not make the
    >>> world better?" --Balian
    >>> -----BEGIN PGP SIGNATURE-----
    >>> Version: GnuPG v1.4.2.2 (Darwin)
    >>> Comment: Using GnuPG with Mozilla -
    >>> http://enigmail.mozdev.org
    >>>
    >>>
    >>> iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    >>> 0OxWwTr/wJPDW67YmZCAfQo=
    >>> =6S2v
    >>> -----END PGP SIGNATURE-----
    >>>
    >>>
    >>>
    >>>
    >>>
    >>>
    >>> --
    >>> Mit freundlichen Grüßen
    >>> Dietrich Streifert
    >>> --
    >>> Visionet GmbH
    >>> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >>> Registergericht: Handelsregister Fürth, HRB 6573
    >>> Geschäftsführer: Stefan Lindner
    >>>
    >>>
    >>>
    >>>

    >>
    >> --
    >> Mit freundlichen Grüßen
    >> Dietrich Streifert
    >> --
    >> Visionet GmbH
    >> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >> Registergericht: Handelsregister Fürth, HRB 6573
    >> Geschäftsführer: Stefan Lindner
    >>
    >>
    >>
    >>
    >>

    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >
    >


    --
    Mit freundlichen Grüßen
    Dietrich Streifert
    --
    Visionet GmbH
    Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    Registergericht: Handelsregister Fürth, HRB 6573
    Geschäftsführer: Stefan Lindner



    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  13. Re: [Samba] Strange behaviour of winbind on solaris 8

    there is nothing in /etc/profile and the user oweinmann has no .bashrc. The
    problem seems to be related to nscd. When nscd is turned on i can login and
    issue commands and I don't get kicked out of the ssh login. There is no idle
    session timeout set. If there was I would get kicked out when nscd is turned
    on as well. Only when logged in as an AD user I get kicked out...

    On 4/29/08, Dietrich Streifert wrote:
    >
    > So there must be something in your bash init files, /etc/profile or
    > ~/.bashrc (sorry I'm not a bash user) which causes the problem.
    >
    > Maybe something which forms the shell prompt like whoami etc.
    >
    > Maybe there is something like a autologout set for the csh or in sshd with
    > idle session timeout.
    >
    >
    > Oliver Weinmann schrieb:
    >
    > Hi,
    >
    > no, there was nothing in /var/adm/messages, but guess what with the csh
    > ls -alrt and such commands work fine... But i get kicked out of the ssh
    > session after 2 minutes...
    >
    >
    > On 4/29/08, Dietrich Streifert wrote:
    > >
    > > Are there any messages in /var/adm/messages which are related to nss ?
    > >
    > > As I can see you are using bash as your shell.
    > >
    > > Try using csh. Does something change?
    > >
    > > Oliver Weinmann schrieb:
    > >
    > > su to user oweinmann works but when i ussie the ldd -r
    > > /usr/lib/nss_winbind.so command it gets put in the background.. i then do
    > > fg 2 and this is the output:
    > >
    > > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
    > >
    > > [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
    > > bash-2.03$ fg 2
    > > ldd -r /usr/lib/nss_winbind.so
    > > libthread.so.1 => /usr/lib/libthread.so.1
    > > libsocket.so.1 => /usr/lib/libsocket.so.1
    > > libdl.so.1 => /usr/lib/libdl.so.1
    > > libc.so.1 => /usr/lib/libc.so.1
    > > libnsl.so.1 => /usr/lib/libnsl.so.1
    > > libmp.so.2 => /usr/lib/libmp.so.2
    > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    > >
    > > bash-2.03$ ls -alrt /etc/nsswitch.conf
    > >
    > > [2]+ Stopped ls -alrt /etc/nsswitch.conf
    > > bash-2.03$ fg 2
    > > ls -alrt /etc/nsswitch.conf
    > > -rw-r--r-- 1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf
    > >
    > >
    > >
    > >
    > >
    > > On 4/29/08, Dietrich Streifert wrote:
    > > >
    > > > Please try to login (or su) to the user oweinmann and issue then ldd
    > > > -r /usr/lib/nss_winbind.so
    > > >
    > > > For some reason I think that non root users are not able to read one
    > > > of the involved files.
    > > >
    > > > This could be
    > > >
    > > > /etc/nsswitch.conf
    > > > /usr/lib/nss_winbind.so
    > > >
    > > > or some of the files found by the ldd -r command. The fact that you
    > > > can issue commands while nscd is running points to this fact becaus nscd is
    > > > running as root and has permissions to read all of those files.
    > > >
    > > > /etc/nsswitch.conf should be readable by everyone.
    > > >
    > > > I compiled samba myself with a full stack of openssl, iconv, heimdal
    > > > kerberos, cyrus-sasl, openldap and samba. While people often speak ofthe
    > > > Windows DLL hell this is the Solaris shared library hell :-( But it works.
    > > >
    > > >
    > > >
    > > > Oliver Weinmann schrieb:
    > > >
    > > > Hi,
    > > >
    > > > bash-2.03# ldd -r /usr/lib/nss_winbind.so
    > > > libthread.so.1 => /usr/lib/libthread.so.1
    > > > libsocket.so.1 => /usr/lib/libsocket.so.1
    > > > libdl.so.1 => /usr/lib/libdl.so.1
    > > > libc.so.1 => /usr/lib/libc.so.1
    > > > libnsl.so.1 => /usr/lib/libnsl.so.1
    > > > libmp.so.2 => /usr/lib/libmp.so.2
    > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    > > >
    > > > I changed the permissions and files exactly to be the same but i still
    > > > cant issue commands...
    > > >
    > > > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    > > > -rwxr-xr-x 1 root other 74744 Apr 29 09:03
    > > > /usr/lib/nss_winbind.so.1
    > > > lrwxrwxrwx 1 root other 25 Apr 29 09:04
    > > > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
    > > >
    > > > Could this also be a problem of a compiling? Have you compiled the
    > > > samba yourself or are you using prebuilt packages?
    > > >
    > > > On 4/29/08, Dietrich Streifert wrote:
    > > > >
    > > > > which output gives ldd -r /usr/lib/nss_winbind.so ?
    > > > >
    > > > > I have the following naming and permission for nss_winbind:
    > > > >
    > > > > lrwxrwxrwx 1 root other 16 Jan 15 2004 nss_winbind.so
    > > > > -> nss_winbind.so.1
    > > > > -rwxr-xr-x 1 root other 44540 Apr 28 17:35
    > > > > nss_winbind.so.1
    > > > >
    > > > > Please try with the exactly same naming and permissions of your
    > > > > files.
    > > > >
    > > > >
    > > > >
    > > > > Oliver Weinmann schrieb:
    > > > >
    > > > > > I will try to get hands on the latest patches for solaris 8 and
    > > > > > see if that
    > > > > > fixes the nscd problems. I can't believe that samba-winbind is not
    > > > > > running
    > > > > > 100% well on a Solaris 8 machine.
    > > > > >
    > > > > >
    > > > > > On 4/28/08, Oliver Weinmann
    > > > > > wrote:
    > > > > >
    > > > > >
    > > > > > > Just for fun i changed the perms of /usr/lib/libnss_winbind.so
    > > > > > > to 777
    > > > > > >
    > > > > > > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    > > > > > > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    > > > > > > -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    > > > > > > /usr/lib/libnss_winbind.so
    > > > > > >
    > > > > > > nscd is turned off. I can login as an AD users but I cant start
    > > > > > > any
    > > > > > > command.
    > > > > > >
    > > > > > >
    > > > > > > login as: oweinmann
    > > > > > > Using keyboard-interactive authentication.
    > > > > > > Password:
    > > > > > > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
    > > > > > > bash-2.03$ ls -alrt
    > > > > > >
    > > > > > > [1]+ Stopped ls -alrt
    > > > > > > bash-2.03$ id
    > > > > > >
    > > > > > > [2]+ Stopped id
    > > > > > > bash-2.03$ group
    > > > > > >
    > > > > > > [3]+ Stopped group
    > > > > > > bash-2.03$ echo "TEST"
    > > > > > > TEST
    > > > > > > bash-2.03$
    > > > > > > Some commands are working and some others are put in background
    > > > > > > and the
    > > > > > > session closes after one or two minutes?
    > > > > > >
    > > > > > > When I turn on nscd everything is fine, except ls -alrt not
    > > > > > > working.
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > > On 4/28/08, Gerald (Jerry) Carter wrote:
    > > > > > >
    > > > > > >
    > > > > > > > -----BEGIN PGP SIGNED MESSAGE-----
    > > > > > > > Hash: SHA1
    > > > > > > >
    > > > > > > > Oliver Weinmann wrote:
    > > > > > > > | forgot to mention that the nss_winbind links are there:
    > > > > > > > |
    > > > > > > > | bash-2.03# ls -alrt /usr/lib/nss_w*
    > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > | /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
    > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > | /usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
    > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1
    > > > > > > >
    > > > > > > > Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
    > > > > > > > like it might be rwx for root only.
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > > cheers, jerry
    > > > > > > > - --
    > > > > > > >
    > > > > > > > ================================================== ===================
    > > > > > > > Samba -------
    > > > > > > > http://www.samba.org
    > > > > > > > Likewise Software ---------
    > > > > > > > http://www.likewisesoftware.com
    > > > > > > > "What man is a man who does not make the world better?"
    > > > > > > > --Balian
    > > > > > > > -----BEGIN PGP SIGNATURE-----
    > > > > > > > Version: GnuPG v1.4.2.2 (Darwin)
    > > > > > > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
    > > > > > > >
    > > > > > > >
    > > > > > > > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    > > > > > > > 0OxWwTr/wJPDW67YmZCAfQo=
    > > > > > > > =6S2v
    > > > > > > > -----END PGP SIGNATURE-----
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > > --
    > > > > Mit freundlichen Grüßen
    > > > > Dietrich Streifert
    > > > > --
    > > > > Visionet GmbH
    > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > Geschäftsführer: Stefan Lindner
    > > > >
    > > > >
    > > > >
    > > > >
    > > >
    > > > --
    > > > Mit freundlichen Grüßen
    > > > Dietrich Streifert
    > > > --
    > > > Visionet GmbH
    > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > Geschäftsführer: Stefan Lindner
    > > >
    > > >
    > > >
    > > >
    > > >

    > >
    > > --
    > > Mit freundlichen Grüßen
    > > Dietrich Streifert
    > > --
    > > Visionet GmbH
    > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > Registergericht: Handelsregister Fürth, HRB 6573
    > > Geschäftsführer: Stefan Lindner
    > >
    > >
    > >
    > >
    > >

    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  14. Re: [Samba] Strange behaviour of winbind on solaris 8

    Could the problem be that the AD users are not in any of the local groups on
    the machine? How do you manage your AD users to be members of local groups
    e.g. staff, sys etc.? pam_groups?

