getent

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

getent

Nicholas A. Suppiah
Hi all,

My linux 2.6.5 users, authenticates to a win2k3 ads. The kinit is fine
but when i run the getent passwd and group it does not show the combined
users/groups. It displays only the linux user/groups

Previously it did show the groups from the win2k3 but I have no idea
what changes have been made on the Linux machine. Any idea what I should
look out for and how to test it?

I am using samba3.0.10 and krb5 1.3.6 and pam_krb5 2.0.10 packages for
fedora core2.


Nicholas
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: getent

Nicholas A. Suppiah
Correction,

When I set the winbind domain correctly, I get the combined linux and
win2k3 groups with the command
        getent group

but I still do not get the combined users with the command
        getent passwd

Any help?

Nicholas

On Tue, 2005-11-29 at 10:58, Nicholas A. Suppiah wrote:

> Hi all,
>
> My linux 2.6.5 users, authenticates to a win2k3 ads. The kinit is fine
> but when i run the getent passwd and group it does not show the combined
> users/groups. It displays only the linux user/groups
>
> Previously it did show the groups from the win2k3 but I have no idea
> what changes have been made on the Linux machine. Any idea what I should
> look out for and how to test it?
>
> I am using samba3.0.10 and krb5 1.3.6 and pam_krb5 2.0.10 packages for
> fedora core2.
>
>
> Nicholas
> ________________________________________________
> Kerberos mailing list           [hidden email]
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: getent

Fredrik Tolf
On Tue, 2005-11-29 at 11:09 +0800, Nicholas A. Suppiah wrote:

> Correction,
>
> When I set the winbind domain correctly, I get the combined linux and
> win2k3 groups with the command
> getent group
>
> but I still do not get the combined users with the command
> getent passwd
>
> Any help?

Did you add "winbind" to the "passwd" line in your /etc/nsswitch.conf?

Fredrik Tolf


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: getent

Bjorn Tore Sund
In reply to this post by Nicholas A. Suppiah

On Tue, 29 Nov 2005, Nicholas A. Suppiah wrote:

> Hi all,
>
> My linux 2.6.5 users, authenticates to a win2k3 ads. The kinit is fine
> but when i run the getent passwd and group it does not show the combined
> users/groups. It displays only the linux user/groups
>
> Previously it did show the groups from the win2k3 but I have no idea
> what changes have been made on the Linux machine. Any idea what I should
> look out for and how to test it?
>
> I am using samba3.0.10 and krb5 1.3.6 and pam_krb5 2.0.10 packages for
> fedora core2.

I assume you're using winbind?  Have you checked that:

  1. Winbindd is running?
  2. Nscd isn't running?
  3. 'klist -5' doesn't show your kerberos tickets as expired?

Bjørn
--
Bjørn Tore Sund            Phone:  (+47) 555-84894     Stupidity is like a
System administrator       Fax:    (+47) 555-89672     fractal; universal and
Math. Department           Mobile: (+47) 918 68075     infinitely repetitive.
University of Bergen       VIP:    81724
Support: http://bs.uib.no  Contact: [hidden email]  Direct: [hidden email]
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: getent

Nicholas A. Suppiah
In reply to this post by Fredrik Tolf
Hi Tolf,

Yes, /etc/nsswitch.conf contains:

passwd:     files winbind ldap
shadow:     files winbind ldap
group:      files winbind ldap
hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files
                                                             
ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind ldap
rpc:        files
services:   files winbind ldap
                                                           
netgroup:   files winbind ldap
publickey:  winbind
                                                                               
automount:  files winbind ldap
aliases:    files

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: getent

Nikhil-14
In reply to this post by Nicholas A. Suppiah
I suspect entries under /etc/nsswitch.conf, please mention of the kerberos
for passwd, shadow and group entries.
I am not sure though..
Regards.

On 11/29/05, Nicholas A. Suppiah <[hidden email]> wrote:

>
> Hi all,
>
> My linux 2.6.5 users, authenticates to a win2k3 ads. The kinit is fine
> but when i run the getent passwd and group it does not show the combined
> users/groups. It displays only the linux user/groups
>
> Previously it did show the groups from the win2k3 but I have no idea
> what changes have been made on the Linux machine. Any idea what I should
> look out for and how to test it?
>
> I am using samba3.0.10 and krb5 1.3.6 and pam_krb5 2.0.10 packages for
> fedora core2.
>
>
> Nicholas
> ________________________________________________
> Kerberos mailing list           [hidden email]
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



--
Nikhil

Google is Great !
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: getent

Nicholas A. Suppiah
In reply to this post by Bjorn Tore Sund
Hi Bjorn,

Winbind is running
nsc is stopped
and klist -5 shows the ticket last till tomorrow.

== begin klist -5 ===
Default principal: [hidden email]
 
Valid starting     Expires            Service principal
11/29/05 10:44:27  11/29/05 20:43:12  krbtgt/my.domain.my
        renew until 11/30/05 10:44:27
11/29/05 10:50:23  11/29/05 20:43:12  dcx2$@my.domain.my
        renew until 11/30/05 10:44:27

== end klist -5 ===

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos