Discussion:
Slackware and Winbind.
(too old to reply)
Rob Steinmetz
2003-11-13 00:13:57 UTC
Permalink
I am looking at using winbind in Slackware 9.1 to authenticate
samba users against an existing PDC.

The winbind documentation seems to be set up for PAM. I gather
its not really necessary. The Winbind documentation also makes
mention of a library libnss_winbind.so which is not present on
my Slack install.

Has anyone gotten this to work and if so how? Winbind is running
and seems to be connecting to the PCD but so far users are still
unable to login.
Stuart Mueller
2003-11-13 15:45:38 UTC
Permalink
Post by Rob Steinmetz
I am looking at using winbind in Slackware 9.1 to authenticate
samba users against an existing PDC.
The winbind documentation seems to be set up for PAM. I gather
its not really necessary. The Winbind documentation also makes
mention of a library libnss_winbind.so which is not present on
my Slack install.
Has anyone gotten this to work and if so how? Winbind is running
and seems to be connecting to the PCD but so far users are still
unable to login.
I have it working, I have also got PAM working on Slackware, I removed
samba from my slack install. then downloaded the source. i used the source
that comes with my disks rather than the latest samba version (I didn't
have much luck with samba 3)

I then recompiled samba with the --with-winbind switch, after make this
gives hte libnss_winbind.so file which should be copied to the /lib
folder, you should also make a symlink to libnss_winbind.so.2.

Then edit the /etc/nsswitch file so that you have these entries
passwd: files winbind nis
shadow: files nis
group: files winbind nis

stop smbd and nmbd as well as winbindd if it is running, type
smbpasswd -j DOMAIN -r PDC_NAME -U DOMAIN\USERNAME making sure that the
file secrets.tdb doesn't exist and that there is not account on the PDC
for the machine.

You should then get a message saying welcome to the DOMAIN domain. start
smbd and nmbd and winbindd, type wbinfo -t to check the secrets file, type
wbinfo -u to give a list of users on the PDC and getent passwd gives a
list of local and domain users.

Make sure your smb.conf file is correct and has the proper winbind
settings, I can post mine if you aren't sure

Stu
Robert Steinmetz
2003-11-13 22:43:36 UTC
Permalink
Post by Stuart Mueller
I have it working,
What are you running as a PDC?
Post by Stuart Mueller
I have also got PAM working on Slackware,
I was hoping that I wouldn't need PAM.
Post by Stuart Mueller
I removed
samba from my slack install. then downloaded the source. i used the source
that comes with my disks rather than the latest samba version (I didn't
have much luck with samba 3)
I was hoping it would work without all of that. I was
thinking of downloading the Slack Samba 3.0 package and
trying it. It would be nice to have a BDC, which 3.0 can do.
Post by Stuart Mueller
I then recompiled samba with the --with-winbind switch,
Is the version included in Slack not compiled with the
winbind switch? It seems to recognize the the daemon when
its running.
Post by Stuart Mueller
after make this gives the libnss_winbind.so file
I was surprised to find winbindd in Slack and not find the
library. I think it might work if the library were present.
It seems to be trying to.
Post by Stuart Mueller
which should be copied to the /lib
folder, you should also make a symlink to libnss_winbind.so.2.
I read that in the winbindd man page. That's how I found out
that the library was not there.
Post by Stuart Mueller
Then edit the /etc/nsswitch file so that you have these entries
passwd: files winbind nis
shadow: files nis
group: files winbind nis
Did that, except I'm not running nis.
Post by Stuart Mueller
stop smbd and nmbd as well as winbindd if it is running, type
smbpasswd -j DOMAIN -r PDC_NAME -U DOMAIN\USERNAME making sure that the
file secrets.tdb doesn't exist and that there is not account on the PDC
for the machine.
Did that.
Post by Stuart Mueller
You should then get a message saying welcome to the DOMAIN domain. start
smbd and nmbd and winbindd, type wbinfo -t to check the secrets file, type
wbinfo -u to give a list of users on the PDC and getent passwd gives a
list of local and domain users.
Did that.
Post by Stuart Mueller
Make sure your smb.conf file is correct and has the proper winbind
settings, I can post mine if you aren't sure
I have changed mine according the winbindd man page but, I'm
not sure they are correct, since I'm apparently missing the
library needed to make it all work.


Thanks. Maybe someone else will chime in here and say there
is a simpler way to make it work.
--
Rob

"Never ascribe to malice that which can adequately be
explained by stupidity."
Stuart Mueller
2003-11-14 09:11:04 UTC
Permalink
Post by Robert Steinmetz
Post by Stuart Mueller
I have it working,
What are you running as a PDC?
NT4
Post by Robert Steinmetz
Post by Stuart Mueller
I have also got PAM working on Slackware,
I was hoping that I wouldn't need PAM.
I only use PAM as I want my domain users to be able to log onto the linux
box, either console or KDM and not have to worry about maintaining a list
of identical users on the linux box
Post by Robert Steinmetz
Post by Stuart Mueller
I removed
samba from my slack install. then downloaded the source. i used the
source that comes with my disks rather than the latest samba version (I
didn't have much luck with samba 3)
I was hoping it would work without all of that. I was thinking of
downloading the Slack Samba 3.0 package and trying it. It would be nice
to have a BDC, which 3.0 can do.
Post by Stuart Mueller
I then recompiled samba with the --with-winbind switch,
Is the version included in Slack not compiled with the winbind switch?
It seems to recognize the the daemon when its running.
When I installed slack, I didn't think winbind was running, it may have
been but as you say the library was no where to be found.

<snip>
Post by Robert Steinmetz
I have changed mine according the winbindd man page but, I'm not sure
they are correct, since I'm apparently missing the library needed to
make it all work.
You need to make sure the workgroup name is the same as your domain name,
you need to add a netbios name the same as your host name, security should
be set to domain and a password server should be set, encrypt passwords,
then the following for winbind

winbind uid = 10000-20000
winbind gui = 10000-20000
winbind enum users = yes
winbind enum groups = yes
The previous two may need to be disabled for performance reasons.

Stuart
Rob Steinmetz
2003-11-14 16:05:58 UTC
Permalink
Post by Stuart Mueller
When I installed slack, I didn't think winbind was running, it may have
been but as you say the library was no where to be found.
The winbindd daemon was there but not running. I had to start
it. The library was not present.
Post by Stuart Mueller
You need to make sure the workgroup name is the same as your domain name,
Did that.
Post by Stuart Mueller
you need to add a netbios name the same as your host name,
Did that, but I thought that it would default to the hostname if
no name were set.
Post by Stuart Mueller
security should be set to domain
Did that.
Post by Stuart Mueller
and a password server should be set,
Did that.
Post by Stuart Mueller
encrypt passwords,
Did that.
Post by Stuart Mueller
then the following for winbind
winbind uid = 10000-20000
winbind gui = 10000-20000
winbind enum users = yes
winbind enum groups = yes
The previous two may need to be disabled for performance reasons.
Did that.
Post by Stuart Mueller
Stuart
Loading...