    On 4/29/08, Oliver Weinmann wrote:
    >
    > there is nothing in /etc/profile and the user oweinmann has no .bashrc.
    > The problem seems to be related to nscd. When nscd is turned on i can login
    > and issue commands and I don't get kicked out of the ssh login. There is no
    > idle session timeout set. If there was I would get kicked out when nscd is
    > turned on as well. Only when logged in as an AD user I get kicked out...
    >
    > On 4/29/08, Dietrich Streifert wrote:
    > >
    > > So there must be something in your bash init files, /etc/profile or
    > > ~/.bashrc (sorry I'm not a bash user) which causes the problem.
    > >
    > > Maybe something which forms the shell prompt like whoami etc.
    > >
    > > Maybe there is something like a autologout set for the csh or in sshd
    > > with idle session timeout.
    > >
    > >
    > > Oliver Weinmann schrieb:
    > >
    > > Hi,
    > >
    > > no, there was nothing in /var/adm/messages, but guess what with the csh
    > > ls -alrt and such commands work fine... But i get kicked out of the ssh
    > > session after 2 minutes...
    > >
    > >
    > > On 4/29/08, Dietrich Streifert wrote:
    > > >
    > > > Are there any messages in /var/adm/messages which are related to nss ?
    > > >
    > > > As I can see you are using bash as your shell.
    > > >
    > > > Try using csh. Does something change?
    > > >
    > > > Oliver Weinmann schrieb:
    > > >
    > > > su to user oweinmann works but when i ussie the ldd -r
    > > > /usr/lib/nss_winbind.so command it gets put in the background.. i then do
    > > > fg 2 and this is the output:
    > > >
    > > > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
    > > >
    > > > [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
    > > > bash-2.03$ fg 2
    > > > ldd -r /usr/lib/nss_winbind.so
    > > > libthread.so.1 => /usr/lib/libthread.so.1
    > > > libsocket.so.1 => /usr/lib/libsocket.so.1
    > > > libdl.so.1 => /usr/lib/libdl.so.1
    > > > libc.so.1 => /usr/lib/libc.so.1
    > > > libnsl.so.1 => /usr/lib/libnsl.so.1
    > > > libmp.so.2 => /usr/lib/libmp.so.2
    > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    > > >
    > > > bash-2.03$ ls -alrt /etc/nsswitch.conf
    > > >
    > > > [2]+ Stopped ls -alrt /etc/nsswitch.conf
    > > > bash-2.03$ fg 2
    > > > ls -alrt /etc/nsswitch.conf
    > > > -rw-r--r-- 1 root sys 1320 Apr 28 13:19
    > > > /etc/nsswitch.conf
    > > >
    > > >
    > > >
    > > >
    > > >
    > > > On 4/29/08, Dietrich Streifert wrote:
    > > > >
    > > > > Please try to login (or su) to the user oweinmann and issue then ldd
    > > > > -r /usr/lib/nss_winbind.so
    > > > >
    > > > > For some reason I think that non root users are not able to read one
    > > > > of the involved files.
    > > > >
    > > > > This could be
    > > > >
    > > > > /etc/nsswitch.conf
    > > > > /usr/lib/nss_winbind.so
    > > > >
    > > > > or some of the files found by the ldd -r command. The fact that you
    > > > > can issue commands while nscd is running points to this fact becausnscd is
    > > > > running as root and has permissions to read all of those files.
    > > > >
    > > > > /etc/nsswitch.conf should be readable by everyone.
    > > > >
    > > > > I compiled samba myself with a full stack of openssl, iconv, heimdal
    > > > > kerberos, cyrus-sasl, openldap and samba. While people often speak of the
    > > > > Windows DLL hell this is the Solaris shared library hell :-( But itworks.
    > > > >
    > > > >
    > > > >
    > > > > Oliver Weinmann schrieb:
    > > > >
    > > > > Hi,
    > > > >
    > > > > bash-2.03# ldd -r /usr/lib/nss_winbind.so
    > > > > libthread.so.1 => /usr/lib/libthread.so.1
    > > > > libsocket.so.1 => /usr/lib/libsocket.so.1
    > > > > libdl.so.1 => /usr/lib/libdl.so.1
    > > > > libc.so.1 => /usr/lib/libc.so.1
    > > > > libnsl.so.1 => /usr/lib/libnsl.so.1
    > > > > libmp.so.2 => /usr/lib/libmp.so.2
    > > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    > > > >
    > > > > I changed the permissions and files exactly to be the same but i
    > > > > still cant issue commands...
    > > > >
    > > > > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    > > > > -rwxr-xr-x 1 root other 74744 Apr 29 09:03
    > > > > /usr/lib/nss_winbind.so.1
    > > > > lrwxrwxrwx 1 root other 25 Apr 29 09:04
    > > > > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
    > > > >
    > > > > Could this also be a problem of a compiling? Have you compiled the
    > > > > samba yourself or are you using prebuilt packages?
    > > > >
    > > > > On 4/29/08, Dietrich Streifert
    > > > > wrote:
    > > > > >
    > > > > > which output gives ldd -r /usr/lib/nss_winbind.so ?
    > > > > >
    > > > > > I have the following naming and permission for nss_winbind:
    > > > > >
    > > > > > lrwxrwxrwx 1 root other 16 Jan 15 2004
    > > > > > nss_winbind.so -> nss_winbind.so.1
    > > > > > -rwxr-xr-x 1 root other 44540 Apr 28 17:35
    > > > > > nss_winbind.so.1
    > > > > >
    > > > > > Please try with the exactly same naming and permissions of your
    > > > > > files.
    > > > > >
    > > > > >
    > > > > >
    > > > > > Oliver Weinmann schrieb:
    > > > > >
    > > > > > > I will try to get hands on the latest patches for solaris 8 and
    > > > > > > see if that
    > > > > > > fixes the nscd problems. I can't believe that samba-winbind is
    > > > > > > not running
    > > > > > > 100% well on a Solaris 8 machine.
    > > > > > >
    > > > > > >
    > > > > > > On 4/28/08, Oliver Weinmann
    > > > > > > wrote:
    > > > > > >
    > > > > > >
    > > > > > > > Just for fun i changed the perms of /usr/lib/libnss_winbind.so
    > > > > > > > to 777
    > > > > > > >
    > > > > > > > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    > > > > > > > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    > > > > > > > -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    > > > > > > > /usr/lib/libnss_winbind.so
    > > > > > > >
    > > > > > > > nscd is turned off. I can login as an AD users but I cant
    > > > > > > > start any
    > > > > > > > command.
    > > > > > > >
    > > > > > > >
    > > > > > > > login as: oweinmann
    > > > > > > > Using keyboard-interactive authentication.
    > > > > > > > Password:
    > > > > > > > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
    > > > > > > > bash-2.03$ ls -alrt
    > > > > > > >
    > > > > > > > [1]+ Stopped ls -alrt
    > > > > > > > bash-2.03$ id
    > > > > > > >
    > > > > > > > [2]+ Stopped id
    > > > > > > > bash-2.03$ group
    > > > > > > >
    > > > > > > > [3]+ Stopped group
    > > > > > > > bash-2.03$ echo "TEST"
    > > > > > > > TEST
    > > > > > > > bash-2.03$
    > > > > > > > Some commands are working and some others are put in
    > > > > > > > background and the
    > > > > > > > session closes after one or two minutes?
    > > > > > > >
    > > > > > > > When I turn on nscd everything is fine, except ls -alrt not
    > > > > > > > working.
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > > On 4/28/08, Gerald (Jerry) Carter wrote:
    > > > > > > >
    > > > > > > >
    > > > > > > > > -----BEGIN PGP SIGNED MESSAGE-----
    > > > > > > > > Hash: SHA1
    > > > > > > > >
    > > > > > > > > Oliver Weinmann wrote:
    > > > > > > > > | forgot to mention that the nss_winbind links are there:
    > > > > > > > > |
    > > > > > > > > | bash-2.03# ls -alrt /usr/lib/nss_w*
    > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > > | /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
    > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > > | /usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
    > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > > | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1
    > > > > > > > >
    > > > > > > > > Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
    > > > > > > > > like it might be rwx for root only.
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > > > cheers, jerry
    > > > > > > > > - --
    > > > > > > > >
    > > > > > > > > ================================================== ===================
    > > > > > > > > Samba -------
    > > > > > > > > http://www.samba.org
    > > > > > > > > Likewise Software ---------
    > > > > > > > > http://www.likewisesoftware.com
    > > > > > > > > "What man is a man who does not make the world better?"
    > > > > > > > > --Balian
    > > > > > > > > -----BEGIN PGP SIGNATURE-----
    > > > > > > > > Version: GnuPG v1.4.2.2 (Darwin)
    > > > > > > > > Comment: Using GnuPG with Mozilla -
    > > > > > > > > http://enigmail.mozdev.org
    > > > > > > > >
    > > > > > > > >
    > > > > > > > > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    > > > > > > > > 0OxWwTr/wJPDW67YmZCAfQo=
    > > > > > > > > =6S2v
    > > > > > > > > -----END PGP SIGNATURE-----
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > > --
    > > > > > Mit freundlichen Grüßen
    > > > > > Dietrich Streifert
    > > > > > --
    > > > > > Visionet GmbH
    > > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > > Geschäftsführer: Stefan Lindner
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > > --
    > > > > Mit freundlichen Grüßen
    > > > > Dietrich Streifert
    > > > > --
    > > > > Visionet GmbH
    > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > Geschäftsführer: Stefan Lindner
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > >
    > > > --
    > > > Mit freundlichen Grüßen
    > > > Dietrich Streifert
    > > > --
    > > > Visionet GmbH
    > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > Geschäftsführer: Stefan Lindner
    > > >
    > > >
    > > >
    > > >
    > > >

    > >
    > > --
    > > Mit freundlichen Grüßen
    > > Dietrich Streifert
    > > --
    > > Visionet GmbH
    > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > Registergericht: Handelsregister Fürth, HRB 6573
    > > Geschäftsführer: Stefan Lindner
    > >
    > >
    > >
    > >

    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  15. Re: [Samba] Strange behaviour of winbind on solaris 8

