nss_winbind support

Will Saxon WillS at housing.ufl.edu
Thu Jan 29 06:17:41 PST 2004

> I haven't been following this thread, but the above
> information does not seem correct.  If the Samba port is built
> WITH_WINBIND_NSS, then the NSS module will be correctly installed as
> `/usr/local/lib/nss_windbind.so.1'.
> What problem exactly are you having?

After installation of the port (net/samba-devel) those modules were not
installed, although I did not try the option you mentioned since it does
not exist in the port Makefile v1.98 that I have. It does exist for 
the net/samba 2.2.8 port.

Originally when copying the modules by hand I was not able to resolve
domain users or groups with the pw utility nor was I able to set user
or group permissions on directories. The /var/log/debug.log file contained
several line like 'NSSWITCH(nss_method_lookup): winbind, group, getgrent_r, 
not found' and similar.

Looking through some samba mailing list archives suggests that they did
not implement nsswitch stuff for freebsd exactly correctly, but this has 
been fixed in the CVS tree.

After compiling the latest CVS as of yesterday afternoon and copying the
nss modules over to /usr/lib I was able to set permissions for domain
users and groups using chown and I am able to look at group information
using the pw utility (pw group show DOMAIN+name. Trying to resolve users
in this fashion results in 'pw: invalid character `+` at position 6 in
userid/group name'

I am still getting lots of the NSSWITCH errors in my debug.log, if that
makes a difference.

Today I am going to try to get some shares set up that work. I shared
out a directory with permissions set to 1755 for my domain user and group. 
I was able to access the directory but I was not able to write to it.

I've never really used samba for anything before and certainly not using
ADS authentication and winbind, so please if I am just completely missing
the point somewhere let me know.


More information about the freebsd-current mailing list