Note: long. > -----Original Message----- > From: Tim Aslat [mailto:tim_at_spyderweb.com.au] > Sent: Monday, January 26, 2004 4:38 PM > To: Will Saxon > Cc: current_at_freebsd.org > Subject: Re: nss_winbind support > > I'm glad someone has. Did you use the ports or install from source? I used the port, although it does not install the PAM or nss_winbind modules at all, I did that by hand. > > I've spent several weeks (on and off) trying to get ADS > support in samba > 3 and it's driving me up the wall. Well I have been fighting with this for about the same amount of time. My main resource is a paper copy of the Official Samba-2 HOWTO and Reference Guide, but it does not seem to consider FreeBSD 5.x at all. The only FreeBSD information I saw was lumped in with Linux and was not applicable to 5.x (pam stuff). > > have installed heimdal from ports, and build samba with > KRB5_HOME=/usr/local but any reference to net ads gives me > "ADS support > not compiled in" > Do you have an LDAP library installed? You must have LDAP for ADS support to be compiled in. I chose the openldap21-server port and compiled it with -DWITH_SASL for kicks. I don't think the -DWITH_SASL ends up making any difference. I have tried the base distro of Heimdal as well as the Heimdal from ports. I am currently using the Heimdal from ports because I wanted to try compiling in LDAP support. Samba compiled against the included Heimdal vs. the ports Heimdal with LDAP support seems to operate the same. Despite what the HOWTO indicates, I am not able to join the domain without an /etc/krb.conf. It looks like the ldap server is detected right and it tries to authenticate, but I get errors like this when I turn debug mode on: [2004/01/26 18:52:36, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No such file or directory) [2004/01/26 18:52:36, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276) krb5_get_credentials failed for machine_account$_at_REALM_NAME (Unknown error -1765328343) [2004/01/26 18:52:36, 1] utils/net_ads.c:ads_startup(181) ads_connect: Operations error [2004/01/26 18:52:36, 2] utils/net.c:main(758) return code = -1 The 'use if you have a pre-0.6 Heimdal' skeleton krb5.conf settings they put in the book work for me. They list it in section 6.4.2 of the HOWTO, which is also available online I think. I also had to use the 'password server = <ip>' entry in my smb.conf file since it was resolving a non-GC domain controller first and seemed to not work when not using a GC Domain Controller. At this point, with OpenLDAP, Heimdal and Samba installed I am able to: net ads join -U <username> and I can then join the domain. After starting nmd, smbd and winbindd I am then able to do the wbinfo stuff as suggested by the docs. > > I may have just missed it but there doesn't seem to be a lot of > > information available on how to set Samba 3 up under FreeBSD 5.x to > > use nss_winbind and pam_winbind. What information I have > found doesn't > > seem to work, maybe because it focuses on joining the domain as an > > NT-style domain member vs. Active Directory-style membership. > > Sorry I can't help with this one, still working it out myself. Well so far I have copied the libnss_winbind.so and libnss_wins.so files from the samba-3.0.0/source/nsswitch dir to /usr/local/lib and updated the library cache. It finds the libraries. I have edited /etc/nsswitch.conf to include winbind as a source but it doesn't seem to work. The utility the HOWTO suggests, getent, is not available. I tried 'pw <user/group> show <username/groupname>' instead without success. When I initially started working on this, my user account name on the samba server was the same as my account name on the domain. This was causing me to not be able to enumerate users/groups with wbinfo no matter what I tried. However, I WAS able to at least access the shares I had set up on the server. I changed my user name and was then able to use wbinfo, but now I am no longer able to access any shares. I am presented with a 'please enter username and password' dialog and nothing I enter seems to work. I tried adding a password via smbpasswd but that did not work either. So this is where I am: stumped. -WillReceived on Mon Jan 26 2004 - 15:31:22 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:40 UTC