    We have several installations where we use the two different AD schema
    extensions (SFU from Windows Services for Unix and rfc2307bis from
    Windows Server 2003R2) to put the needed information in.

    We are using the idmap_ad module to map the uid, gid, home etc.
    information from the AD.

    The local users and the AD users are completely separated. We do not mix
    up local users and AD users.

    The first basic test if the AD user information retreival is working is
    to use the getent command:

    getent

    So for a test user account I get:

    korund{root}[/]: getent passwd testuser
    testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh

    If this works the first step is done.

    The second test is to get all related Information for one user:

    korund{root}[/]: id -a testuser
    uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)

    The third test is to su - testuser and again try to issue both commands
    obove. If the retreived information is the same you should all be done
    (except from pam.conf which is another story).






    Oliver Weinmann schrieb:
    > Could the problem be that the AD users are not in any of the local
    > groups on the machine? How do you manage your AD users to be members
    > of local groups e.g. staff, sys etc.? pam_groups?
    >
    > On 4/29/08, *Oliver Weinmann* > liver.weinmann@googlemail.com>> wrote:
    >
    > there is nothing in /etc/profile and the user oweinmann has no
    > .bashrc. The problem seems to be related to nscd. When nscd is
    > turned on i can login and issue commands and I don't get kicked
    > out of the ssh login. There is no idle session timeout set. If
    > there was I would get kicked out when nscd is turned on as well.
    > Only when logged in as an AD user I get kicked out...
    >
    >
    > On 4/29/08, *Dietrich Streifert* > > wrote:
    >
    > So there must be something in your bash init files,
    > /etc/profile or ~/.bashrc (sorry I'm not a bash user) which
    > causes the problem.
    >
    > Maybe something which forms the shell prompt like whoami etc.
    >
    > Maybe there is something like a autologout set for the csh or
    > in sshd with idle session timeout.
    >
    >
    > Oliver Weinmann schrieb:
    >> Hi,
    >>
    >> no, there was nothing in /var/adm/messages, but guess what
    >> with the csh ls -alrt and such commands work fine... But i
    >> get kicked out of the ssh session after 2 minutes...
    >>
    >>
    >> On 4/29/08, *Dietrich Streifert*
    >> >> > wrote:
    >>
    >> Are there any messages in /var/adm/messages which are
    >> related to nss ?
    >>
    >> As I can see you are using bash as your shell.
    >>
    >> Try using csh. Does something change?
    >>
    >> Oliver Weinmann schrieb:
    >>> su to user oweinmann works but when i ussie the ldd -r
    >>> /usr/lib/nss_winbind.so command it gets put in the
    >>> background.. i then do fg 2 and this is the output:
    >>>
    >>> bash-2.03$ ldd -r /usr/lib/nss_winbind.so
    >>>
    >>> [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
    >>> bash-2.03$ fg 2
    >>> ldd -r /usr/lib/nss_winbind.so
    >>> libthread.so.1 => /usr/lib/libthread.so.1
    >>> libsocket.so.1 => /usr/lib/libsocket.so.1
    >>> libdl.so.1 => /usr/lib/libdl.so.1
    >>> libc.so.1 => /usr/lib/libc.so.1
    >>> libnsl.so.1 => /usr/lib/libnsl.so.1
    >>> libmp.so.2 => /usr/lib/libmp.so.2
    >>> /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >>>
    >>> bash-2.03$ ls -alrt /etc/nsswitch.conf
    >>>
    >>> [2]+ Stopped ls -alrt /etc/nsswitch.conf
    >>> bash-2.03$ fg 2
    >>> ls -alrt /etc/nsswitch.conf
    >>> -rw-r--r-- 1 root sys 1320 Apr 28 13:19
    >>> /etc/nsswitch.conf
    >>>
    >>>
    >>>
    >>>
    >>>
    >>>
    >>> On 4/29/08, *Dietrich Streifert*
    >>> >>> > wrote:
    >>>
    >>> Please try to login (or su) to the user oweinmann
    >>> and issue then ldd -r /usr/lib/nss_winbind.so
    >>>
    >>> For some reason I think that non root users are not
    >>> able to read one of the involved files.
    >>>
    >>> This could be
    >>>
    >>> /etc/nsswitch.conf
    >>> /usr/lib/nss_winbind.so
    >>>
    >>> or some of the files found by the ldd -r command.
    >>> The fact that you can issue commands while nscd is
    >>> running points to this fact becaus nscd is running
    >>> as root and has permissions to read all of those files.
    >>>
    >>> /etc/nsswitch.conf should be readable by everyone.
    >>>
    >>> I compiled samba myself with a full stack of
    >>> openssl, iconv, heimdal kerberos, cyrus-sasl,
    >>> openldap and samba. While people often speak of the
    >>> Windows DLL hell this is the Solaris shared library
    >>> hell :-( But it works.
    >>>
    >>>
    >>>
    >>> Oliver Weinmann schrieb:
    >>>> Hi,
    >>>>
    >>>> bash-2.03# ldd -r /usr/lib/nss_winbind.so
    >>>> libthread.so.1 =>
    >>>> /usr/lib/libthread.so.1
    >>>> libsocket.so.1 =>
    >>>> /usr/lib/libsocket.so.1
    >>>> libdl.so.1 => /usr/lib/libdl.so.1
    >>>> libc.so.1 => /usr/lib/libc.so.1
    >>>> libnsl.so.1 => /usr/lib/libnsl.so.1
    >>>> libmp.so.2 => /usr/lib/libmp.so.2
    >>>> /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >>>>
    >>>> I changed the permissions and files exactly to be
    >>>> the same but i still cant issue commands...
    >>>>
    >>>> bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    >>>> -rwxr-xr-x 1 root other 74744 Apr 29
    >>>> 09:03 /usr/lib/nss_winbind.so.1
    >>>> lrwxrwxrwx 1 root other 25 Apr 29
    >>>> 09:04 /usr/lib/nss_winbind.so ->
    >>>> /usr/lib/nss_winbind.so.1
    >>>>
    >>>> Could this also be a problem of a compiling? Have
    >>>> you compiled the samba yourself or are you using
    >>>> prebuilt packages?
    >>>>
    >>>> On 4/29/08, *Dietrich Streifert*
    >>>> >>>> > wrote:
    >>>>
    >>>> which output gives ldd -r /usr/lib/nss_winbind.so ?
    >>>>
    >>>> I have the following naming and permission for
    >>>> nss_winbind:
    >>>>
    >>>> lrwxrwxrwx 1 root other 16 Jan 15
    >>>> 2004 nss_winbind.so -> nss_winbind.so.1
    >>>> -rwxr-xr-x 1 root other 44540 Apr 28
    >>>> 17:35 nss_winbind.so.1
    >>>>
    >>>> Please try with the exactly same naming and
    >>>> permissions of your files.
    >>>>
    >>>>
    >>>>
    >>>> Oliver Weinmann schrieb:
    >>>>
    >>>> I will try to get hands on the latest
    >>>> patches for solaris 8 and see if that
    >>>> fixes the nscd problems. I can't believe
    >>>> that samba-winbind is not running
    >>>> 100% well on a Solaris 8 machine.
    >>>>
    >>>>
    >>>> On 4/28/08, Oliver Weinmann
    >>>> >>>> liver.weinmann@googlemail.com>> wrote:
    >>>>
    >>>>
    >>>> Just for fun i changed the perms of
    >>>> /usr/lib/libnss_winbind.so to 777
    >>>>
    >>>> bash-2.03# chmod 777
    >>>> /usr/lib/libnss_winbind.so
    >>>> bash-2.03# ls -alrt
    >>>> /usr/lib/libnss_winbind.so
    >>>> -rwxrwxrwx 1 root other
    >>>> 74744 Apr 28 13:32
    >>>> /usr/lib/libnss_winbind.so
    >>>>
    >>>> nscd is turned off. I can login as an
    >>>> AD users but I cant start any
    >>>> command.
    >>>>
    >>>>
    >>>> login as: oweinmann
    >>>> Using keyboard-interactive authentication.
    >>>> Password:
    >>>> Last login: Mon Apr 28 15:17:11 2008
    >>>> from vb8860.vegagrou
    >>>> bash-2.03$ ls -alrt
    >>>>
    >>>> [1]+ Stopped ls -alrt
    >>>> bash-2.03$ id
    >>>>
    >>>> [2]+ Stopped id
    >>>> bash-2.03$ group
    >>>>
    >>>> [3]+ Stopped group
    >>>> bash-2.03$ echo "TEST"
    >>>> TEST
    >>>> bash-2.03$
    >>>> Some commands are working and some
    >>>> others are put in background and the
    >>>> session closes after one or two minutes?
    >>>>
    >>>> When I turn on nscd everything is fine,
    >>>> except ls -alrt not working.
    >>>>
    >>>>
    >>>>
    >>>> On 4/28/08, Gerald (Jerry) Carter
    >>>> >>>> > wrote:
    >>>>
    >>>>
    >>>> -----BEGIN PGP SIGNED MESSAGE-----
    >>>> Hash: SHA1
    >>>>
    >>>> Oliver Weinmann wrote:
    >>>> | forgot to mention that the
    >>>> nss_winbind links are there:
    >>>> |
    >>>> | bash-2.03# ls -alrt /usr/lib/nss_w*
    >>>> | lrwxrwxrwx 1 root other
    >>>> 28 Apr 23 14:30
    >>>> | /usr/lib/nss_winbind.so.2 ->
    >>>> /usr/lib/libnss_winbind.so.1
    >>>> | lrwxrwxrwx 1 root other
    >>>> 28 Apr 23 14:30
    >>>> | /usr/lib/nss_winbind.so.1 ->
    >>>> /usr/lib/libnss_winbind.so.1
    >>>> | lrwxrwxrwx 1 root other
    >>>> 28 Apr 23 14:30
    >>>> | /usr/lib/nss_winbind.so ->
    >>>> /usr/lib/libnss_winbind.so.1
    >>>>
    >>>> Check the perms on
    >>>> /usr/lib/libnss_winbind.so.1. Sounds
    >>>> like it might be rwx for root only.
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>> cheers, jerry
    >>>> - --
    >>>> ================================================== ===================
    >>>> Samba
    >>>> ------- http://www.samba.org
    >>>>
    >>>> Likewise Software
    >>>> ---------
    >>>> http://www.likewisesoftware.com
    >>>>
    >>>> "What man is a man who does not
    >>>> make the world better?" --Balian
    >>>> -----BEGIN PGP SIGNATURE-----
    >>>> Version: GnuPG v1.4.2.2 (Darwin)
    >>>> Comment: Using GnuPG with Mozilla -
    >>>> http://enigmail.mozdev.org
    >>>>
    >>>>
    >>>> iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    >>>> 0OxWwTr/wJPDW67YmZCAfQo=
    >>>> =6S2v
    >>>> -----END PGP SIGNATURE-----
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>> --
    >>>> Mit freundlichen Grüßen
    >>>> Dietrich Streifert
    >>>> --
    >>>> Visionet GmbH
    >>>> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >>>> Registergericht: Handelsregister Fürth, HRB 6573
    >>>> Geschäftsführer: Stefan Lindner
    >>>>
    >>>>
    >>>>
    >>>>
    >>>
    >>> --
    >>> Mit freundlichen Grüßen
    >>> Dietrich Streifert
    >>> --
    >>> Visionet GmbH
    >>> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >>> Registergericht: Handelsregister Fürth, HRB 6573
    >>> Geschäftsführer: Stefan Lindner
    >>>
    >>>
    >>>
    >>>
    >>>

    >>
    >> --
    >> Mit freundlichen Grüßen
    >> Dietrich Streifert
    >> --
    >> Visionet GmbH
    >> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >> Registergericht: Handelsregister Fürth, HRB 6573
    >> Geschäftsführer: Stefan Lindner
    >>
    >>
    >>
    >>
    >>

    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >
    >
    >


    --
    Mit freundlichen Grüßen
    Dietrich Streifert
    --
    Visionet GmbH
    Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    Registergericht: Handelsregister Fürth, HRB 6573
    Geschäftsführer: Stefan Lindner



    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  16. Re: [Samba] Strange behaviour of winbind on solaris 8

    Here could be a problem. I could not change our win 2k3 schema. They were
    afraid it could break something... tsss. So i had to use the idmap_rid
    module. Which does a good job actually. It uses the last portion of the AD
    users SID and adds it to a base set in smb.conf. I issued your commands:

    bash-2.03# getent passwd | grep oweinmann
    oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
    oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
    oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
    bash-2.03# id -a oweinmann
    uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
    bash-2.03# su oweinmann
    $ id
    uid=11611(oweinmann) gid=1613(domain users)
    $ id -a

    the "id -a" as user "oweinmann" seems to get stuck. It just sits there. I
    noticed when issuing "groups oweinmann" as root it also gets stuck. On some
    users the "groups" command seems to be working on some other don't.


    On 4/29/08, Dietrich Streifert wrote:
    >
    > We have several installations where we use the two different AD schema
    > extensions (SFU from Windows Services for Unix and rfc2307bis from Windows
    > Server 2003R2) to put the needed information in.
    >
    > We are using the idmap_ad module to map the uid, gid, home etc.
    > information from the AD.
    >
    > The local users and the AD users are completely separated. We do not mix
    > up local users and AD users.
    >
    > The first basic test if the AD user information retreival is working is to
    > use the getent command:
    >
    > getent
    >
    > So for a test user account I get:
    >
    > korund{root}[/]: getent passwd testuser
    > testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh
    >
    > If this works the first step is done.
    >
    > The second test is to get all related Information for one user:
    >
    > korund{root}[/]: id -a testuser
    > uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
    >
    > The third test is to su - testuser and again try to issue both commands
    > obove. If the retreived information is the same you should all be done
    > (except from pam.conf which is another story).
    >
    >
    >
    >
    >
    >
    > Oliver Weinmann schrieb:
    >
    > Could the problem be that the AD users are not in any of the local groups
    > on the machine? How do you manage your AD users to be members of local
    > groups e.g. staff, sys etc.? pam_groups?
    >
    > On 4/29/08, Oliver Weinmann wrote:
    > >
    > > there is nothing in /etc/profile and the user oweinmann has no .bashrc.
    > > The problem seems to be related to nscd. When nscd is turned on i can login
    > > and issue commands and I don't get kicked out of the ssh login. There is no
    > > idle session timeout set. If there was I would get kicked out when nscdis
    > > turned on as well. Only when logged in as an AD user I get kicked out....
    > >
    > > On 4/29/08, Dietrich Streifert wrote:
    > > >
    > > > So there must be something in your bash init files, /etc/profile or
    > > > ~/.bashrc (sorry I'm not a bash user) which causes the problem.
    > > >
    > > > Maybe something which forms the shell prompt like whoami etc.
    > > >
    > > > Maybe there is something like a autologout set for the csh or in sshd
    > > > with idle session timeout.
    > > >
    > > >
    > > > Oliver Weinmann schrieb:
    > > >
    > > > Hi,
    > > >
    > > > no, there was nothing in /var/adm/messages, but guess what with the
    > > > csh ls -alrt and such commands work fine... But i get kicked out of the ssh
    > > > session after 2 minutes...
    > > >
    > > >
    > > > On 4/29/08, Dietrich Streifert wrote:
    > > > >
    > > > > Are there any messages in /var/adm/messages which are related to nss
    > > > > ?
    > > > >
    > > > > As I can see you are using bash as your shell.
    > > > >
    > > > > Try using csh. Does something change?
    > > > >
    > > > > Oliver Weinmann schrieb:
    > > > >
    > > > > su to user oweinmann works but when i ussie the ldd -r
    > > > > /usr/lib/nss_winbind.so command it gets put in the background.. i then do
    > > > > fg 2 and this is the output:
    > > > >
    > > > > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
    > > > >
    > > > > [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
    > > > > bash-2.03$ fg 2
    > > > > ldd -r /usr/lib/nss_winbind.so
    > > > > libthread.so.1 => /usr/lib/libthread.so.1
    > > > > libsocket.so.1 => /usr/lib/libsocket.so.1
    > > > > libdl.so.1 => /usr/lib/libdl.so.1
    > > > > libc.so.1 => /usr/lib/libc.so.1
    > > > > libnsl.so.1 => /usr/lib/libnsl.so.1
    > > > > libmp.so.2 => /usr/lib/libmp.so.2
    > > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    > > > >
    > > > > bash-2.03$ ls -alrt /etc/nsswitch.conf
    > > > >
    > > > > [2]+ Stopped ls -alrt /etc/nsswitch.conf
    > > > > bash-2.03$ fg 2
    > > > > ls -alrt /etc/nsswitch.conf
    > > > > -rw-r--r-- 1 root sys 1320 Apr 28 13:19
    > > > > /etc/nsswitch.conf
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > > On 4/29/08, Dietrich Streifert
    > > > > wrote:
    > > > > >
    > > > > > Please try to login (or su) to the user oweinmann and issue then
    > > > > > ldd -r /usr/lib/nss_winbind.so
    > > > > >
    > > > > > For some reason I think that non root users are not able to read
    > > > > > one of the involved files.
    > > > > >
    > > > > > This could be
    > > > > >
    > > > > > /etc/nsswitch.conf
    > > > > > /usr/lib/nss_winbind.so
    > > > > >
    > > > > > or some of the files found by the ldd -r command. The fact that
    > > > > > you can issue commands while nscd is running points to this fact becaus nscd
    > > > > > is running as root and has permissions to read all of those files..
    > > > > >
    > > > > > /etc/nsswitch.conf should be readable by everyone.
    > > > > >
    > > > > > I compiled samba myself with a full stack of openssl, iconv,
    > > > > > heimdal kerberos, cyrus-sasl, openldap and samba. While people often speak
    > > > > > of the Windows DLL hell this is the Solaris shared library hell :-( But it
    > > > > > works.
    > > > > >
    > > > > >
    > > > > >
    > > > > > Oliver Weinmann schrieb:
    > > > > >
    > > > > > Hi,
    > > > > >
    > > > > > bash-2.03# ldd -r /usr/lib/nss_winbind.so
    > > > > > libthread.so.1 => /usr/lib/libthread.so.1
    > > > > > libsocket.so.1 => /usr/lib/libsocket.so.1
    > > > > > libdl.so.1 => /usr/lib/libdl.so.1
    > > > > > libc.so.1 => /usr/lib/libc.so.1
    > > > > > libnsl.so.1 => /usr/lib/libnsl.so.1
    > > > > > libmp.so.2 => /usr/lib/libmp.so.2
    > > > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    > > > > >
    > > > > > I changed the permissions and files exactly to be the same but i
    > > > > > still cant issue commands...
    > > > > >
    > > > > > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    > > > > > -rwxr-xr-x 1 root other 74744 Apr 29 09:03
    > > > > > /usr/lib/nss_winbind.so.1
    > > > > > lrwxrwxrwx 1 root other 25 Apr 29 09:04
    > > > > > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
    > > > > >
    > > > > > Could this also be a problem of a compiling? Have you compiled the
    > > > > > samba yourself or are you using prebuilt packages?
    > > > > >
    > > > > > On 4/29/08, Dietrich Streifert
    > > > > > wrote:
    > > > > > >
    > > > > > > which output gives ldd -r /usr/lib/nss_winbind.so ?
    > > > > > >
    > > > > > > I have the following naming and permission for nss_winbind:
    > > > > > >
    > > > > > > lrwxrwxrwx 1 root other 16 Jan 15 2004
    > > > > > > nss_winbind.so -> nss_winbind.so.1
    > > > > > > -rwxr-xr-x 1 root other 44540 Apr 28 17:35
    > > > > > > nss_winbind.so.1
    > > > > > >
    > > > > > > Please try with the exactly same naming and permissions of your
    > > > > > > files.
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > > Oliver Weinmann schrieb:
    > > > > > >
    > > > > > > > I will try to get hands on the latest patches for solaris 8
    > > > > > > > and see if that
    > > > > > > > fixes the nscd problems. I can't believe that samba-winbind is
    > > > > > > > not running
    > > > > > > > 100% well on a Solaris 8 machine.
    > > > > > > >
    > > > > > > >
    > > > > > > > On 4/28/08, Oliver Weinmann
    > > > > > > > wrote:
    > > > > > > >
    > > > > > > >
    > > > > > > > > Just for fun i changed the perms of
    > > > > > > > > /usr/lib/libnss_winbind.so to 777
    > > > > > > > >
    > > > > > > > > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    > > > > > > > > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    > > > > > > > > -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    > > > > > > > > /usr/lib/libnss_winbind.so
    > > > > > > > >
    > > > > > > > > nscd is turned off. I can login as an AD users but I cant
    > > > > > > > > start any
    > > > > > > > > command.
    > > > > > > > >
    > > > > > > > >
    > > > > > > > > login as: oweinmann
    > > > > > > > > Using keyboard-interactive authentication.
    > > > > > > > > Password:
    > > > > > > > > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
    > > > > > > > > bash-2.03$ ls -alrt
    > > > > > > > >
    > > > > > > > > [1]+ Stopped ls -alrt
    > > > > > > > > bash-2.03$ id
    > > > > > > > >
    > > > > > > > > [2]+ Stopped id
    > > > > > > > > bash-2.03$ group
    > > > > > > > >
    > > > > > > > > [3]+ Stopped group
    > > > > > > > > bash-2.03$ echo "TEST"
    > > > > > > > > TEST
    > > > > > > > > bash-2.03$
    > > > > > > > > Some commands are working and some others are put in
    > > > > > > > > background and the
    > > > > > > > > session closes after one or two minutes?
    > > > > > > > >
    > > > > > > > > When I turn on nscd everything is fine, except ls -alrt not
    > > > > > > > > working.
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > > > On 4/28/08, Gerald (Jerry) Carter wrote:
    > > > > > > > >
    > > > > > > > >
    > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE-----
    > > > > > > > > > Hash: SHA1
    > > > > > > > > >
    > > > > > > > > > Oliver Weinmann wrote:
    > > > > > > > > > | forgot to mention that the nss_winbind links are there:
    > > > > > > > > > |
    > > > > > > > > > | bash-2.03# ls -alrt /usr/lib/nss_w*
    > > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > > > | /usr/lib/nss_winbind.so.2 ->
    > > > > > > > > > /usr/lib/libnss_winbind.so.1
    > > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > > > | /usr/lib/nss_winbind.so.1 ->
    > > > > > > > > > /usr/lib/libnss_winbind.so.1
    > > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > > > | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1
    > > > > > > > > >
    > > > > > > > > > Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
    > > > > > > > > > like it might be rwx for root only.
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > > cheers, jerry
    > > > > > > > > > - --
    > > > > > > > > >
    > > > > > > > > > ================================================== ===================
    > > > > > > > > > Samba -------
    > > > > > > > > > http://www.samba.org
    > > > > > > > > > Likewise Software ---------
    > > > > > > > > > http://www.likewisesoftware.com
    > > > > > > > > > "What man is a man who does not make the world better?"
    > > > > > > > > > --Balian
    > > > > > > > > > -----BEGIN PGP SIGNATURE-----
    > > > > > > > > > Version: GnuPG v1.4.2.2 (Darwin)
    > > > > > > > > > Comment: Using GnuPG with Mozilla -
    > > > > > > > > > http://enigmail.mozdev.org
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    > > > > > > > > > 0OxWwTr/wJPDW67YmZCAfQo=
    > > > > > > > > > =6S2v
    > > > > > > > > > -----END PGP SIGNATURE-----
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > >
    > > > > > > --
    > > > > > > Mit freundlichen Grüßen
    > > > > > > Dietrich Streifert
    > > > > > > --
    > > > > > > Visionet GmbH
    > > > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > > > Geschäftsführer: Stefan Lindner
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > > > --
    > > > > > Mit freundlichen Grüßen
    > > > > > Dietrich Streifert
    > > > > > --
    > > > > > Visionet GmbH
    > > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > > Geschäftsführer: Stefan Lindner
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > > --
    > > > > Mit freundlichen Grüßen
    > > > > Dietrich Streifert
    > > > > --
    > > > > Visionet GmbH
    > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > Geschäftsführer: Stefan Lindner
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > >
    > > > --
    > > > Mit freundlichen Grüßen
    > > > Dietrich Streifert
    > > > --
    > > > Visionet GmbH
    > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > Geschäftsführer: Stefan Lindner
    > > >
    > > >
    > > >
    > > >
    > > >

    > >

    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  17. Re: [Samba] Strange behaviour of winbind on solaris 8

    Which samba version do you use?

    Please post the global configuration section of smb.conf.


    Oliver Weinmann schrieb:
    > Here could be a problem. I could not change our win 2k3 schema. They
    > were afraid it could break something... tsss. So i had to use the
    > idmap_rid module. Which does a good job actually. It uses the last
    > portion of the AD users SID and adds it to a base set in smb.conf. I
    > issued your commands:
    >
    > bash-2.03# getent passwd | grep oweinmann
    > oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
    > oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
    > oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
    > bash-2.03# id -a oweinmann
    > uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
    > bash-2.03# su oweinmann
    > $ id
    > uid=11611(oweinmann) gid=1613(domain users)
    > $ id -a
    >
    > the "id -a" as user "oweinmann" seems to get stuck. It just sits
    > there. I noticed when issuing "groups oweinmann" as root it also gets
    > stuck. On some users the "groups" command seems to be working on some
    > other don't.
    >
    >
    > On 4/29/08, *Dietrich Streifert* > > wrote:
    >
    > We have several installations where we use the two different AD
    > schema extensions (SFU from Windows Services for Unix and
    > rfc2307bis from Windows Server 2003R2) to put the needed
    > information in.
    >
    > We are using the idmap_ad module to map the uid, gid, home etc.
    > information from the AD.
    >
    > The local users and the AD users are completely separated. We do
    > not mix up local users and AD users.
    >
    > The first basic test if the AD user information retreival is
    > working is to use the getent command:
    >
    > getent
    >
    > So for a test user account I get:
    >
    > korund{root}[/]: getent passwd testuser
    > testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh
    >
    > If this works the first step is done.
    >
    > The second test is to get all related Information for one user:
    >
    > korund{root}[/]: id -a testuser
    > uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
    >
    > The third test is to su - testuser and again try to issue both
    > commands obove. If the retreived information is the same you
    > should all be done (except from pam.conf which is another story).
    >
    >
    >
    >
    >
    >
    > Oliver Weinmann schrieb:
    >> Could the problem be that the AD users are not in any of the
    >> local groups on the machine? How do you manage your AD users to
    >> be members of local groups e.g. staff, sys etc.? pam_groups?
    >>
    >> On 4/29/08, *Oliver Weinmann* >> liver.weinmann@googlemail.com>> wrote:
    >>
    >> there is nothing in /etc/profile and the user oweinmann has
    >> no .bashrc. The problem seems to be related to nscd. When
    >> nscd is turned on i can login and issue commands and I don't
    >> get kicked out of the ssh login. There is no idle session
    >> timeout set. If there was I would get kicked out when nscd is
    >> turned on as well. Only when logged in as an AD user I get
    >> kicked out...
    >>
    >>
    >> On 4/29/08, *Dietrich Streifert*
    >> >> > wrote:
    >>
    >> So there must be something in your bash init files,
    >> /etc/profile or ~/.bashrc (sorry I'm not a bash user)
    >> which causes the problem.
    >>
    >> Maybe something which forms the shell prompt like whoami etc.
    >>
    >> Maybe there is something like a autologout set for the
    >> csh or in sshd with idle session timeout.
    >>
    >>
    >> Oliver Weinmann schrieb:
    >>> Hi,
    >>>
    >>> no, there was nothing in /var/adm/messages, but guess
    >>> what with the csh ls -alrt and such commands work
    >>> fine... But i get kicked out of the ssh session after 2
    >>> minutes...
    >>>
    >>>
    >>> On 4/29/08, *Dietrich Streifert*
    >>> >>> > wrote:
    >>>
    >>> Are there any messages in /var/adm/messages which
    >>> are related to nss ?
    >>>
    >>> As I can see you are using bash as your shell.
    >>>
    >>> Try using csh. Does something change?
    >>>
    >>> Oliver Weinmann schrieb:
    >>>> su to user oweinmann works but when i ussie the ldd
    >>>> -r /usr/lib/nss_winbind.so command it gets put in
    >>>> the background.. i then do fg 2 and this is the
    >>>> output:
    >>>>
    >>>> bash-2.03$ ldd -r /usr/lib/nss_winbind.so
    >>>>
    >>>> [2]+ Stopped ldd -r
    >>>> /usr/lib/nss_winbind.so
    >>>> bash-2.03$ fg 2
    >>>> ldd -r /usr/lib/nss_winbind.so
    >>>> libthread.so.1 =>
    >>>> /usr/lib/libthread.so.1
    >>>> libsocket.so.1 =>
    >>>> /usr/lib/libsocket.so.1
    >>>> libdl.so.1 => /usr/lib/libdl.so.1
    >>>> libc.so.1 => /usr/lib/libc.so.1
    >>>> libnsl.so.1 => /usr/lib/libnsl.so.1
    >>>> libmp.so.2 => /usr/lib/libmp.so.2
    >>>> /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >>>>
    >>>> bash-2.03$ ls -alrt /etc/nsswitch.conf
    >>>>
    >>>> [2]+ Stopped ls -alrt
    >>>> /etc/nsswitch.conf
    >>>> bash-2.03$ fg 2
    >>>> ls -alrt /etc/nsswitch.conf
    >>>> -rw-r--r-- 1 root sys 1320 Apr 28
    >>>> 13:19 /etc/nsswitch.conf
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>> On 4/29/08, *Dietrich Streifert*
    >>>> >>>> > wrote:
    >>>>
    >>>> Please try to login (or su) to the user
    >>>> oweinmann and issue then ldd -r
    >>>> /usr/lib/nss_winbind.so
    >>>>
    >>>> For some reason I think that non root users are
    >>>> not able to read one of the involved files.
    >>>>
    >>>> This could be
    >>>>
    >>>> /etc/nsswitch.conf
    >>>> /usr/lib/nss_winbind.so
    >>>>
    >>>> or some of the files found by the ldd -r
    >>>> command. The fact that you can issue commands
    >>>> while nscd is running points to this fact
    >>>> becaus nscd is running as root and has
    >>>> permissions to read all of those files.
    >>>>
    >>>> /etc/nsswitch.conf should be readable by everyone.
    >>>>
    >>>> I compiled samba myself with a full stack of
    >>>> openssl, iconv, heimdal kerberos, cyrus-sasl,
    >>>> openldap and samba. While people often speak of
    >>>> the Windows DLL hell this is the Solaris shared
    >>>> library hell :-( But it works.
    >>>>
    >>>>
    >>>>
    >>>> Oliver Weinmann schrieb:
    >>>>> Hi,
    >>>>>
    >>>>> bash-2.03# ldd -r /usr/lib/nss_winbind.so
    >>>>> libthread.so.1 =>
    >>>>> /usr/lib/libthread.so.1
    >>>>> libsocket.so.1 =>
    >>>>> /usr/lib/libsocket.so.1
    >>>>> libdl.so.1 => /usr/lib/libdl.so.1
    >>>>> libc.so.1 => /usr/lib/libc.so.1
    >>>>> libnsl.so.1 => /usr/lib/libnsl.so.1
    >>>>> libmp.so.2 => /usr/lib/libmp.so.2
    >>>>>
    >>>>> /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >>>>>
    >>>>> I changed the permissions and files exactly to
    >>>>> be the same but i still cant issue commands...
    >>>>>
    >>>>> bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    >>>>> -rwxr-xr-x 1 root other 74744 Apr
    >>>>> 29 09:03 /usr/lib/nss_winbind.so.1
    >>>>> lrwxrwxrwx 1 root other 25 Apr
    >>>>> 29 09:04 /usr/lib/nss_winbind.so ->
    >>>>> /usr/lib/nss_winbind.so.1
    >>>>>
    >>>>> Could this also be a problem of a compiling?
    >>>>> Have you compiled the samba yourself or are
    >>>>> you using prebuilt packages?
    >>>>>
    >>>>> On 4/29/08, *Dietrich Streifert*
    >>>>> >>>>> > wrote:
    >>>>>
    >>>>> which output gives ldd -r
    >>>>> /usr/lib/nss_winbind.so ?
    >>>>>
    >>>>> I have the following naming and permission
    >>>>> for nss_winbind:
    >>>>>
    >>>>> lrwxrwxrwx 1 root other 16
    >>>>> Jan 15 2004 nss_winbind.so ->
    >>>>> nss_winbind.so.1
    >>>>> -rwxr-xr-x 1 root other 44540
    >>>>> Apr 28 17:35 nss_winbind.so.1
    >>>>>
    >>>>> Please try with the exactly same naming
    >>>>> and permissions of your files.
    >>>>>
    >>>>>
    >>>>>
    >>>>> Oliver Weinmann schrieb:
    >>>>>
    >>>>> I will try to get hands on the latest
    >>>>> patches for solaris 8 and see if that
    >>>>> fixes the nscd problems. I can't
    >>>>> believe that samba-winbind is not running
    >>>>> 100% well on a Solaris 8 machine.
    >>>>>
    >>>>>
    >>>>> On 4/28/08, Oliver Weinmann
    >>>>> >>>>> liver.weinmann@googlemail.com>>
    >>>>> wrote:
    >>>>>
    >>>>>
    >>>>> Just for fun i changed the perms
    >>>>> of /usr/lib/libnss_winbind.so to 777
    >>>>>
    >>>>> bash-2.03# chmod 777
    >>>>> /usr/lib/libnss_winbind.so
    >>>>> bash-2.03# ls -alrt
    >>>>> /usr/lib/libnss_winbind.so
    >>>>> -rwxrwxrwx 1 root other
    >>>>> 74744 Apr 28 13:32
    >>>>> /usr/lib/libnss_winbind.so
    >>>>>
    >>>>> nscd is turned off. I can login as
    >>>>> an AD users but I cant start any
    >>>>> command.
    >>>>>
    >>>>>
    >>>>> login as: oweinmann
    >>>>> Using keyboard-interactive
    >>>>> authentication.
    >>>>> Password:
    >>>>> Last login: Mon Apr 28 15:17:11
    >>>>> 2008 from vb8860.vegagrou
    >>>>> bash-2.03$ ls -alrt
    >>>>>
    >>>>> [1]+ Stopped ls -alrt
    >>>>> bash-2.03$ id
    >>>>>
    >>>>> [2]+ Stopped id
    >>>>> bash-2.03$ group
    >>>>>
    >>>>> [3]+ Stopped group
    >>>>> bash-2.03$ echo "TEST"
    >>>>> TEST
    >>>>> bash-2.03$
    >>>>> Some commands are working and some
    >>>>> others are put in background and the
    >>>>> session closes after one or two
    >>>>> minutes?
    >>>>>
    >>>>> When I turn on nscd everything is
    >>>>> fine, except ls -alrt not working.
    >>>>>
    >>>>>
    >>>>>
    >>>>> On 4/28/08, Gerald (Jerry) Carter
    >>>>> >>>>> > wrote:
    >>>>>
    >>>>>
    >>>>> -----BEGIN PGP SIGNED MESSAGE-----
    >>>>> Hash: SHA1
    >>>>>
    >>>>> Oliver Weinmann wrote:
    >>>>> | forgot to mention that the
    >>>>> nss_winbind links are there:
    >>>>> |
    >>>>> | bash-2.03# ls -alrt
    >>>>> /usr/lib/nss_w*
    >>>>> | lrwxrwxrwx 1 root
    >>>>> other 28 Apr 23 14:30
    >>>>> | /usr/lib/nss_winbind.so.2 ->
    >>>>> /usr/lib/libnss_winbind.so.1
    >>>>> | lrwxrwxrwx 1 root
    >>>>> other 28 Apr 23 14:30
    >>>>> | /usr/lib/nss_winbind.so.1 ->
    >>>>> /usr/lib/libnss_winbind.so.1
    >>>>> | lrwxrwxrwx 1 root
    >>>>> other 28 Apr 23 14:30
    >>>>> | /usr/lib/nss_winbind.so ->
    >>>>> /usr/lib/libnss_winbind.so.1
    >>>>>
    >>>>> Check the perms on
    >>>>> /usr/lib/libnss_winbind.so.1.
    >>>>> Sounds
    >>>>> like it might be rwx for root
    >>>>> only.
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>> cheers, jerry
    >>>>> - --
    >>>>> ================================================== ===================
    >>>>> Samba
    >>>>> -------
    >>>>> http://www.samba.org
    >>>>>
    >>>>> Likewise Software
    >>>>> ---------
    >>>>> http://www.likewisesoftware.com
    >>>>>
    >>>>> "What man is a man who does
    >>>>> not make the world better?"
    >>>>> --Balian
    >>>>> -----BEGIN PGP SIGNATURE-----
    >>>>> Version: GnuPG v1.4.2.2 (Darwin)
    >>>>> Comment: Using GnuPG with
    >>>>> Mozilla -
    >>>>> http://enigmail.mozdev.org
    >>>>>
    >>>>>
    >>>>> iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    >>>>> 0OxWwTr/wJPDW67YmZCAfQo=
    >>>>> =6S2v
    >>>>> -----END PGP SIGNATURE-----
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>> --
    >>>>> Mit freundlichen Grüßen
    >>>>> Dietrich Streifert
    >>>>> --
    >>>>> Visionet GmbH
    >>>>> Firmensitz: Am Weichselgarten 7, 91058
    >>>>> Erlangen
    >>>>> Registergericht: Handelsregister Fürth,
    >>>>> HRB 6573
    >>>>> Geschäftsführer: Stefan Lindner
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>
    >>>> --
    >>>> Mit freundlichen Grüßen
    >>>> Dietrich Streifert
    >>>> --
    >>>> Visionet GmbH
    >>>> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >>>> Registergericht: Handelsregister Fürth, HRB 6573
    >>>> Geschäftsführer: Stefan Lindner
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>
    >>> --
    >>> Mit freundlichen Grüßen
    >>> Dietrich Streifert
    >>> --
    >>> Visionet GmbH
    >>> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >>> Registergericht: Handelsregister Fürth, HRB 6573
    >>> Geschäftsführer: Stefan Lindner
    >>>
    >>>
    >>>
    >>>
    >>>

    >>
    >> --
    >> Mit freundlichen Grüßen
    >> Dietrich Streifert
    >> --
    >> Visionet GmbH
    >> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >> Registergericht: Handelsregister Fürth, HRB 6573
    >> Geschäftsführer: Stefan Lindner
    >>
    >>
    >>
    >>
    >>
    >>

    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >
    >


    --
    Mit freundlichen Grüßen
    Dietrich Streifert
    --
    Visionet GmbH
    Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    Registergericht: Handelsregister Fürth, HRB 6573
    Geschäftsführer: Stefan Lindner



    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  18. Re: [Samba] Strange behaviour of winbind on solaris 8

    It's the latest stable.

    # smbd -V
    Version 3.0.28a

    [global]
    netbios name = rose8
    realm = VEGAGROUP.NET
    workgroup = VEGA
    security = ADS
    encrypt passwords = yes
    password server = *
    os level = 20
    socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
    idmap uid = 1100-200000
    idmap gid = 1100-200000
    idmap backend = rid:VEGA=1100-200000
    allow trusted domains = no
    winbind enum users = yes
    winbind enum groups = yes
    template homedir = /home/%U
    template shell = /bin/sh
    preferred master = no
    winbind nested groups = Yes
    winbind use default domain = Yes
    #winbind separator = +
    #winbind normalize names = yes
    log level = 10
    max log size = 50
    log file = /var/log/samba/log.%m
    dns proxy = no
    wins server = 172.20.205.1
    allow trusted domains = No
    client use spnego = Yes
    use kerberos keytab = true
    winbind offline logon = yes

    I really appreciate your big effort. Thanks!

    On 4/29/08, Dietrich Streifert wrote:
    >
    > Which samba version do you use?
    >
    > Please post the global configuration section of smb.conf.
    >
    >
    > Oliver Weinmann schrieb:
    >
    > Here could be a problem. I could not change our win 2k3 schema. They were
    > afraid it could break something... tsss. So i had to use the idmap_rid
    > module. Which does a good job actually. It uses the last portion of the AD
    > users SID and adds it to a base set in smb.conf. I issued your commands:
    >
    > bash-2.03# getent passwd | grep oweinmann
    > oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
    > oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
    > oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
    > bash-2.03# id -a oweinmann
    > uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
    > bash-2.03# su oweinmann
    > $ id
    > uid=11611(oweinmann) gid=1613(domain users)
    > $ id -a
    >
    > the "id -a" as user "oweinmann" seems to get stuck. It just sits there. I
    > noticed when issuing "groups oweinmann" as root it also gets stuck. On some
    > users the "groups" command seems to be working on some other don't.
    >
    >
    > On 4/29/08, Dietrich Streifert wrote:
    > >
    > > We have several installations where we use the two different AD schema
    > > extensions (SFU from Windows Services for Unix and rfc2307bis from Windows
    > > Server 2003R2) to put the needed information in.
    > >
    > > We are using the idmap_ad module to map the uid, gid, home etc.
    > > information from the AD.
    > >
    > > The local users and the AD users are completely separated. We do not mix
    > > up local users and AD users.
    > >
    > > The first basic test if the AD user information retreival is working is
    > > to use the getent command:
    > >
    > > getent
    > >
    > > So for a test user account I get:
    > >
    > > korund{root}[/]: getent passwd testuser
    > > testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh
    > >
    > > If this works the first step is done.
    > >
    > > The second test is to get all related Information for one user:
    > >
    > > korund{root}[/]: id -a testuser
    > > uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
    > >
    > > The third test is to su - testuser and again try to issue both commands
    > > obove. If the retreived information is the same you should all be done
    > > (except from pam.conf which is another story).
    > >
    > >
    > >
    > >
    > >
    > >
    > > Oliver Weinmann schrieb:
    > >
    > > Could the problem be that the AD users are not in any of the local
    > > groups on the machine? How do you manage your AD users to be members of
    > > local groups e.g. staff, sys etc.? pam_groups?
    > >
    > > On 4/29/08, Oliver Weinmann wrote:
    > > >
    > > > there is nothing in /etc/profile and the user oweinmann has no
    > > > .bashrc. The problem seems to be related to nscd. When nscd is turnedon i
    > > > can login and issue commands and I don't get kicked out of the ssh login.
    > > > There is no idle session timeout set. If there was I would get kickedout
    > > > when nscd is turned on as well. Only when logged in as an AD user I get
    > > > kicked out...
    > > >
    > > > On 4/29/08, Dietrich Streifert wrote:
    > > > >
    > > > > So there must be something in your bash init files, /etc/profile or
    > > > > ~/.bashrc (sorry I'm not a bash user) which causes the problem.
    > > > >
    > > > > Maybe something which forms the shell prompt like whoami etc.
    > > > >
    > > > > Maybe there is something like a autologout set for the csh or in
    > > > > sshd with idle session timeout.
    > > > >
    > > > >
    > > > > Oliver Weinmann schrieb:
    > > > >
    > > > > Hi,
    > > > >
    > > > > no, there was nothing in /var/adm/messages, but guess what with the
    > > > > csh ls -alrt and such commands work fine... But i get kicked out ofthe ssh
    > > > > session after 2 minutes...
    > > > >
    > > > >
    > > > > On 4/29/08, Dietrich Streifert
    > > > > wrote:
    > > > > >
    > > > > > Are there any messages in /var/adm/messages which are related to
    > > > > > nss ?
    > > > > >
    > > > > > As I can see you are using bash as your shell.
    > > > > >
    > > > > > Try using csh. Does something change?
    > > > > >
    > > > > > Oliver Weinmann schrieb:
    > > > > >
    > > > > > su to user oweinmann works but when i ussie the ldd -r
    > > > > > /usr/lib/nss_winbind.so command it gets put in the background.. i then do
    > > > > > fg 2 and this is the output:
    > > > > >
    > > > > > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
    > > > > >
    > > > > > [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
    > > > > > bash-2.03$ fg 2
    > > > > > ldd -r /usr/lib/nss_winbind.so
    > > > > > libthread.so.1 => /usr/lib/libthread.so.1
    > > > > > libsocket.so.1 => /usr/lib/libsocket.so.1
    > > > > > libdl.so.1 => /usr/lib/libdl.so.1
    > > > > > libc.so.1 => /usr/lib/libc.so.1
    > > > > > libnsl.so.1 => /usr/lib/libnsl.so.1
    > > > > > libmp.so.2 => /usr/lib/libmp.so.2
    > > > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    > > > > >
    > > > > > bash-2.03$ ls -alrt /etc/nsswitch.conf
    > > > > >
    > > > > > [2]+ Stopped ls -alrt /etc/nsswitch.conf
    > > > > > bash-2.03$ fg 2
    > > > > > ls -alrt /etc/nsswitch.conf
    > > > > > -rw-r--r-- 1 root sys 1320 Apr 28 13:19
    > > > > > /etc/nsswitch.conf
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > > On 4/29/08, Dietrich Streifert
    > > > > > wrote:
    > > > > > >
    > > > > > > Please try to login (or su) to the user oweinmann and issue then
    > > > > > > ldd -r /usr/lib/nss_winbind.so
    > > > > > >
    > > > > > > For some reason I think that non root users are not able to read
    > > > > > > one of the involved files.
    > > > > > >
    > > > > > > This could be
    > > > > > >
    > > > > > > /etc/nsswitch.conf
    > > > > > > /usr/lib/nss_winbind.so
    > > > > > >
    > > > > > > or some of the files found by the ldd -r command. The fact that
    > > > > > > you can issue commands while nscd is running points to this fact becaus nscd
    > > > > > > is running as root and has permissions to read all of those files.
    > > > > > >
    > > > > > > /etc/nsswitch.conf should be readable by everyone.
    > > > > > >
    > > > > > > I compiled samba myself with a full stack of openssl, iconv,
    > > > > > > heimdal kerberos, cyrus-sasl, openldap and samba. While people often speak
    > > > > > > of the Windows DLL hell this is the Solaris shared library hell:-( But it
    > > > > > > works.
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > > Oliver Weinmann schrieb:
    > > > > > >
    > > > > > > Hi,
    > > > > > >
    > > > > > > bash-2.03# ldd -r /usr/lib/nss_winbind.so
    > > > > > > libthread.so.1 => /usr/lib/libthread.so.1
    > > > > > > libsocket.so.1 => /usr/lib/libsocket.so.1
    > > > > > > libdl.so.1 => /usr/lib/libdl.so.1
    > > > > > > libc.so.1 => /usr/lib/libc.so.1
    > > > > > > libnsl.so.1 => /usr/lib/libnsl.so.1
    > > > > > > libmp.so.2 => /usr/lib/libmp.so.2
    > > > > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    > > > > > >
    > > > > > > I changed the permissions and files exactly to be the same but i
    > > > > > > still cant issue commands...
    > > > > > >
    > > > > > > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    > > > > > > -rwxr-xr-x 1 root other 74744 Apr 29 09:03
    > > > > > > /usr/lib/nss_winbind.so.1
    > > > > > > lrwxrwxrwx 1 root other 25 Apr 29 09:04
    > > > > > > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
    > > > > > >
    > > > > > > Could this also be a problem of a compiling? Have you compiled
    > > > > > > the samba yourself or are you using prebuilt packages?
    > > > > > >
    > > > > > > On 4/29/08, Dietrich Streifert
    > > > > > > wrote:
    > > > > > > >
    > > > > > > > which output gives ldd -r /usr/lib/nss_winbind.so ?
    > > > > > > >
    > > > > > > > I have the following naming and permission for nss_winbind:
    > > > > > > >
    > > > > > > > lrwxrwxrwx 1 root other 16 Jan 15 2004
    > > > > > > > nss_winbind.so -> nss_winbind.so.1
    > > > > > > > -rwxr-xr-x 1 root other 44540 Apr 28 17:35
    > > > > > > > nss_winbind.so.1
    > > > > > > >
    > > > > > > > Please try with the exactly same naming and permissions of
    > > > > > > > your files.
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > > Oliver Weinmann schrieb:
    > > > > > > >
    > > > > > > > > I will try to get hands on the latest patches for solaris 8
    > > > > > > > > and see if that
    > > > > > > > > fixes the nscd problems. I can't believe that samba-winbind
    > > > > > > > > is not running
    > > > > > > > > 100% well on a Solaris 8 machine.
    > > > > > > > >
    > > > > > > > >
    > > > > > > > > On 4/28/08, Oliver Weinmann
    > > > > > > > > wrote:
    > > > > > > > >
    > > > > > > > >
    > > > > > > > > > Just for fun i changed the perms of
    > > > > > > > > > /usr/lib/libnss_winbind.so to 777
    > > > > > > > > >
    > > > > > > > > > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    > > > > > > > > > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    > > > > > > > > > -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    > > > > > > > > > /usr/lib/libnss_winbind.so
    > > > > > > > > >
    > > > > > > > > > nscd is turned off. I can login as an AD users but I cant
    > > > > > > > > > start any
    > > > > > > > > > command.
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > > login as: oweinmann
    > > > > > > > > > Using keyboard-interactive authentication.
    > > > > > > > > > Password:
    > > > > > > > > > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
    > > > > > > > > > bash-2.03$ ls -alrt
    > > > > > > > > >
    > > > > > > > > > [1]+ Stopped ls -alrt
    > > > > > > > > > bash-2.03$ id
    > > > > > > > > >
    > > > > > > > > > [2]+ Stopped id
    > > > > > > > > > bash-2.03$ group
    > > > > > > > > >
    > > > > > > > > > [3]+ Stopped group
    > > > > > > > > > bash-2.03$ echo "TEST"
    > > > > > > > > > TEST
    > > > > > > > > > bash-2.03$
    > > > > > > > > > Some commands are working and some others are put in
    > > > > > > > > > background and the
    > > > > > > > > > session closes after one or two minutes?
    > > > > > > > > >
    > > > > > > > > > When I turn on nscd everything is fine, except ls -alrt
    > > > > > > > > > not working.
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > > On 4/28/08, Gerald (Jerry) Carter wrote:
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE-----
    > > > > > > > > > > Hash: SHA1
    > > > > > > > > > >
    > > > > > > > > > > Oliver Weinmann wrote:
    > > > > > > > > > > | forgot to mention that the nss_winbind links are
    > > > > > > > > > > there:
    > > > > > > > > > > |
    > > > > > > > > > > | bash-2.03# ls -alrt /usr/lib/nss_w*
    > > > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > > > > | /usr/lib/nss_winbind.so.2 ->
    > > > > > > > > > > /usr/lib/libnss_winbind.so.1
    > > > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > > > > | /usr/lib/nss_winbind.so.1 ->
    > > > > > > > > > > /usr/lib/libnss_winbind.so.1
    > > > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
    > > > > > > > > > > | /usr/lib/nss_winbind.so ->
    > > > > > > > > > > /usr/lib/libnss_winbind.so.1
    > > > > > > > > > >
    > > > > > > > > > > Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
    > > > > > > > > > > like it might be rwx for root only.
    > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > > > cheers, jerry
    > > > > > > > > > > - --
    > > > > > > > > > >
    > > > > > > > > > > ================================================== ===================
    > > > > > > > > > > Samba -------
    > > > > > > > > > > http://www.samba.org
    > > > > > > > > > > Likewise Software ---------
    > > > > > > > > > > http://www.likewisesoftware.com
    > > > > > > > > > > "What man is a man who does not make the world better?"
    > > > > > > > > > > --Balian
    > > > > > > > > > > -----BEGIN PGP SIGNATURE-----
    > > > > > > > > > > Version: GnuPG v1.4.2.2 (Darwin)
    > > > > > > > > > > Comment: Using GnuPG with Mozilla -
    > > > > > > > > > > http://enigmail.mozdev.org
    > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > > > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    > > > > > > > > > > 0OxWwTr/wJPDW67YmZCAfQo=
    > > > > > > > > > > =6S2v
    > > > > > > > > > > -----END PGP SIGNATURE-----
    > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > >
    > > > > > > > --
    > > > > > > > Mit freundlichen Grüßen
    > > > > > > > Dietrich Streifert
    > > > > > > > --
    > > > > > > > Visionet GmbH
    > > > > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > > > > Geschäftsführer: Stefan Lindner
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > > > --
    > > > > > > Mit freundlichen Grüßen
    > > > > > > Dietrich Streifert
    > > > > > > --
    > > > > > > Visionet GmbH
    > > > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > > > Geschäftsführer: Stefan Lindner
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > > > --
    > > > > > Mit freundlichen Grüßen
    > > > > > Dietrich Streifert
    > > > > > --
    > > > > > Visionet GmbH
    > > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > > Geschäftsführer: Stefan Lindner
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > > --
    > > > > Mit freundlichen Grüßen
    > > > > Dietrich Streifert
    > > > > --
    > > > > Visionet GmbH
    > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > Geschäftsführer: Stefan Lindner
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > >

    > >
    > > --
    > > Mit freundlichen Grüßen
    > > Dietrich Streifert
    > > --
    > > Visionet GmbH
    > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > Registergericht: Handelsregister Fürth, HRB 6573
    > > Geschäftsführer: Stefan Lindner
    > >
    > >
    > >
    > >
    > >

    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  19. Re: [Samba] Strange behaviour of winbind on solaris 8

    Please try to set combinations of

    winbind enum groups = No

    and test again.

    This could be the reason why getent groups never ends. This is known to
    be a problem with big AD user/groups databases.

    Have a look at this and related paramters in path>/swat/help/manpages/smb.conf.5.html



    Oliver Weinmann schrieb:
    > It's the latest stable.
    >
    > # smbd -V
    > Version 3.0.28a
    >
    > [global]
    > netbios name = rose8
    > realm = VEGAGROUP.NET
    > workgroup = VEGA
    > security = ADS
    > encrypt passwords = yes
    > password server = *
    > os level = 20
    > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
    > idmap uid = 1100-200000
    > idmap gid = 1100-200000
    > idmap backend = rid:VEGA=1100-200000
    > allow trusted domains = no
    > winbind enum users = yes
    > winbind enum groups = yes
    > template homedir = /home/%U
    > template shell = /bin/sh
    > preferred master = no
    > winbind nested groups = Yes
    > winbind use default domain = Yes
    > #winbind separator = +
    > #winbind normalize names = yes
    > log level = 10
    > max log size = 50
    > log file = /var/log/samba/log.%m
    > dns proxy = no
    > wins server = 172.20.205.1
    > allow trusted domains = No
    > client use spnego = Yes
    > use kerberos keytab = true
    > winbind offline logon = yes
    >
    > I really appreciate your big effort. Thanks!
    >
    > On 4/29/08, *Dietrich Streifert* > > wrote:
    >
    > Which samba version do you use?
    >
    > Please post the global configuration section of smb.conf.
    >
    >
    > Oliver Weinmann schrieb:
    >> Here could be a problem. I could not change our win 2k3 schema.
    >> They were afraid it could break something... tsss. So i had to
    >> use the idmap_rid module. Which does a good job actually. It uses
    >> the last portion of the AD users SID and adds it to a base set in
    >> smb.conf. I issued your commands:
    >>
    >> bash-2.03# getent passwd | grep oweinmann
    >> oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
    >> oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
    >> oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
    >> bash-2.03# id -a oweinmann
    >> uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
    >> bash-2.03# su oweinmann
    >> $ id
    >> uid=11611(oweinmann) gid=1613(domain users)
    >> $ id -a
    >>
    >> the "id -a" as user "oweinmann" seems to get stuck. It just sits
    >> there. I noticed when issuing "groups oweinmann" as root it also
    >> gets stuck. On some users the "groups" command seems to be
    >> working on some other don't.
    >>
    >>
    >> On 4/29/08, *Dietrich Streifert* >> > wrote:
    >>
    >> We have several installations where we use the two different
    >> AD schema extensions (SFU from Windows Services for Unix and
    >> rfc2307bis from Windows Server 2003R2) to put the needed
    >> information in.
    >>
    >> We are using the idmap_ad module to map the uid, gid, home
    >> etc. information from the AD.
    >>
    >> The local users and the AD users are completely separated. We
    >> do not mix up local users and AD users.
    >>
    >> The first basic test if the AD user information retreival is
    >> working is to use the getent command:
    >>
    >> getent
    >>
    >> So for a test user account I get:
    >>
    >> korund{root}[/]: getent passwd testuser
    >> testuser:*:1004:1000:Lastname,
    >> Firstname:/home/testuser:/bin/tcsh
    >>
    >> If this works the first step is done.
    >>
    >> The second test is to get all related Information for one user:
    >>
    >> korund{root}[/]: id -a testuser
    >> uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
    >>
    >> The third test is to su - testuser and again try to issue
    >> both commands obove. If the retreived information is the same
    >> you should all be done (except from pam.conf which is another
    >> story).
    >>
    >>
    >>
    >>
    >>
    >>
    >> Oliver Weinmann schrieb:
    >>> Could the problem be that the AD users are not in any of the
    >>> local groups on the machine? How do you manage your AD users
    >>> to be members of local groups e.g. staff, sys etc.? pam_groups?
    >>>
    >>> On 4/29/08, *Oliver Weinmann*
    >>> >>> liver.weinmann@googlemail.com>> wrote:
    >>>
    >>> there is nothing in /etc/profile and the user oweinmann
    >>> has no .bashrc. The problem seems to be related to nscd.
    >>> When nscd is turned on i can login and issue commands
    >>> and I don't get kicked out of the ssh login. There is no
    >>> idle session timeout set. If there was I would get
    >>> kicked out when nscd is turned on as well. Only when
    >>> logged in as an AD user I get kicked out...
    >>>
    >>>
    >>> On 4/29/08, *Dietrich Streifert*
    >>> >>> > wrote:
    >>>
    >>> So there must be something in your bash init files,
    >>> /etc/profile or ~/.bashrc (sorry I'm not a bash
    >>> user) which causes the problem.
    >>>
    >>> Maybe something which forms the shell prompt like
    >>> whoami etc.
    >>>
    >>> Maybe there is something like a autologout set for
    >>> the csh or in sshd with idle session timeout.
    >>>
    >>>
    >>> Oliver Weinmann schrieb:
    >>>> Hi,
    >>>>
    >>>> no, there was nothing in /var/adm/messages, but
    >>>> guess what with the csh ls -alrt and such
    >>>> commands work fine... But i get kicked out of the
    >>>> ssh session after 2 minutes...
    >>>>
    >>>>
    >>>> On 4/29/08, *Dietrich Streifert*
    >>>> >>>> > wrote:
    >>>>
    >>>> Are there any messages in /var/adm/messages
    >>>> which are related to nss ?
    >>>>
    >>>> As I can see you are using bash as your shell.
    >>>>
    >>>> Try using csh. Does something change?
    >>>>
    >>>> Oliver Weinmann schrieb:
    >>>>> su to user oweinmann works but when i ussie
    >>>>> the ldd -r /usr/lib/nss_winbind.so command it
    >>>>> gets put in the background.. i then do fg 2
    >>>>> and this is the output:
    >>>>>
    >>>>> bash-2.03$ ldd -r /usr/lib/nss_winbind.so
    >>>>>
    >>>>> [2]+ Stopped ldd -r
    >>>>> /usr/lib/nss_winbind.so
    >>>>> bash-2.03$ fg 2
    >>>>> ldd -r /usr/lib/nss_winbind.so
    >>>>> libthread.so.1 =>
    >>>>> /usr/lib/libthread.so.1
    >>>>> libsocket.so.1 =>
    >>>>> /usr/lib/libsocket.so.1
    >>>>> libdl.so.1 => /usr/lib/libdl.so.1
    >>>>> libc.so.1 => /usr/lib/libc.so.1
    >>>>> libnsl.so.1 => /usr/lib/libnsl.so.1
    >>>>> libmp.so.2 => /usr/lib/libmp.so.2
    >>>>>
    >>>>> /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >>>>>
    >>>>> bash-2.03$ ls -alrt /etc/nsswitch.conf
    >>>>>
    >>>>> [2]+ Stopped ls -alrt
    >>>>> /etc/nsswitch.conf
    >>>>> bash-2.03$ fg 2
    >>>>> ls -alrt /etc/nsswitch.conf
    >>>>> -rw-r--r-- 1 root sys 1320 Apr
    >>>>> 28 13:19 /etc/nsswitch.conf
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>> On 4/29/08, *Dietrich Streifert*
    >>>>> >>>>> > wrote:
    >>>>>
    >>>>> Please try to login (or su) to the user
    >>>>> oweinmann and issue then ldd -r
    >>>>> /usr/lib/nss_winbind.so
    >>>>>
    >>>>> For some reason I think that non root
    >>>>> users are not able to read one of the
    >>>>> involved files.
    >>>>>
    >>>>> This could be
    >>>>>
    >>>>> /etc/nsswitch.conf
    >>>>> /usr/lib/nss_winbind.so
    >>>>>
    >>>>> or some of the files found by the ldd -r
    >>>>> command. The fact that you can issue
    >>>>> commands while nscd is running points to
    >>>>> this fact becaus nscd is running as root
    >>>>> and has permissions to read all of those
    >>>>> files.
    >>>>>
    >>>>> /etc/nsswitch.conf should be readable by
    >>>>> everyone.
    >>>>>
    >>>>> I compiled samba myself with a full stack
    >>>>> of openssl, iconv, heimdal kerberos,
    >>>>> cyrus-sasl, openldap and samba. While
    >>>>> people often speak of the Windows DLL hell
    >>>>> this is the Solaris shared library hell
    >>>>> :-( But it works.
    >>>>>
    >>>>>
    >>>>>
    >>>>> Oliver Weinmann schrieb:
    >>>>>> Hi,
    >>>>>>
    >>>>>> bash-2.03# ldd -r /usr/lib/nss_winbind.so
    >>>>>> libthread.so.1 =>
    >>>>>> /usr/lib/libthread.so.1
    >>>>>> libsocket.so.1 =>
    >>>>>> /usr/lib/libsocket.so.1
    >>>>>> libdl.so.1 => /usr/lib/libdl.so.1
    >>>>>> libc.so.1 => /usr/lib/libc.so.1
    >>>>>> libnsl.so.1 => /usr/lib/libnsl.so.1
    >>>>>> libmp.so.2 => /usr/lib/libmp.so.2
    >>>>>>
    >>>>>> /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    >>>>>>
    >>>>>> I changed the permissions and files
    >>>>>> exactly to be the same but i still cant
    >>>>>> issue commands...
    >>>>>>
    >>>>>> bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    >>>>>> -rwxr-xr-x 1 root other 74744
    >>>>>> Apr 29 09:03 /usr/lib/nss_winbind.so.1
    >>>>>> lrwxrwxrwx 1 root other 25
    >>>>>> Apr 29 09:04 /usr/lib/nss_winbind.so ->
    >>>>>> /usr/lib/nss_winbind.so.1
    >>>>>>
    >>>>>> Could this also be a problem of a
    >>>>>> compiling? Have you compiled the samba
    >>>>>> yourself or are you using prebuilt packages?
    >>>>>>
    >>>>>> On 4/29/08, *Dietrich Streifert*
    >>>>>> >>>>>> >
    >>>>>> wrote:
    >>>>>>
    >>>>>> which output gives ldd -r
    >>>>>> /usr/lib/nss_winbind.so ?
    >>>>>>
    >>>>>> I have the following naming and
    >>>>>> permission for nss_winbind:
    >>>>>>
    >>>>>> lrwxrwxrwx 1 root other
    >>>>>> 16 Jan 15 2004 nss_winbind.so ->
    >>>>>> nss_winbind.so.1
    >>>>>> -rwxr-xr-x 1 root other
    >>>>>> 44540 Apr 28 17:35 nss_winbind.so.1
    >>>>>>
    >>>>>> Please try with the exactly same
    >>>>>> naming and permissions of your files.
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>> Oliver Weinmann schrieb:
    >>>>>>
    >>>>>> I will try to get hands on the
    >>>>>> latest patches for solaris 8 and
    >>>>>> see if that
    >>>>>> fixes the nscd problems. I can't
    >>>>>> believe that samba-winbind is not
    >>>>>> running
    >>>>>> 100% well on a Solaris 8 machine.
    >>>>>>
    >>>>>>
    >>>>>> On 4/28/08, Oliver Weinmann
    >>>>>> >>>>>> liver.weinmann@googlemail.com>>
    >>>>>> wrote:
    >>>>>>
    >>>>>>
    >>>>>> Just for fun i changed the
    >>>>>> perms of
    >>>>>> /usr/lib/libnss_winbind.so to 777
    >>>>>>
    >>>>>> bash-2.03# chmod 777
    >>>>>> /usr/lib/libnss_winbind.so
    >>>>>> bash-2.03# ls -alrt
    >>>>>> /usr/lib/libnss_winbind.so
    >>>>>> -rwxrwxrwx 1 root other
    >>>>>> 74744 Apr 28 13:32
    >>>>>> /usr/lib/libnss_winbind.so
    >>>>>>
    >>>>>> nscd is turned off. I can
    >>>>>> login as an AD users but I
    >>>>>> cant start any
    >>>>>> command.
    >>>>>>
    >>>>>>
    >>>>>> login as: oweinmann
    >>>>>> Using keyboard-interactive
    >>>>>> authentication.
    >>>>>> Password:
    >>>>>> Last login: Mon Apr 28
    >>>>>> 15:17:11 2008 from
    >>>>>> vb8860.vegagrou
    >>>>>> bash-2.03$ ls -alrt
    >>>>>>
    >>>>>> [1]+ Stopped
    >>>>>> ls -alrt
    >>>>>> bash-2.03$ id
    >>>>>>
    >>>>>> [2]+ Stopped id
    >>>>>> bash-2.03$ group
    >>>>>>
    >>>>>> [3]+ Stopped
    >>>>>> group
    >>>>>> bash-2.03$ echo "TEST"
    >>>>>> TEST
    >>>>>> bash-2.03$
    >>>>>> Some commands are working and
    >>>>>> some others are put in
    >>>>>> background and the
    >>>>>> session closes after one or
    >>>>>> two minutes?
    >>>>>>
    >>>>>> When I turn on nscd
    >>>>>> everything is fine, except ls
    >>>>>> -alrt not working.
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>> On 4/28/08, Gerald (Jerry)
    >>>>>> Carter >>>>>> > wrote:
    >>>>>>
    >>>>>>
    >>>>>> -----BEGIN PGP SIGNED
    >>>>>> MESSAGE-----
    >>>>>> Hash: SHA1
    >>>>>>
    >>>>>> Oliver Weinmann wrote:
    >>>>>> | forgot to mention that
    >>>>>> the nss_winbind links are
    >>>>>> there:
    >>>>>> |
    >>>>>> | bash-2.03# ls -alrt
    >>>>>> /usr/lib/nss_w*
    >>>>>> | lrwxrwxrwx 1 root
    >>>>>> other 28 Apr 23 14:30
    >>>>>> |
    >>>>>> /usr/lib/nss_winbind.so.2
    >>>>>> ->
    >>>>>> /usr/lib/libnss_winbind.so.1
    >>>>>> | lrwxrwxrwx 1 root
    >>>>>> other 28 Apr 23 14:30
    >>>>>> |
    >>>>>> /usr/lib/nss_winbind.so.1
    >>>>>> ->
    >>>>>> /usr/lib/libnss_winbind.so.1
    >>>>>> | lrwxrwxrwx 1 root
    >>>>>> other 28 Apr 23 14:30
    >>>>>> | /usr/lib/nss_winbind.so
    >>>>>> ->
    >>>>>> /usr/lib/libnss_winbind.so.1
    >>>>>>
    >>>>>> Check the perms on
    >>>>>> /usr/lib/libnss_winbind.so.1.
    >>>>>> Sounds
    >>>>>> like it might be rwx for
    >>>>>> root only.
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>> cheers, jerry
    >>>>>> - --
    >>>>>> ================================================== ===================
    >>>>>> Samba
    >>>>>> -------
    >>>>>> http://www.samba.org
    >>>>>>
    >>>>>> Likewise Software
    >>>>>> ---------
    >>>>>> http://www.likewisesoftware.com
    >>>>>>
    >>>>>> "What man is a man who
    >>>>>> does not make the world
    >>>>>> better?" --Balian
    >>>>>> -----BEGIN PGP SIGNATURE-----
    >>>>>> Version: GnuPG v1.4.2.2
    >>>>>> (Darwin)
    >>>>>> Comment: Using GnuPG with
    >>>>>> Mozilla -
    >>>>>> http://enigmail.mozdev.org
    >>>>>>
    >>>>>>
    >>>>>> iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    >>>>>> 0OxWwTr/wJPDW67YmZCAfQo=
    >>>>>> =6S2v
    >>>>>> -----END PGP SIGNATURE-----
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>> --
    >>>>>> Mit freundlichen Grüßen
    >>>>>> Dietrich Streifert
    >>>>>> --
    >>>>>> Visionet GmbH
    >>>>>> Firmensitz: Am Weichselgarten 7,
    >>>>>> 91058 Erlangen
    >>>>>> Registergericht: Handelsregister
    >>>>>> Fürth, HRB 6573
    >>>>>> Geschäftsführer: Stefan Lindner
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>>
    >>>>>
    >>>>> --
    >>>>> Mit freundlichen Grüßen
    >>>>> Dietrich Streifert
    >>>>> --
    >>>>> Visionet GmbH
    >>>>> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >>>>> Registergericht: Handelsregister Fürth, HRB 6573
    >>>>> Geschäftsführer: Stefan Lindner
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>>
    >>>>
    >>>> --
    >>>> Mit freundlichen Grüßen
    >>>> Dietrich Streifert
    >>>> --
    >>>> Visionet GmbH
    >>>> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >>>> Registergericht: Handelsregister Fürth, HRB 6573
    >>>> Geschäftsführer: Stefan Lindner
    >>>>
    >>>>
    >>>>
    >>>>
    >>>>
    >>>
    >>> --
    >>> Mit freundlichen Grüßen
    >>> Dietrich Streifert
    >>> --
    >>> Visionet GmbH
    >>> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >>> Registergericht: Handelsregister Fürth, HRB 6573
    >>> Geschäftsführer: Stefan Lindner
    >>>
    >>>
    >>>
    >>>
    >>>
    >>>

