Could the problem be that the AD users are not in any of the local groups o=
n
the machine? How do you manage your AD users to be members of local groups
e.g. staff, sys etc.? pam_groups?

On 4/29/08, Oliver Weinmann wrote:
>
> there is nothing in /etc/profile and the user oweinmann has no .bashrc.
> The problem seems to be related to nscd. When nscd is turned on i can log=

in
> and issue commands and I don't get kicked out of the ssh login. There is =

no
> idle session timeout set. If there was I would get kicked out when nscd i=

s
> turned on as well. Only when logged in as an AD user I get kicked out...
>
> On 4/29/08, Dietrich Streifert wrote:
> >
> > So there must be something in your bash init files, /etc/profile or
> > ~/.bashrc (sorry I'm not a bash user) which causes the problem.
> >
> > Maybe something which forms the shell prompt like whoami etc.
> >
> > Maybe there is something like a autologout set for the csh or in sshd
> > with idle session timeout.
> >
> >
> > Oliver Weinmann schrieb:
> >
> > Hi,
> >
> > no, there was nothing in /var/adm/messages, but guess what with the cs=

h
> > ls -alrt and such commands work fine... But i get kicked out of the ssh
> > session after 2 minutes...
> >
> >
> > On 4/29/08, Dietrich Streifert wrote:
> > >
> > > Are there any messages in /var/adm/messages which are related to nss =

?
> > >
> > > As I can see you are using bash as your shell.
> > >
> > > Try using csh. Does something change?
> > >
> > > Oliver Weinmann schrieb:
> > >
> > > su to user oweinmann works but when i ussie the ldd -r
> > > /usr/lib/nss_winbind.so command it gets put in the background.. i =

then do
> > > fg 2 and this is the output:
> > >
> > > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
> > >
> > > [2]+ Stopped ldd -r /usr/lib/nss_winbind.so
> > > bash-2.03$ fg 2
> > > ldd -r /usr/lib/nss_winbind.so
> > > libthread.so.1 =3D> /usr/lib/libthread.so.1
> > > libsocket.so.1 =3D> /usr/lib/libsocket.so.1
> > > libdl.so.1 =3D> /usr/lib/libdl.so.1
> > > libc.so.1 =3D> /usr/lib/libc.so.1
> > > libnsl.so.1 =3D> /usr/lib/libnsl.so.1
> > > libmp.so.2 =3D> /usr/lib/libmp.so.2
> > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
> > >
> > > bash-2.03$ ls -alrt /etc/nsswitch.conf
> > >
> > > [2]+ Stopped ls -alrt /etc/nsswitch.conf
> > > bash-2.03$ fg 2
> > > ls -alrt /etc/nsswitch.conf
> > > -rw-r--r-- 1 root sys 1320 Apr 28 13:19
> > > /etc/nsswitch.conf
> > >
> > >
> > >
> > >
> > >
> > > On 4/29/08, Dietrich Streifert wrote=

:
> > > >
> > > > Please try to login (or su) to the user oweinmann and issue then ld=

d
> > > > -r /usr/lib/nss_winbind.so
> > > >
> > > > For some reason I think that non root users are not able to read on=

e
> > > > of the involved files.
> > > >
> > > > This could be
> > > >
> > > > /etc/nsswitch.conf
> > > > /usr/lib/nss_winbind.so
> > > >
> > > > or some of the files found by the ldd -r command. The fact that you
> > > > can issue commands while nscd is running points to this fact becaus=

nscd is
> > > > running as root and has permissions to read all of those files.
> > > >
> > > > /etc/nsswitch.conf should be readable by everyone.
> > > >
> > > > I compiled samba myself with a full stack of openssl, iconv, heimda=

l
> > > > kerberos, cyrus-sasl, openldap and samba. While people often speak =

of the
> > > > Windows DLL hell this is the Solaris shared library hell :-( But it=

works.
> > > >
> > > >
> > > >
> > > > Oliver Weinmann schrieb:
> > > >
> > > > Hi,
> > > >
> > > > bash-2.03# ldd -r /usr/lib/nss_winbind.so
> > > > libthread.so.1 =3D> /usr/lib/libthread.so.1
> > > > libsocket.so.1 =3D> /usr/lib/libsocket.so.1
> > > > libdl.so.1 =3D> /usr/lib/libdl.so.1
> > > > libc.so.1 =3D> /usr/lib/libc.so.1
> > > > libnsl.so.1 =3D> /usr/lib/libnsl.so.1
> > > > libmp.so.2 =3D> /usr/lib/libmp.so.2
> > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
> > > >
> > > > I changed the permissions and files exactly to be the same but i
> > > > still cant issue commands...
> > > >
> > > > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
> > > > -rwxr-xr-x 1 root other 74744 Apr 29 09:03
> > > > /usr/lib/nss_winbind.so.1
> > > > lrwxrwxrwx 1 root other 25 Apr 29 09:04
> > > > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
> > > >
> > > > Could this also be a problem of a compiling? Have you compiled the
> > > > samba yourself or are you using prebuilt packages?
> > > >
> > > > On 4/29/08, Dietrich Streifert
> > > > wrote:
> > > > >
> > > > > which output gives ldd -r /usr/lib/nss_winbind.so ?
> > > > >
> > > > > I have the following naming and permission for nss_winbind:
> > > > >
> > > > > lrwxrwxrwx 1 root other 16 Jan 15 2004
> > > > > nss_winbind.so -> nss_winbind.so.1
> > > > > -rwxr-xr-x 1 root other 44540 Apr 28 17:35
> > > > > nss_winbind.so.1
> > > > >
> > > > > Please try with the exactly same naming and permissions of your
> > > > > files.
> > > > >
> > > > >
> > > > >
> > > > > Oliver Weinmann schrieb:
> > > > >
> > > > > > I will try to get hands on the latest patches for solaris 8 and
> > > > > > see if that
> > > > > > fixes the nscd problems. I can't believe that samba-winbind is
> > > > > > not running
> > > > > > 100% well on a Solaris 8 machine.
> > > > > >
> > > > > >
> > > > > > On 4/28/08, Oliver Weinmann
> > > > > > wrote:
> > > > > >
> > > > > >
> > > > > > > Just for fun i changed the perms of /usr/lib/libnss_winbind.s=

