[OpenIndiana-discuss] Odd Samba/winbind issue

Laurent Blume laurent+oi at elanor.org
Fri Jun 21 14:18:39 UTC 2013


On 21/06/13 15:50, James Relph wrote:
> Here: https://www.opencsw.org/mantis/view.php?id=5020

Ah, for nss, yes. That one is not a lib per se, but a module, so it does 
make sense. I don't thin Jan got over to document it before I took the 
packaging away from him, so I'll see what can be done.

> I'm using the cswwinbind module, so for instance for netatalk I've got:
>
> netatalk auth requisite         pam_authtok_get.so.1
> netatalk auth required          pam_dhkeys.so.1
> netatalk auth required          pam_unix_cred.so.1
> netatalk auth sufficient        /opt/csw/lib/security/pam_winbind.so
> use_first_pass
> netatalk account requisite      pam_roles.so.1
> netatalk account sufficient     /opt/csw/lib/security/pam_winbind.so

I think might be a problem. Those are the 32 bit modules. I don't think 
you're running the system 32 bit, so apps requesting 64 bit pam will not 
be happy.
I think you should try with $ISA (implicit for the relative names), 
something like that:
/opt/csw/lib/$ISA/security/pam_winbind.so

> Thanks again, output of testparm is below (sanitised a little):

I don't see anything trivially wrong, but it's been a while. My only 
concern is why are you using the tdb backend instead of something 
deterministic like rid? But it should not be an issue here. I hope you 
can get some details from the AD side.

Laurent



More information about the OpenIndiana-discuss mailing list