All--

Forgive me if this has been asked/answered. I've googled around the
group and haven't seen anything quite like it (answered, anyway). The
only thing I can guess is that I've hosed it and need to start over.
Anyway, I hope somebody can tip me off about this ....

I'm trying to integrate ADS-domain logins on a Solaris 9 box and I've
got it ... to a certain degree. I can get terminal access on the
Solaris box with only my win-account (another strange note there, see
below). However, I'm only using DOMAIN security now. ADS seemed a bit
much to deal with in light of what's going on now.

'wbinfo' returns plenty of information. 'getent' returns fine. I can
'su - MYacct' but no one else's. Although for a brief time I was able
to do it. But when I could I was unable to do an 'ls -al ...' in the
user's directory (it would hang). When I su as my account, I get in but
get an odd uid.

I'm testing on an Ultra-10 running Solaris 9 (MU4) and Samba 3.0.1
(--with-winbind --with-pam --with-ldap --with-ads).

Here's the log output for winbindd when I try another user:

....
[2003/12/17 23:28:22, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(232)
[ 1076]: request interface version
[2003/12/17 23:28:22, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(268)
[ 1076]: request location of privileged pipe
[2003/12/17 23:28:22, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
[ 1076]: getpwnam XXxxxx
[2003/12/17 23:28:22, 3] nsswitch/winbindd_rpc.c:name_to_sid(290)
rpc: name_to_sid name=XXxxxx
[2003/12/17 23:28:22, 3] nsswitch/winbindd_rpc.c:name_to_sid(299)
name_to_sid [rpc] XXxxxx for domain XXXXXX
[2003/12/17 23:28:22, 3] nsswitch/winbindd_rpc.c:query_user(382)
rpc: query_user rid=S-1-5-21-2025429265-1682526488-839522115-5006
[2003/12/17 23:28:22, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(113)
[ 1076]: getpwnam XXxxxx
[2003/12/17 23:28:22, 3] nsswitch/winbindd_rpc.c:name_to_sid(290)
rpc: name_to_sid name=XXxxxx
[2003/12/17 23:28:22, 3] nsswitch/winbindd_rpc.c:name_to_sid(299)
name_to_sid [rpc] XXxxxx for domain XXXXXX
[2003/12/17 23:28:22, 3]
nsswitch/winbindd_group.c:winbindd_getgrgid(339)
[ 1076]: getgrgid 10001
....

It just hangs at this point. I can ^C and get out. That's it.

The other thing is when I 'su' in as myself, I get a 10000 uid. It's
not what I had previously seen presented to me. What's more, is that
for certain people is seems to simply increment the uid starting from
10000, i.e., 10001, 10002, and so on.

Any thoughts, tips, suggestions, corrections?

smb.conf:

# Global parameters
[global]
workgroup = XXXXXX
security = DOMAIN
password server = xxxxxxxxxx, xxxxxxxxxx
username level = 5
preferred master = No
local master = No
domain master = No
nt acl support = Yes
wins server = xxx.xxx.xxx.xxx
log level = 3
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /var/%D/%U
template shell = /bin/bash
winbind separator = .
winbind cache time = 120
winbind use default domain = Yes
wide links = No