    >>
    >> --
    >> Mit freundlichen Grüßen
    >> Dietrich Streifert
    >> --
    >> Visionet GmbH
    >> Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    >> Registergericht: Handelsregister Fürth, HRB 6573
    >> Geschäftsführer: Stefan Lindner
    >>
    >>
    >>
    >>
    >>

    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >
    >


    --
    Mit freundlichen Grüßen
    Dietrich Streifert
    --
    Visionet GmbH
    Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    Registergericht: Handelsregister Fürth, HRB 6573
    Geschäftsführer: Stefan Lindner



    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  20. Re: [Samba] Strange behaviour of winbind on solaris 8

    Yes, i added him to that group to see if that makes any difference. Thanks
    for all your help. And I will let you know, when I found out what the
    problem is.

    Best Regards,
    Oliver


    On 4/29/08, Dietrich Streifert wrote:
    >
    > I wonder why oweinmann is member of the group staff. Maybe there is an
    > entry for oweinmann in /etc/passwd?
    >
    > So I'm running out of ideas :-( Mabye someone out there can take over.
    >
    > Good luck and report back what you have found.
    >
    >
    > Oliver Weinmann schrieb:
    >
    > I changed both groups and users to "no". Still no difference. Another
    > strange thing i came across.
    >
    > as user "oweinmann"
    >
    > $ id
    > uid=11611(oweinmann) gid=1613(domain users)
    > $ id -a oweinmann
    > uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
    > $ id -a
    >
    > why is the id -a oweinmann working as user "oweinmann" but not id -a????
    >
    >
    > On 4/29/08, Dietrich Streifert wrote:
    > >
    > > Please try to set combinations of
    > >
    > > winbind enum groups = No
    > >
    > > and test again.
    > >
    > > This could be the reason why getent groups never ends. This is known to
    > > be a problem with big AD user/groups databases.
    > >
    > > Have a look at this and related paramters in > > path>/swat/help/manpages/smb.conf.5.html
    > >
    > >
    > >
    > > Oliver Weinmann schrieb:
    > >
    > > It's the latest stable.
    > >
    > > # smbd -V
    > > Version 3.0.28a
    > >
    > > [global]
    > > netbios name = rose8
    > > realm = VEGAGROUP.NET
    > > workgroup = VEGA
    > > security = ADS
    > > encrypt passwords = yes
    > > password server = *
    > > os level = 20
    > > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
    > > idmap uid = 1100-200000
    > > idmap gid = 1100-200000
    > > idmap backend = rid:VEGA=1100-200000
    > > allow trusted domains = no
    > > winbind enum users = yes
    > > winbind enum groups = yes
    > > template homedir = /home/%U
    > > template shell = /bin/sh
    > > preferred master = no
    > > winbind nested groups = Yes
    > > winbind use default domain = Yes
    > > #winbind separator = +
    > > #winbind normalize names = yes
    > > log level = 10
    > > max log size = 50
    > > log file = /var/log/samba/log.%m
    > > dns proxy = no
    > > wins server = 172.20.205.1
    > > allow trusted domains = No
    > > client use spnego = Yes
    > > use kerberos keytab = true
    > > winbind offline logon = yes
    > >
    > > I really appreciate your big effort. Thanks!
    > >
    > > On 4/29/08, Dietrich Streifert wrote:
    > > >
    > > > Which samba version do you use?
    > > >
    > > > Please post the global configuration section of smb.conf.
    > > >
    > > >
    > > > Oliver Weinmann schrieb:
    > > >
    > > > Here could be a problem. I could not change our win 2k3 schema. They
    > > > were afraid it could break something... tsss. So i had to use the idmap_rid
    > > > module. Which does a good job actually. It uses the last portion of the AD
    > > > users SID and adds it to a base set in smb.conf. I issued your commands:
    > > >
    > > > bash-2.03# getent passwd | grep oweinmann
    > > > oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
    > > > oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
    > > > oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
    > > > bash-2.03# id -a oweinmann
    > > > uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
    > > > bash-2.03# su oweinmann
    > > > $ id
    > > > uid=11611(oweinmann) gid=1613(domain users)
    > > > $ id -a
    > > >
    > > > the "id -a" as user "oweinmann" seems to get stuck. It just sits
    > > > there. I noticed when issuing "groups oweinmann" as root it also getsstuck.
    > > > On some users the "groups" command seems to be working on some other don't.
    > > >
    > > >
    > > > On 4/29/08, Dietrich Streifert wrote:
    > > > >
    > > > > We have several installations where we use the two different AD
    > > > > schema extensions (SFU from Windows Services for Unix and rfc2307bis from
    > > > > Windows Server 2003R2) to put the needed information in.
    > > > >
    > > > > We are using the idmap_ad module to map the uid, gid, home etc.
    > > > > information from the AD.
    > > > >
    > > > > The local users and the AD users are completely separated. We do not
    > > > > mix up local users and AD users.
    > > > >
    > > > > The first basic test if the AD user information retreival is working
    > > > > is to use the getent command:
    > > > >
    > > > > getent
    > > > >
    > > > > So for a test user account I get:
    > > > >
    > > > > korund{root}[/]: getent passwd testuser
    > > > > testuser:*:1004:1000:Lastname,
    > > > > Firstname:/home/testuser:/bin/tcsh
    > > > >
    > > > > If this works the first step is done.
    > > > >
    > > > > The second test is to get all related Information for one user:
    > > > >
    > > > > korund{root}[/]: id -a testuser
    > > > > uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
    > > > >
    > > > > The third test is to su - testuser and again try to issue both
    > > > > commands obove. If the retreived information is the same you shouldall be
    > > > > done (except from pam.conf which is another story).
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > > Oliver Weinmann schrieb:
    > > > >
    > > > > Could the problem be that the AD users are not in any of the local
    > > > > groups on the machine? How do you manage your AD users to be members of
    > > > > local groups e.g. staff, sys etc.? pam_groups?
    > > > >
    > > > > On 4/29/08, Oliver Weinmann wrote:
    > > > > >
    > > > > > there is nothing in /etc/profile and the user oweinmann has no
    > > > > > .bashrc. The problem seems to be related to nscd. When nscd is turned on i
    > > > > > can login and issue commands and I don't get kicked out of the ssh login.
    > > > > > There is no idle session timeout set. If there was I would get kicked out
    > > > > > when nscd is turned on as well. Only when logged in as an AD userI get
    > > > > > kicked out...
    > > > > >
    > > > > > On 4/29/08, Dietrich Streifert
    > > > > > wrote:
    > > > > > >
    > > > > > > So there must be something in your bash init files, /etc/profile
    > > > > > > or ~/.bashrc (sorry I'm not a bash user) which causes the problem.
    > > > > > >
    > > > > > > Maybe something which forms the shell prompt like whoami etc.
    > > > > > >
    > > > > > > Maybe there is something like a autologout set for the csh or in
    > > > > > > sshd with idle session timeout.
    > > > > > >
    > > > > > >
    > > > > > > Oliver Weinmann schrieb:
    > > > > > >
    > > > > > > Hi,
    > > > > > >
    > > > > > > no, there was nothing in /var/adm/messages, but guess what with
    > > > > > > the csh ls -alrt and such commands work fine... But i get kicked out of the
    > > > > > > ssh session after 2 minutes...
    > > > > > >
    > > > > > >
    > > > > > > On 4/29/08, Dietrich Streifert
    > > > > > > wrote:
    > > > > > > >
    > > > > > > > Are there any messages in /var/adm/messages which are related
    > > > > > > > to nss ?
    > > > > > > >
    > > > > > > > As I can see you are using bash as your shell.
    > > > > > > >
    > > > > > > > Try using csh. Does something change?
    > > > > > > >
    > > > > > > > Oliver Weinmann schrieb:
    > > > > > > >
    > > > > > > > su to user oweinmann works but when i ussie the ldd -r
    > > > > > > > /usr/lib/nss_winbind.so command it gets put in the background... i then do
    > > > > > > > fg 2 and this is the output:
    > > > > > > >
    > > > > > > > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
    > > > > > > >
    > > > > > > > [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
    > > > > > > > bash-2.03$ fg 2
    > > > > > > > ldd -r /usr/lib/nss_winbind.so
    > > > > > > > libthread.so.1 => /usr/lib/libthread.so.1
    > > > > > > > libsocket.so.1 => /usr/lib/libsocket.so.1
    > > > > > > > libdl.so.1 => /usr/lib/libdl.so.1
    > > > > > > > libc.so.1 => /usr/lib/libc.so.1
    > > > > > > > libnsl.so.1 => /usr/lib/libnsl.so.1
    > > > > > > > libmp.so.2 => /usr/lib/libmp.so.2
    > > > > > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    > > > > > > >
    > > > > > > > bash-2.03$ ls -alrt /etc/nsswitch.conf
    > > > > > > >
    > > > > > > > [2]+ Stopped ls -alrt /etc/nsswitch.conf
    > > > > > > > bash-2.03$ fg 2
    > > > > > > > ls -alrt /etc/nsswitch.conf
    > > > > > > > -rw-r--r-- 1 root sys 1320 Apr 28 13:19
    > > > > > > > /etc/nsswitch.conf
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > > On 4/29/08, Dietrich Streifert
    > > > > > > > wrote:
    > > > > > > > >
    > > > > > > > > Please try to login (or su) to the user oweinmann and issue
    > > > > > > > > then ldd -r /usr/lib/nss_winbind.so
    > > > > > > > >
    > > > > > > > > For some reason I think that non root users are not able to
    > > > > > > > > read one of the involved files.
    > > > > > > > >
    > > > > > > > > This could be
    > > > > > > > >
    > > > > > > > > /etc/nsswitch.conf
    > > > > > > > > /usr/lib/nss_winbind.so
    > > > > > > > >
    > > > > > > > > or some of the files found by the ldd -r command. The fact
    > > > > > > > > that you can issue commands while nscd is running points tothis fact becaus
    > > > > > > > > nscd is running as root and has permissions to read all of those files.
    > > > > > > > >
    > > > > > > > > /etc/nsswitch.conf should be readable by everyone.
    > > > > > > > >
    > > > > > > > > I compiled samba myself with a full stack of openssl, iconv,
    > > > > > > > > heimdal kerberos, cyrus-sasl, openldap and samba. While people often speak
    > > > > > > > > of the Windows DLL hell this is the Solaris shared library hell :-( But it
    > > > > > > > > works.
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > > > Oliver Weinmann schrieb:
    > > > > > > > >
    > > > > > > > > Hi,
    > > > > > > > >
    > > > > > > > > bash-2.03# ldd -r /usr/lib/nss_winbind.so
    > > > > > > > > libthread.so.1 => /usr/lib/libthread.so.1
    > > > > > > > > libsocket.so.1 => /usr/lib/libsocket.so.1
    > > > > > > > > libdl.so.1 => /usr/lib/libdl.so.1
    > > > > > > > > libc.so.1 => /usr/lib/libc.so.1
    > > > > > > > > libnsl.so.1 => /usr/lib/libnsl.so.1
    > > > > > > > > libmp.so.2 => /usr/lib/libmp.so.2
    > > > > > > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
    > > > > > > > >
    > > > > > > > > I changed the permissions and files exactly to be the same
    > > > > > > > > but i still cant issue commands...
    > > > > > > > >
    > > > > > > > > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
    > > > > > > > > -rwxr-xr-x 1 root other 74744 Apr 29 09:03
    > > > > > > > > /usr/lib/nss_winbind.so.1
    > > > > > > > > lrwxrwxrwx 1 root other 25 Apr 29 09:04
    > > > > > > > > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
    > > > > > > > >
    > > > > > > > > Could this also be a problem of a compiling? Have you
    > > > > > > > > compiled the samba yourself or are you using prebuilt packages?
    > > > > > > > >
    > > > > > > > > On 4/29/08, Dietrich Streifert <
    > > > > > > > > dietrich.streifert@visionet.de> wrote:
    > > > > > > > > >
    > > > > > > > > > which output gives ldd -r /usr/lib/nss_winbind.so ?
    > > > > > > > > >
    > > > > > > > > > I have the following naming and permission for
    > > > > > > > > > nss_winbind:
    > > > > > > > > >
    > > > > > > > > > lrwxrwxrwx 1 root other 16 Jan 15 2004
    > > > > > > > > > nss_winbind.so -> nss_winbind.so.1
    > > > > > > > > > -rwxr-xr-x 1 root other 44540 Apr 28 17:35
    > > > > > > > > > nss_winbind.so.1
    > > > > > > > > >
    > > > > > > > > > Please try with the exactly same naming and permissions of
    > > > > > > > > > your files.
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > > Oliver Weinmann schrieb:
    > > > > > > > > >
    > > > > > > > > > > I will try to get hands on the latest patches for
    > > > > > > > > > > solaris 8 and see if that
    > > > > > > > > > > fixes the nscd problems. I can't believe that
    > > > > > > > > > > samba-winbind is not running
    > > > > > > > > > > 100% well on a Solaris 8 machine.
    > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > > > On 4/28/08, Oliver Weinmann <
    > > > > > > > > > > oliver.weinmann@googlemail.com> wrote:
    > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > > > > Just for fun i changed the perms of
    > > > > > > > > > > > /usr/lib/libnss_winbind.so to 777
    > > > > > > > > > > >
    > > > > > > > > > > > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
    > > > > > > > > > > > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
    > > > > > > > > > > > -rwxrwxrwx 1 root other 74744 Apr 28 13:32
    > > > > > > > > > > > /usr/lib/libnss_winbind.so
    > > > > > > > > > > >
    > > > > > > > > > > > nscd is turned off. I can login as an AD users but I
    > > > > > > > > > > > cant start any
    > > > > > > > > > > > command.
    > > > > > > > > > > >
    > > > > > > > > > > >
    > > > > > > > > > > > login as: oweinmann
    > > > > > > > > > > > Using keyboard-interactive authentication.
    > > > > > > > > > > > Password:
    > > > > > > > > > > > Last login: Mon Apr 28 15:17:11 2008 from
    > > > > > > > > > > > vb8860.vegagrou
    > > > > > > > > > > > bash-2.03$ ls -alrt
    > > > > > > > > > > >
    > > > > > > > > > > > [1]+ Stopped ls -alrt
    > > > > > > > > > > > bash-2.03$ id
    > > > > > > > > > > >
    > > > > > > > > > > > [2]+ Stopped id
    > > > > > > > > > > > bash-2.03$ group
    > > > > > > > > > > >
    > > > > > > > > > > > [3]+ Stopped group
    > > > > > > > > > > > bash-2.03$ echo "TEST"
    > > > > > > > > > > > TEST
    > > > > > > > > > > > bash-2.03$
    > > > > > > > > > > > Some commands are working and some others are put in
    > > > > > > > > > > > background and the
    > > > > > > > > > > > session closes after one or two minutes?
    > > > > > > > > > > >
    > > > > > > > > > > > When I turn on nscd everything is fine, except ls
    > > > > > > > > > > > -alrt not working.
    > > > > > > > > > > >
    > > > > > > > > > > >
    > > > > > > > > > > >
    > > > > > > > > > > > On 4/28/08, Gerald (Jerry) Carter
    > > > > > > > > > > > wrote:
    > > > > > > > > > > >
    > > > > > > > > > > >
    > > > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE-----
    > > > > > > > > > > > > Hash: SHA1
    > > > > > > > > > > > >
    > > > > > > > > > > > > Oliver Weinmann wrote:
    > > > > > > > > > > > > | forgot to mention that the nss_winbind links are
    > > > > > > > > > > > > there:
    > > > > > > > > > > > > |
    > > > > > > > > > > > > | bash-2.03# ls -alrt /usr/lib/nss_w*
    > > > > > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23
    > > > > > > > > > > > > 14:30
    > > > > > > > > > > > > | /usr/lib/nss_winbind.so.2 ->
    > > > > > > > > > > > > /usr/lib/libnss_winbind.so.1
    > > > > > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23
    > > > > > > > > > > > > 14:30
    > > > > > > > > > > > > | /usr/lib/nss_winbind.so.1 ->
    > > > > > > > > > > > > /usr/lib/libnss_winbind.so.1
    > > > > > > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23
    > > > > > > > > > > > > 14:30
    > > > > > > > > > > > > | /usr/lib/nss_winbind.so ->
    > > > > > > > > > > > > /usr/lib/libnss_winbind.so.1
    > > > > > > > > > > > >
    > > > > > > > > > > > > Check the perms on /usr/lib/libnss_winbind.so.1.
    > > > > > > > > > > > > Sounds
    > > > > > > > > > > > > like it might be rwx for root only.
    > > > > > > > > > > > >
    > > > > > > > > > > > >
    > > > > > > > > > > > >
    > > > > > > > > > > > >
    > > > > > > > > > > > >
    > > > > > > > > > > > >
    > > > > > > > > > > > >
    > > > > > > > > > > > > cheers, jerry
    > > > > > > > > > > > > - --
    > > > > > > > > > > > >
    > > > > > > > > > > > > ================================================== ===================
    > > > > > > > > > > > > Samba -------
    > > > > > > > > > > > > http://www.samba.org
    > > > > > > > > > > > > Likewise Software ---------
    > > > > > > > > > > > > http://www.likewisesoftware.com
    > > > > > > > > > > > > "What man is a man who does not make the world
    > > > > > > > > > > > > better?" --Balian
    > > > > > > > > > > > > -----BEGIN PGP SIGNATURE-----
    > > > > > > > > > > > > Version: GnuPG v1.4.2.2 (Darwin)
    > > > > > > > > > > > > Comment: Using GnuPG with Mozilla -
    > > > > > > > > > > > > http://enigmail.mozdev.org
    > > > > > > > > > > > >
    > > > > > > > > > > > >
    > > > > > > > > > > > > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwCg293J
    > > > > > > > > > > > > 0OxWwTr/wJPDW67YmZCAfQo=
    > > > > > > > > > > > > =6S2v
    > > > > > > > > > > > > -----END PGP SIGNATURE-----
    > > > > > > > > > > > >
    > > > > > > > > > > > >
    > > > > > > > > > > > >
    > > > > > > > > > > >
    > > > > > > > > > > >
    > > > > > > > > > >
    > > > > > > > > > --
    > > > > > > > > > Mit freundlichen Grüßen
    > > > > > > > > > Dietrich Streifert
    > > > > > > > > > --
    > > > > > > > > > Visionet GmbH
    > > > > > > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > > > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > > > > > > Geschäftsführer: Stefan Lindner
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > > >
    > > > > > > > >
    > > > > > > > > --
    > > > > > > > > Mit freundlichen Grüßen
    > > > > > > > > Dietrich Streifert
    > > > > > > > > --
    > > > > > > > > Visionet GmbH
    > > > > > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > > > > > Geschäftsführer: Stefan Lindner
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > > >
    > > > > > > >
    > > > > > > > --
    > > > > > > > Mit freundlichen Grüßen
    > > > > > > > Dietrich Streifert
    > > > > > > > --
    > > > > > > > Visionet GmbH
    > > > > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > > > > Geschäftsführer: Stefan Lindner
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > > > --
    > > > > > > Mit freundlichen Grüßen
    > > > > > > Dietrich Streifert
    > > > > > > --
    > > > > > > Visionet GmbH
    > > > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > > > Geschäftsführer: Stefan Lindner
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > >
    > > > > --
    > > > > Mit freundlichen Grüßen
    > > > > Dietrich Streifert
    > > > > --
    > > > > Visionet GmbH
    > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > > Geschäftsführer: Stefan Lindner
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > >
    > > > --
    > > > Mit freundlichen Grüßen
    > > > Dietrich Streifert
    > > > --
    > > > Visionet GmbH
    > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > > Registergericht: Handelsregister Fürth, HRB 6573
    > > > Geschäftsführer: Stefan Lindner
    > > >
    > > >
    > > >
    > > >
    > > >

    > >
    > > --
    > > Mit freundlichen Grüßen
    > > Dietrich Streifert
    > > --
    > > Visionet GmbH
    > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > > Registergericht: Handelsregister Fürth, HRB 6573
    > > Geschäftsführer: Stefan Lindner
    > >
    > >
    > >
    > >
    > >

    >
    > --
    > Mit freundlichen Grüßen
    > Dietrich Streifert
    > --
    > Visionet GmbH
    > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
    > Registergericht: Handelsregister Fürth, HRB 6573
    > Geschäftsführer: Stefan Lindner
    >
    >
    >
    >

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread
Page 1 of 2 1 2 LastLast