[Samba] getent & winbindd on FreeBSD 5.4
    Doug Sampson 
    dougs at dawnsign.com
       
    Fri Sep 16 12:48:17 PDT 2005
    
    
  
> Yes, that getent command should suffice for printing users and groups,
> including any NSS-provided ones.  You can also use the 'id' 
> or 'pw user
> show' commands to print similar info.
aries-root@/usr/local/etc: pw group show DSP-PRODUCTION
pw: unknown group `DSP-PRODUCTION'
aries-root@/usr/local/etc: 
 
> PAM only handles authentication during login; looking up user/group
> names is handled by NSS.  If your nsswitch.conf has "passwd: compat
> winbind" in it, you have a /usr/local/lib/nss_winbind.so.1 file, and
> getent can't find users that windbind should be providing, I'd start
> looking for nss_winbind debugging options.
I don't know if this helps but here we go. I looked at /var/log/debug.log
and I'm seeing lots of entries similar to the ones below:
Sep 16 03:01:21 aries sendmail[6798]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6798]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyaddr, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyaddr, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyaddr, not found
Sep 16 03:01:21 aries sendmail[6837]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyaddr, not found
Sep 16 03:01:21 aries sendmail[6838]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6838]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6843]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyname, not found
Sep 16 03:01:21 aries sendmail[6843]: NSSWITCH(nss_method_lookup): wins,
hosts, ghbyname, not found
Sep 16 09:55:07 aries sshd[7716]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyaddr, not found
Sep 16 09:55:07 aries sshd[7716]: NSSWITCH(nss_method_lookup): wins, hosts,
ghbyaddr, not found
Sep 16 09:55:09 aries sshd[7719]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyaddr, not found
Sep 16 09:55:09 aries sshd[7719]: NSSWITCH(nss_method_lookup): wins, hosts,
ghbyaddr, not found
Sep 16 10:18:19 aries sshd[7771]: NSSWITCH(nss_method_lookup): winbind,
hosts, ghbyaddr, not found
Sep 16 10:18:19 aries sshd[7771]: NSSWITCH(nss_method_lookup): wins, hosts,
ghbyaddr, not found
Does this mean there is a problem with NSSWITCH? Please note that there are
references to sshd and sendmail among other services but none related to
winbindd as far as I can see.
I ran winbindd -d4 per your suggestion to use debugging options and tried
again by issuing getent passwd. Output of log.winbindd as follows:
[2005/09/16 12:26:18, 1] nsswitch/winbindd.c:main(935)
  winbindd version 3.0.20 started.
  Copyright The Samba Team 2000-2004
[2005/09/16 12:26:18, 3] param/loadparm.c:lp_load(4082)
  lp_load: refreshing parameters
[2005/09/16 12:26:18, 3] param/loadparm.c:init_globals(1366)
  Initialising global parameters
[2005/09/16 12:26:18, 3] param/params.c:pm_process(574)
  params.c:pm_process() - Processing configuration file
"/usr/local/etc/smb.conf"
[2005/09/16 12:26:18, 3] param/loadparm.c:do_section(3542)
  Processing section "[global]"
  doing parameter workgroup = DSP
  doing parameter netbios name = Aries
[2005/09/16 12:26:18, 4] param/loadparm.c:handle_netbios_name(2881)
  handle_netbios_name: set global_myname to: ARIES
  doing parameter server string = Samba Server
  doing parameter security = domain
  doing parameter hosts allow = 192.168.1. 192.168.2. 127.
  doing parameter encrypt passwords = yes
  doing parameter log file = /var/log/samba/log.%m
  doing parameter max log size = 50
  doing parameter password server = *
  doing parameter passdb backend = tdbsam
  doing parameter auth methods = winbind
  doing parameter socket options = TCP_NODELAY
  doing parameter local master = no
  doing parameter os level = 33
  doing parameter wins server = 192.168.1.1
  doing parameter dns proxy = no
  doing parameter idmap uid = 15000-20000
  doing parameter idmap gid = 15000-20000
  doing parameter winbind enum users = yes
  doing parameter winbind enum groups = yes
  doing parameter winbind separator = -
  doing parameter template homedir = /usr/home/%D/%U
  doing parameter template shell = /bin/bash
[2005/09/16 12:26:18, 2] param/loadparm.c:do_section(3559)
  Processing section "[homes]"
  doing parameter comment = Home Directories
  doing parameter browseable = no
  doing parameter writable = yes
[2005/09/16 12:26:18, 2] param/loadparm.c:do_section(3559)
  Processing section "[MacData]"
  doing parameter comment = Production Data
  doing parameter path = /data
  doing parameter valid users = @Production
  doing parameter public = no
  doing parameter writable = yes
  doing parameter printable = no
  doing parameter create mask = 0765
[2005/09/16 12:26:18, 4] param/loadparm.c:lp_load(4113)
  pm_process() returned Yes
[2005/09/16 12:26:18, 3] param/loadparm.c:lp_add_ipc(2475)
  adding IPC service
[2005/09/16 12:26:18, 3] param/loadparm.c:lp_add_ipc(2475)