o
> > > > > > > to 777
> > > > > > >
> > > > > > > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
> > > > > > > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
> > > > > > > -rwxrwxrwx 1 root other 74744 Apr 28 13:32
> > > > > > > /usr/lib/libnss_winbind.so
> > > > > > >
> > > > > > > nscd is turned off. I can login as an AD users but I cant
> > > > > > > start any
> > > > > > > command.
> > > > > > >
> > > > > > >
> > > > > > > login as: oweinmann
> > > > > > > Using keyboard-interactive authentication.
> > > > > > > Password:
> > > > > > > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
> > > > > > > bash-2.03$ ls -alrt
> > > > > > >
> > > > > > > [1]+ Stopped ls -alrt
> > > > > > > bash-2.03$ id
> > > > > > >
> > > > > > > [2]+ Stopped id
> > > > > > > bash-2.03$ group
> > > > > > >
> > > > > > > [3]+ Stopped group
> > > > > > > bash-2.03$ echo "TEST"
> > > > > > > TEST
> > > > > > > bash-2.03$
> > > > > > > Some commands are working and some others are put in
> > > > > > > background and the
> > > > > > > session closes after one or two minutes?
> > > > > > >
> > > > > > > When I turn on nscd everything is fine, except ls -alrt not
> > > > > > > working.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On 4/28/08, Gerald (Jerry) Carter wrote:
> > > > > > >
> > > > > > >
> > > > > > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > > > > > Hash: SHA1
> > > > > > > >
> > > > > > > > Oliver Weinmann wrote:
> > > > > > > > | forgot to mention that the nss_winbind links are there:
> > > > > > > > |
> > > > > > > > | bash-2.03# ls -alrt /usr/lib/nss_w*
> > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
> > > > > > > > | /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_winbind.so.1
> > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
> > > > > > > > | /usr/lib/nss_winbind.so.1 -> /usr/lib/libnss_winbind.so.1
> > > > > > > > | lrwxrwxrwx 1 root other 28 Apr 23 14:30
> > > > > > > > | /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1
> > > > > > > >
> > > > > > > > Check the perms on /usr/lib/libnss_winbind.so.1. Sounds
> > > > > > > > like it might be rwx for root only.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > cheers, jerry
> > > > > > > > - --
> > > > > > > >
> > > > > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D
> > > > > > > > Samba -------
> > > > > > > > http://www.samba.org
> > > > > > > > Likewise Software ---------
> > > > > > > > http://www.likewisesoftware.com
> > > > > > > > "What man is a man who does not make the world better?"
> > > > > > > > --Balian
> > > > > > > > -----BEGIN PGP SIGNATURE-----
> > > > > > > > Version: GnuPG v1.4.2.2 (Darwin)
> > > > > > > > Comment: Using GnuPG with Mozilla -
> > > > > > > > http://enigmail.mozdev.org
> > > > > > > >
> > > > > > > >
> > > > > > > > iD8DBQFIFcnJIR7qMdg1EfYRAp+uAKCoT5s9gRV+x0M+PUrFnY WVRtqmcwC=

g293J
> > > > > > > > 0OxWwTr/wJPDW67YmZCAfQo=3D
> > > > > > > > =3D6S2v
> > > > > > > > -----END PGP SIGNATURE-----
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > --
> > > > > Mit freundlichen Gr=FC=DFen
> > > > > Dietrich Streifert
> > > > > --
> > > > > Visionet GmbH
> > > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
> > > > > Registergericht: Handelsregister F=FCrth, HRB 6573
> > > > > Gesch=E4ftsf=FChrer: Stefan Lindner
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > --
> > > > Mit freundlichen Gr=FC=DFen
> > > > Dietrich Streifert
> > > > --
> > > > Visionet GmbH
> > > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
> > > > Registergericht: Handelsregister F=FCrth, HRB 6573
> > > > Gesch=E4ftsf=FChrer: Stefan Lindner
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > > --
> > > Mit freundlichen Gr=FC=DFen
> > > Dietrich Streifert
> > > --
> > > Visionet GmbH
> > > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
> > > Registergericht: Handelsregister F=FCrth, HRB 6573
> > > Gesch=E4ftsf=FChrer: Stefan Lindner
> > >
> > >
> > >
> > >
> > >

> >
> > --
> > Mit freundlichen Gr=FC=DFen
> > Dietrich Streifert
> > --
> > Visionet GmbH
> > Firmensitz: Am Weichselgarten 7, 91058 Erlangen
> > Registergericht: Handelsregister F=FCrth, HRB 6573
> > Gesch=E4ftsf=FChrer: Stefan Lindner
> >
> >
> >
> >

>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba