I am looking at using winbind in Slackware 9.1 to authenticate
samba users against an existing PDC.

The winbind documentation seems to be set up for PAM. I gather
its not really necessary. The Winbind documentation also makes
mention of a library libnss_winbind.so which is not present on
my Slack install.

Has anyone gotten this to work and if so how? Winbind is running
and seems to be connecting to the PCD but so far users are still
unable to login.

On Wed, 12 Nov 2003 18:13:57 -0600, Rob Steinmetz wrote:

> I am looking at using winbind in Slackware 9.1 to authenticate
> samba users against an existing PDC.
>
> The winbind documentation seems to be set up for PAM. I gather
> its not really necessary. The Winbind documentation also makes
> mention of a library libnss_winbind.so which is not present on
> my Slack install.
>
> Has anyone gotten this to work and if so how? Winbind is running
> and seems to be connecting to the PCD but so far users are still
> unable to login.

I have it working, I have also got PAM working on Slackware, I removed
samba from my slack install. then downloaded the source. i used the source
that comes with my disks rather than the latest samba version (I didn't
have much luck with samba 3)

I then recompiled samba with the --with-winbind switch, after make this
gives hte libnss_winbind.so file which should be copied to the /lib
folder, you should also make a symlink to libnss_winbind.so.2.

Then edit the /etc/nsswitch file so that you have these entries
passwd: files winbind nis
shadow: files nis
group: files winbind nis

stop smbd and nmbd as well as winbindd if it is running, type
smbpasswd -j DOMAIN -r PDC_NAME -U DOMAIN\USERNAME making sure that the
file secrets.tdb doesn't exist and that there is not account on the PDC
for the machine.

You should then get a message saying welcome to the DOMAIN domain. start
smbd and nmbd and winbindd, type wbinfo -t to check the secrets file, type
wbinfo -u to give a list of users on the PDC and getent passwd gives a
list of local and domain users.

Make sure your smb.conf file is correct and has the proper winbind
settings, I can post mine if you aren't sure

Stu

Stuart Mueller wrote:

> I have it working,

What are you running as a PDC?

>I have also got PAM working on Slackware,

I was hoping that I wouldn't need PAM.

> I removed
> samba from my slack install. then downloaded the source. i used the source
> that comes with my disks rather than the latest samba version (I didn't
> have much luck with samba 3)

I was hoping it would work without all of that. I was
thinking of downloading the Slack Samba 3.0 package and
trying it. It would be nice to have a BDC, which 3.0 can do.

> I then recompiled samba with the --with-winbind switch,

Is the version included in Slack not compiled with the
winbind switch? It seems to recognize the the daemon when
its running.

> after make this gives the libnss_winbind.so file

I was surprised to find winbindd in Slack and not find the
library. I think it might work if the library were present.
It seems to be trying to.

> which should be copied to the /lib
> folder, you should also make a symlink to libnss_winbind.so.2.

I read that in the winbindd man page. That's how I found out
that the library was not there.

> Then edit the /etc/nsswitch file so that you have these entries
> passwd: files winbind nis
> shadow: files nis
> group: files winbind nis

Did that, except I'm not running nis.

> stop smbd and nmbd as well as winbindd if it is running, type
> smbpasswd -j DOMAIN -r PDC_NAME -U DOMAIN\USERNAME making sure that the
> file secrets.tdb doesn't exist and that there is not account on the PDC
> for the machine.

Did that.

> You should then get a message saying welcome to the DOMAIN domain. start
> smbd and nmbd and winbindd, type wbinfo -t to check the secrets file, type
> wbinfo -u to give a list of users on the PDC and getent passwd gives a
> list of local and domain users.

Did that.

> Make sure your smb.conf file is correct and has the proper winbind
> settings, I can post mine if you aren't sure

I have changed mine according the winbindd man page but, I'm
not sure they are correct, since I'm apparently missing the
library needed to make it all work.


Thanks. Maybe someone else will chime in here and say there
is a simpler way to make it work.

--
Rob

"Never ascribe to malice that which can adequately be
explained by stupidity."

On Thu, 13 Nov 2003 16:43:36 -0600, Robert Steinmetz wrote:

> Stuart Mueller wrote:
>
>> I have it working,
>
> What are you running as a PDC?
>

NT4

>>I have also got PAM working on Slackware,
>
> I was hoping that I wouldn't need PAM.

I only use PAM as I want my domain users to be able to log onto the linux
box, either console or KDM and not have to worry about maintaining a list
of identical users on the linux box

>
>> I removed
>> samba from my slack install. then downloaded the source. i used the
>> source that comes with my disks rather than the latest samba version (I
>> didn't have much luck with samba 3)
>
> I was hoping it would work without all of that. I was thinking of
> downloading the Slack Samba 3.0 package and trying it. It would be nice
> to have a BDC, which 3.0 can do.
>
>> I then recompiled samba with the --with-winbind switch,
>
> Is the version included in Slack not compiled with the winbind switch?
> It seems to recognize the the daemon when its running.
>
When I installed slack, I didn't think winbind was running, it may have
been but as you say the library was no where to be found.

<snip>
>
> I have changed mine according the winbindd man page but, I'm not sure
> they are correct, since I'm apparently missing the library needed to
> make it all work.
>
You need to make sure the workgroup name is the same as your domain name,
you need to add a netbios name the same as your host name, security should
be set to domain and a password server should be set, encrypt passwords,
then the following for winbind

winbind uid = 10000-20000
winbind gui = 10000-20000
winbind enum users = yes
winbind enum groups = yes
The previous two may need to be disabled for performance reasons.

Stuart

Stuart Mueller wrote:

> When I installed slack, I didn't think winbind was running, it may have
> been but as you say the library was no where to be found.

The winbindd daemon was there but not running. I had to start
it. The library was not present.

> You need to make sure the workgroup name is the same as your domain name,

Did that.

> you need to add a netbios name the same as your host name,

Did that, but I thought that it would default to the hostname if
no name were set.

> security should be set to domain

Did that.

> and a password server should be set,

Did that.

> encrypt passwords,

Did that.

> then the following for winbind
>
> winbind uid = 10000-20000
> winbind gui = 10000-20000
> winbind enum users = yes
> winbind enum groups = yes
> The previous two may need to be disabled for performance reasons.

Did that.

> Stuart