winbind pas conservé dans nsswitch

Tout ce qui concerne le partage de fichier samba géré par Artica

winbind pas conservé dans nsswitch

New postby guidtz » Tue Feb 21, 2012 8:28 am

Hello,

pour bien gérer les acls dans Samba il faut utiliser winbind dans nsswitch. Je suis obligé de le rajouter à la main alors que Samba est paramétré pour se connecter sur un AD avec tout les paramètres bon pour la gestion des utilisateurs :
samba_ad.png
samba_ad.png (19.35 KiB) Viewed 6679 times


Cependant dans /etc/nsswitch j'ai que ceci :
passwd: files ldap
group: files ldap
shadow: files ldap

Alors qu'il me faudrait :
passwd: files winbind ldap
group: files winbind ldap
shadow: files winbind ldap

Je le rajoute à la main et getent et les acls fonctionnent mais au bout de quelques minutes winbind est supprimé.

Version artica : la dernière nightly

Slts
guidtz
 
Posts: 2007
Joined: Sat Jan 17, 2009 3:08 am
Location: Vendée
Artica servers number: 3
Linux System: Debian
Technical skills: A Linux System Administrator

Re: winbind pas conservé dans nsswitch

New postby admin » Tue Feb 21, 2012 9:27 am

artica lance régulièrement la commande

Code: Select all
/usr/share/artica-postfix/bin/artica-install --nsswitch


peux-tu faire ceci

Code: Select all
/usr/share/artica-postfix/bin/artica-install --nsswitch --verbose


pour voir ce qui ne va pas
User avatar
admin
Site Admin
 
Posts: 11941
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: winbind pas conservé dans nsswitch

New postby guidtz » Tue Feb 21, 2012 9:38 am

Voici le résultat de la commande
Code: Select all
/etc/artica-postfix/MEMORY_INSTALLED -> 144Mn
/etc/artica-postfix/MEMORY_INSTALLED -> 144Mn
/etc/artica-postfix/MEMORY_INSTALLED -> 144Mn
/etc/artica-postfix/MEMORY_INSTALLED -> 144Mn
/etc/artica-postfix/MEMORY_INSTALLED -> 144Mn
/etc/artica-postfix/MEMORY_INSTALLED -> 144Mn
Starting......: Samba winbindd is installed
Starting......: Samba winbindd is installed
Starting......: Samba using ldap server "127.0.0.1"
Starting......: Samba using ldap server "127.0.0.1"
Tlogs.WriteToFile:: 753 bytes in /etc/pam_ldap.conf
Starting......: Samba /etc/pam_ldap.conf done
Starting......: Samba /etc/pam_ldap.conf done
Tlogs.WriteToFile:: 753 bytes in /etc/nss_ldap.conf
Tlogs.WriteToFile:: 753 bytes in /etc/libnss-ldap.conf
Starting......: Samba /etc/nss_ldap.conf done
Starting......: Samba /etc/nss_ldap.conf done
Tlogs.WriteToFile:: 753 bytes in /usr/share/libnss-ldap/ldap.conf
Starting......: Samba /usr/share/libnss-ldap/ldap.conf done
Starting......: Samba /usr/share/libnss-ldap/ldap.conf done
Tlogs.WriteToFile:: 475 bytes in /etc/ldap.conf
Tlogs.WriteToFile:: 475 bytes in /etc/ldap/ldap.conf
Tlogs.WriteToFile:: 475 bytes in /etc/ldap.conf
Starting......: Samba /etc/ldap.conf done
Starting......: Samba /etc/ldap.conf done
Starting......: pam.d, ActiveDirectory is Enabled
Starting......: pam.d, "/etc/pam.d/samba" done
Starting......: pam.d, "/etc/pam.d/common-account" done
Starting......: pam.d, "/etc/pam.d/common-auth" done
Starting......: pam.d, "/etc/pam.d/sudo" done
Starting......: pam.d, "/etc/pam.d/common-password" done
Starting......: pam.d, "/etc/pam.d/common-session" done
Tlogs.WriteToFile:: 6 bytes in /etc/pam_ldap.secret
Tlogs.WriteToFile:: 6 bytes in /etc/nss_ldap.secret
Tlogs.WriteToFile:: 6 bytes in /etc/libnss-ldap.secret
Tlogs.WriteToFile:: 6 bytes in /etc/ldap.secret
/bin/chmod 600 /etc/pam_ldap.secret >/tmp/artica-install-889e55ab5db7dcd8d0a30871a0c0b9ed-7750-00000.tmp 2>&1
/bin/chmod 600 /etc/nss_ldap.secret >/tmp/artica-install-889e55ab5db7dcd8d0a30871a0c0b9ed-7750-00000.tmp 2>&1
/bin/chmod 600 /etc/libnss-ldap.secret >/tmp/artica-install-889e55ab5db7dcd8d0a30871a0c0b9ed-7750-00000.tmp 2>&1
/bin/chmod 600 /etc/ldap.secret >/tmp/artica-install-889e55ab5db7dcd8d0a30871a0c0b9ed-7750-00000.tmp 2>&1
Starting......: nss-ldap pam_ldap.secret,nss_ldap.secret,libnss-ldap.secret,ldap.secret done
Starting......: nss-ldap pam_ldap.secret,nss_ldap.secret,libnss-ldap.secret,ldap.secret done


Donc si je rajoute winbind à la main et que je fais un getent j'ai bien mes utilisateurs AD une fois que cette commande passe j'ai plus winbind dans nsswitch et getent me liste plus les utilisateurs de l'AD

Slts
guidtz
 
Posts: 2007
Joined: Sat Jan 17, 2009 3:08 am
Location: Vendée
Artica servers number: 3
Linux System: Debian
Technical skills: A Linux System Administrator

Re: winbind pas conservé dans nsswitch

New postby admin » Tue Feb 21, 2012 2:49 pm

et est-ce que cette commande te rajoutes l'option winbind ?
User avatar
admin
Site Admin
 
Posts: 11941
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: winbind pas conservé dans nsswitch

New postby guidtz » Tue Feb 21, 2012 2:53 pm

non justement elle l'enlève
guidtz
 
Posts: 2007
Joined: Sat Jan 17, 2009 3:08 am
Location: Vendée
Artica servers number: 3
Linux System: Debian
Technical skills: A Linux System Administrator

Re: winbind pas conservé dans nsswitch

New postby admin » Tue Feb 21, 2012 3:07 pm

applique ce patch

puis

Code: Select all
echo "1" > /etc/artica-postfix/settings/Daemons/LinkWinbindToSytem


Ca va forcer artica-install à rajouter Winbind dans le nsswitch
Attachments
artica-install.tar.gz
(1.32 MiB) Downloaded 282 times
User avatar
admin
Site Admin
 
Posts: 11941
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: winbind pas conservé dans nsswitch

New postby guidtz » Tue Feb 21, 2012 3:36 pm

Fichier artica-install remplacé.

Code: Select all
echo "1" > /etc/artica-postfix/settings/Daemons/LinkWinbindToSytem


Et pourtant toujours pas de winbind dans nsswitch.


Code: Select all
# /usr/share/artica-postfix/bin/artica-install --nsswitch --verbose
/etc/artica-postfix/MEMORY_INSTALLED -> 122Mn
/etc/artica-postfix/MEMORY_INSTALLED -> 122Mn
/etc/artica-postfix/MEMORY_INSTALLED -> 122Mn
/etc/artica-postfix/MEMORY_INSTALLED -> 122Mn
/etc/artica-postfix/MEMORY_INSTALLED -> 122Mn
/etc/artica-postfix/MEMORY_INSTALLED -> 122Mn
Starting......: Samba winbindd is installed
Starting......: Samba winbindd is installed
Starting......: TypeOfSamba.......: 1
Starting......: TypeOfSamba.......: 1
Starting......: EnableKerbAuth....: 0
Starting......: EnableKerbAuth....: 0
Starting......: DisableWinbindd...: 1
Starting......: DisableWinbindd...: 1
Starting......: LinkWinbindToSytem: 1
Starting......: LinkWinbindToSytem: 1
Starting......: Samba using ldap server "127.0.0.1"
Starting......: Samba using ldap server "127.0.0.1"
Tlogs.WriteToFile:: 753 bytes in /etc/pam_ldap.conf
Starting......: Samba /etc/pam_ldap.conf done
Starting......: Samba /etc/pam_ldap.conf done
Tlogs.WriteToFile:: 753 bytes in /etc/nss_ldap.conf
Tlogs.WriteToFile:: 753 bytes in /etc/libnss-ldap.conf
Starting......: Samba /etc/nss_ldap.conf done
Starting......: Samba /etc/nss_ldap.conf done
Tlogs.WriteToFile:: 753 bytes in /usr/share/libnss-ldap/ldap.conf
Starting......: Samba /usr/share/libnss-ldap/ldap.conf done
Starting......: Samba /usr/share/libnss-ldap/ldap.conf done
Tlogs.WriteToFile:: 475 bytes in /etc/ldap.conf
Tlogs.WriteToFile:: 475 bytes in /etc/ldap/ldap.conf
Tlogs.WriteToFile:: 475 bytes in /etc/ldap.conf
Starting......: Samba /etc/ldap.conf done
Starting......: Samba /etc/ldap.conf done
Starting......: pam.d, ActiveDirectory is Enabled
Starting......: pam.d, "/etc/pam.d/samba" done
Starting......: pam.d, "/etc/pam.d/common-account" done
Starting......: pam.d, "/etc/pam.d/common-auth" done
Starting......: pam.d, "/etc/pam.d/sudo" done
Starting......: pam.d, "/etc/pam.d/common-password" done
Starting......: pam.d, "/etc/pam.d/common-session" done
Tlogs.WriteToFile:: 6 bytes in /etc/pam_ldap.secret
Tlogs.WriteToFile:: 6 bytes in /etc/nss_ldap.secret
Tlogs.WriteToFile:: 6 bytes in /etc/libnss-ldap.secret
Tlogs.WriteToFile:: 6 bytes in /etc/ldap.secret
/bin/chmod 600 /etc/pam_ldap.secret >/tmp/artica-install-201380512670457fa1e1b513b348cf83-27139-00000.tmp 2>&1
/bin/chmod 600 /etc/nss_ldap.secret >/tmp/artica-install-201380512670457fa1e1b513b348cf83-27139-00000.tmp 2>&1
/bin/chmod 600 /etc/libnss-ldap.secret >/tmp/artica-install-201380512670457fa1e1b513b348cf83-27139-00000.tmp 2>&1
/bin/chmod 600 /etc/ldap.secret >/tmp/artica-install-201380512670457fa1e1b513b348cf83-27139-00000.tmp 2>&1
Starting......: nss-ldap pam_ldap.secret,nss_ldap.secret,libnss-ldap.secret,ldap.secret done
Starting......: nss-ldap pam_ldap.secret,nss_ldap.secret,libnss-ldap.secret,ldap.secret done
guidtz
 
Posts: 2007
Joined: Sat Jan 17, 2009 3:08 am
Location: Vendée
Artica servers number: 3
Linux System: Debian
Technical skills: A Linux System Administrator

Re: winbind pas conservé dans nsswitch

New postby admin » Tue Feb 21, 2012 5:22 pm

tu as "DisableWinbindd" =1 donc artica vire winbindd

Code: Select all
echo "0" > /etc/artica-postfix/settings/Daemons/DisableWinbindd
User avatar
admin
Site Admin
 
Posts: 11941
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Re: winbind pas conservé dans nsswitch

New postby guidtz » Tue Feb 21, 2012 8:08 pm

Effectivement ça marche mieux, mais pourquoi cette variable était à disable alrs que j'ai bien paramétré mon accès AD avec le support Winbind.

Slts
guidtz
 
Posts: 2007
Joined: Sat Jan 17, 2009 3:08 am
Location: Vendée
Artica servers number: 3
Linux System: Debian
Technical skills: A Linux System Administrator

Re: winbind pas conservé dans nsswitch

New postby admin » Tue Feb 21, 2012 8:20 pm

Elle est dispo dans le formlaire principale.
User avatar
admin
Site Admin
 
Posts: 11941
Joined: Wed Oct 17, 2007 7:59 am
Location: France

Next

Return to Samba & Artica

Who is online

Users browsing this forum: No registered users and 1 guest

cron