  adding IPC service
[2005/09/16 12:26:18, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.1.9 bcast=192.168.1.255 nmask=255.255.255.0
[2005/09/16 12:26:18, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.1.9 bcast=192.168.1.255 nmask=255.255.255.0
[2005/09/16 12:26:18, 2] lib/tallocmsg.c:register_msg_pool_usage(56)
  Registered MSG_REQ_POOL_USAGE
[2005/09/16 12:26:18, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2005/09/16 12:26:18, 2] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain DSP  S-1-5-21-2008768363-1786319642-1659389152
[2005/09/16 12:26:18, 2] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain BUILTIN  S-1-5-32
[2005/09/16 12:26:18, 2] nsswitch/winbindd_util.c:add_trusted_domain(166)
  Added domain ARIES  S-1-5-21-249124048-3777273079-1200472844
[2005/09/16 12:26:25, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
  [    0]: request interface version
[2005/09/16 12:26:25, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
  [    0]: request location of privileged pipe
[2005/09/16 12:26:25, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(406)
  [    0]: gid to sid 65534
[2005/09/16 12:26:37, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
  [    0]: request interface version
[2005/09/16 12:26:37, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
  [    0]: request location of privileged pipe
[2005/09/16 12:26:37, 3] nsswitch/winbindd_user.c:winbindd_list_users(735)
  [    0]: list users
[2005/09/16 12:26:37, 4]
passdb/secrets.c:secrets_fetch_trust_account_password(281)
  Using cleartext machine password
[2005/09/16 12:26:37, 4] libsmb/namequery.c:get_dc_list(1406)
  get_dc_list: returning 2 ip addresses in an unordered list
[2005/09/16 12:26:37, 4] libsmb/namequery.c:get_dc_list(1407)
  get_dc_list: 192.168.1.1:0 192.168.1.6:0 
[2005/09/16 12:26:37, 3] lib/util.c:fcntl_lock(1826)
  fcntl_lock: fcntl lock gave errno 35 (Resource temporarily unavailable)
[2005/09/16 12:26:37, 3] lib/util.c:fcntl_lock(1845)
  fcntl_lock: lock failed at offset 0 count 1 op 8 type 1 (Resource
temporarily unavailable)
[2005/09/16 12:26:37, 4] libsmb/clidgram.c:cli_send_mailslot(100)
  send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from ARIES<00> to
DSP<1c> IP 192.168.1.6
[2005/09/16 12:26:37, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(102)
  cm_get_ipc_userpass: Retrieved auth-user from secrets.tdb [DSP\dspadmin]
[2005/09/16 12:26:37, 4] lib/time.c:get_serverzone(125)
  Serverzone is 25200
[2005/09/16 12:26:37, 3] nsswitch/winbindd_rpc.c:query_user_list(46)
  rpc: query_user_list
[2005/09/16 12:26:42, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
  [    0]: request interface version
[2005/09/16 12:26:42, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
  [    0]: request location of privileged pipe
[2005/09/16 12:26:42, 3] nsswitch/winbindd_group.c:winbindd_list_groups(811)
  [    0]: list groups
[2005/09/16 12:26:42, 4]
nsswitch/winbindd_group.c:get_sam_group_entries(521)
  get_sam_group_entries: Native Mode 2k domain; enumerating local groups as
well
[2005/09/16 12:26:42, 3]
nsswitch/winbindd_group.c:get_sam_group_entries(526)
  get_sam_group_entries: Failed to enumerate domain local groups!
[2005/09/16 12:26:42, 4]
nsswitch/winbindd_group.c:get_sam_group_entries(521)
  get_sam_group_entries: Native Mode 2k domain; enumerating local groups as
well
[2005/09/16 12:26:42, 3]
nsswitch/winbindd_group.c:get_sam_group_entries(526)
  get_sam_group_entries: Failed to enumerate domain local groups!
[2005/09/16 12:26:42, 3] nsswitch/winbindd_rpc.c:enum_dom_groups(141)
  rpc: enum_dom_groups
After issuing 'pw group show DSP-PRODUCTION', the following pops up in the
debug log:
[2005/09/16 12:32:47, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(460)
  [    0]: request interface version
[2005/09/16 12:32:47, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(493)
  [    0]: request location of privileged pipe
[2005/09/16 12:32:47, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(535)
  [    0]: pam auth crap domain: [] user: 
First question: why does NSSWITCH think I have a W2K domain instead of a NT4
domain?
Second question: DSP is the actual domain name. Aries is the NetBIOS name of
the server. I don't understand why winbindd tries to enumerate ARIES as a
domain name. Aren't the BUILT-IN accounts sufficient for the local samba
machine?
Content of /etc/nsswitch.conf as follows:
passwd: compat winbind
group: compat winbind
hosts: files winbind wins dns
networks: files
shells: files
 <*blank line*>
The original nsswitch.conf file was as follows prior to editing:
group: compat
group_compat: files nis
hosts: files dns
networks: files
passwd: compat
passwd_compat: files nis
shells: files
 <*blank line*>
Note I have not installed NIS server nor NIS client.
Comments?
~Doug
    
    
More information about the freebsd-questions
mailing list