nsswitch and libnss_winbind

Hi all,

Just curious as to whether nsswitch supports winbind under
NetBSD?

I thought maybe the problems I experienced were those inline
with those when 
configuring nss_ldap but to me it's looking like it's not
supported.

Thanks for any help.

Best regards,

Sarton O'Brien

On Tue, May 29, 2007 at 02:34:11PM +1000, Sarton O'Brien
wrote:
  | Just curious as to whether nsswitch supports winbind
under NetBSD?
  | 
  | I thought maybe the problems I experienced were those
inline with those
  | when configuring nss_ldap but to me it's looking like
it's not supported.

Try using the "samba" package from pkgsrc.
That should provide an nss_winbind.so for NetBSD.

(I haven't used that in a long time; it did work when I
implemented
this a few years ago.)

On Tue, 29 May 2007 05:26:46 pm Luke Mewburn wrote:
> On Tue, May 29, 2007 at 02:34:11PM +1000, Sarton
O'Brien wrote:
>   | Just curious as to whether nsswitch supports
winbind under NetBSD?
>   |
>   | I thought maybe the problems I experienced were
those inline with those
>   | when configuring nss_ldap but to me it's looking
like it's not
>   | supported.
>
> Try using the "samba" package from pkgsrc.
> That should provide an nss_winbind.so for NetBSD.
>
> (I haven't used that in a long time; it did work when I
implemented
> this a few years ago.)

Sorry, I should have said that is what I have done.

I am at the point where everything is configured (wbinfo et
al. report all OK) 
but no matter where libnss_winbind is or linked, inserting
winbind into 
nsswitch.conf yield nothing.

I am using getent group for testing.

This is pkgsrc update midnight last night.

Sarton

On May 29, 2007, at 02:41, Sarton O'Brien wrote:

> I am at the point where everything is configured
(wbinfo et al.  
> report all OK)
> but no matter where libnss_winbind is or linked,
inserting winbind  
> into
> nsswitch.conf yield nothing.
>
> I am using getent group for testing.
>
> This is pkgsrc update midnight last night.

 From experience with nss_ldap, I'd point out that the
library will  
need to be found at /usr/lib/nss_foo.so.0, where foo is what
you put  
in nsswitch.conf -- you can probably ktruss your test
program and  
watch it try to dlopen this location. The library version
number == 0  
was not optional when I did this in NetBSD 3.1.

Make sure your test program is something dynamically linked.
I  
happened to make the mistake of deciding on "echo
~user" in tcsh, but  
then running a static tcsh on the box I was setting up. In
that case  
dynamic loading of arbitrary nss modules just doesn't
happen.

	--Robby

On Wed, 30 May 2007 12:29:42 am Robby Griffin wrote:
>  From experience with nss_ldap, I'd point out that the
library will
> need to be found at /usr/lib/nss_foo.so.0, where foo is
what you put
> in nsswitch.conf -- you can probably ktruss your test
program and
> watch it try to dlopen this location. The library
version number == 0
> was not optional when I did this in NetBSD 3.1.

This was my first assumption as I use nss_ldap quite a bit
for virtual 
hosting.

As mentioned I tried copying and linking but no joy.

I found an archive from way back stating that libnss_winbind
was not supported 
and that the nss_ldap library had been modified for NetBSD
but the 
pam_winbind library should still allow authentication if you
modify your 
pam.d conf.

I thought seeing as the article was quite old that this may
have changed.

> Make sure your test program is something dynamically
linked. I
> happened to make the mistake of deciding on "echo
~user" in tcsh, but
> then running a static tcsh on the box I was setting up.
In that case
> dynamic loading of arbitrary nss modules just doesn't
happen.

From my understanding I should at least receive debug from
winbindd once 
libnss_winbind has been accessed for retrieving the group
listing from the 
DC. So far I get nothing at all. It seems the library is not
in the right 
spot, linked correctly or is just not being used.

As the program I am using to test merely uses nsswitch I
wouldn't know where 
to look for any calls possibly being made to the required
library.

I guess the answer I am looking for is a firm 'yes this
facility works, I have 
it set like this'   ... or a
'no it's not supported' would suffice.

Thanks for your help.

Sarton

On Wed, May 30, 2007 at 09:49:11AM +1000, Sarton O'Brien
wrote:
  | From my understanding I should at least receive debug
from winbindd once 
  | libnss_winbind has been accessed for retrieving the
group listing from the 
  | DC. So far I get nothing at all. It seems the library is
not in the right 
  | spot, linked correctly or is just not being used.
  | 
  | As the program I am using to test merely uses nsswitch I
wouldn't know
  | where to look for any calls possibly being made to the
required library.
  | 
  | I guess the answer I am looking for is a firm 'yes this
facility works, I
  | have it set like this'   ... or a
'no it's not supported' would suffice.


On NetBSD, you can use the getent(1) command to perform
lookups
in the various databases that are switched through
nsswitch.conf.
This should help in testing your nsswitch.conf and
/lib/nss_FOO.so
setup.
For example, does 'getent passwd' dump your entire
/etc/passwd and
winbind maps if you're using ``passwd: files winbind'' ?

As I mentioned previously, I haven't used this in a while.
When I did the development a few years ago, I had it
working
for nsswitch lookups for uid/gid (but not PAM
authentication).

On Fri, 1 Jun 2007 02:20:38 am Johnny C. Lam wrote:
> On Wed, May 30, 2007 at 09:49:11AM +1000, Sarton
O'Brien wrote:
> > I guess the answer I am looking for is a firm 'yes
this facility works, I
> > have it set like this'   ... or a
'no it's not supported' would
> > suffice.
>
> # pkg_info -e samba
> samba-3.0.20.2nb2
>
> # ls -l /usr/lib/nss_winbind.*
> lrwxr-xr-x  1 root  wheel  27 May 22  2006
/usr/lib/nss_winbind.so.0 ->
> /usr/pkg/lib/nss_winbind.so

# pkg_info -e samba && pkg_info -Q PKG_OPTIONS
samba
samba-3.0.24nb3
pam winbind
# locate winbind|grep lib
/usr/pkg/lib/libnss_winbind.so
/usr/pkg/lib/security/pam_winbind.so

Is libnss_winbind.so the successor to nss_winbind.so?

Either way, I have no nss_winbind.so. Outside of that,
assuming I haven't 
missed an option, it's looking like the required library
isn't there (at 
least the working version).

Sarton