=== _torkel [n=torkel@217.168.89.109] has joined #ubuntu-server === _torkel [n=torkel@217.168.89.109] has joined #ubuntu-server === dfgas [n=dfgas@adsl-69-210-84-17.dsl.milwwi.ameritech.net] has joined #ubuntu-server === torkel_ [n=torkel@217.168.89.109] has joined #ubuntu-server === _torkel [n=torkel@217.168.89.109] has joined #ubuntu-server === dfgas [n=dfgas@adsl-69-210-84-17.dsl.milwwi.ameritech.net] has joined #ubuntu-server === neuralis [n=krstic@hagen.kdb.hr] has joined #ubuntu-server === ealden [n=ealden@ipdial-166-155.tri-isys.com] has joined #ubuntu-server === ealden [n=ealden@ipdial-166-155.tri-isys.com] has joined #ubuntu-server === zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server === Valandil [n=chrys@dslb-084-056-080-136.pools.arcor-ip.net] has joined #ubuntu-server === soumyadip [n=soumyadi@59.93.201.115] has joined #ubuntu-server === zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server === lbm [n=lbm@cpe.atm4-0-1301006.0x50a0824e.vgnxx6.customer.tele.dk] has joined #ubuntu-server === soumyadip [n=soumyadi@59.93.201.115] has joined #ubuntu-server === MarioMeyer_ [n=meyer@ubuntu/member/mariomeyer] has joined #ubuntu-server === lionelp [n=lionel@10.21.96-84.rev.gaoland.net] has joined #ubuntu-server === _torkel [n=torkel@217.168.89.109] has joined #ubuntu-server === soumyadip [n=soumyadi@59.93.200.216] has joined #ubuntu-server === infinity [n=adconrad@cerberus.0c3.net] has joined #ubuntu-server === spike_ [n=spike@81-179-107-221.dsl.pipex.com] has joined #ubuntu-server === spike_ is now known as spike === ivoks [n=ivoks@ubuntu/member/ivoks] has joined #ubuntu-server === ajmitch_ [i=ajmitch@port169-187.ubs.maxnet.net.nz] has joined #ubuntu-server === mgalvin [n=mgalvin@ubuntu/member/mgalvin] has joined #ubuntu-server === digitalfallout [n=esharp@68-188-149-54.dhcp.aldl.mi.charter.com] has joined #ubuntu-server === [A] ndy80 [n=wettreyw@host98-157.pool8543.interbusiness.it] has joined #ubuntu-server [03:58] <[A] ndy80> hi [04:00] <[A] ndy80> I've this configuration: a server with samba as PDC and with /home exported via NFS, a linux client that authenticate correctly to the DOMAIN using winbind and that mount /home remotely via NFS.... the problem is: when I login using DEBIANDOMAIN+claudio using client I can see the files on remote /home but I cannot write on it. Look at this strange thing: http://paste.ubuntu-nl.org/7265 the linux client doesn't know who 101 [04:00] <[A] ndy80> 0 UID is. [04:00] <[A] ndy80> how can I fix this problem? [04:06] what does an "id claudio" on the client tell you ? [04:07] <[A] ndy80> lionelp: id: claudio: No such user [04:07] <[A] ndy80> lionelp: claudio is only present on the server [04:07] do you add a winbind source in the /etc/nsswitch.conf on the client ? [04:07] <[A] ndy80> lionelp: the authentication is centralized on the server and the client uses winbind to autenticate on the PDC [04:07] Ok [04:08] You have three *diffrent* things that are necessary for what you want [04:08] - files sharing : done via nfs, ok [04:08] - authentication : done with PAM probabily, and with pam_winbind i suppose [04:09] <[A] ndy80> yes pam_winbind [04:09] - identification : your user must be known by the system. That is the job of libnss [04:10] so you have to configure your nsswitch.conf in order to get your users via winbind [04:10] <[A] ndy80> lionelp: I configured it to do it... wanna check my nsswitch.conf ? I can paste somewhere.... [04:11] http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html [04:11] check the Configure nsswitch.conf and the Winbind Libraries on Linux and Solaris section [04:11] yeah, paste your nsswitch.conf somewhere :) [04:11] <[A] ndy80> lionelp: I used that howto. Look here http://paste.ubuntu-nl.org/7266 [04:11] <[A] ndy80> :) [04:12] <[A] ndy80> idea! [04:12] <[A] ndy80> passwd: files winbind [04:12] <[A] ndy80> maybe I've to change the order! passwd: winbind files [04:12] yes, i saw [04:12] <[A] ndy80> what do you think about it? [04:13] no, it is correct [04:13] <[A] ndy80> ah ok... [04:13] do you just modify your nsswitch.conf ? [04:13] (i mean few minutes ago without rebooting) [04:13] <[A] ndy80> no no... it is the same as two days ago :) [04:14] <[A] ndy80> I didn't change it [04:14] Ok, so that's not a cache problem [04:14] just shut down nscd in case where (/etc/init.d/nscd stop) [04:15] you do not have any informations in auth.log or syslog ? [04:19] <[A] ndy80> lionelp: you want to see auth.log on the server or on the client? [04:19] on the client [04:20] <[A] ndy80> ah ok... on the server I've: Jan 17 15:34:09 localhost pam_winbind[7973] : user 'DEBIANDOMAIN+claudio' granted access [04:20] <[A] ndy80> no no!! [04:20] <[A] ndy80> sorry [04:20] <[A] ndy80> this is the client! [04:20] yes, pam is ok [04:21] you dot not see any information on libnss ? [04:21] <[A] ndy80> where do I have to see them? [04:21] <[A] ndy80> on wich log file? [04:21] auth.log [04:22] <[A] ndy80> lionelp: http://paste.ubuntu-nl.org/7268 [04:23] <[A] ndy80> a module is missing but I don't think it's related to my problem... [04:23] no, it's not a problem [04:28] <[A] ndy80> lionelp: I'm reading this http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html in particular "Technical Issues"... I cannot understand if this matches my problem... wanna give e look if you can? [04:29] did you shut down nscd ? [04:29] it seems to be a big probem with winbind [04:29] (i can't remember if it is on the default install or not) [04:30] <[A] ndy80> what is nscd? [04:31] it is a cache daemon [04:31] Description: GNU C Library: Name Service Cache Daemon [04:31] <[A] ndy80> lionelp: Do I have to stop it? How can I know if is it on? [04:31] <[A] ndy80> thanks Nafallo [04:32] check if you have it : dpkg -l nscd [04:32] but i think it is not installed by default [04:32] <[A] ndy80> No packages found matching nscd. [04:32] <[A] ndy80> it's not installed on the client [04:33] <[A] ndy80> bingo! [04:34] <[A] ndy80> look what getent passwd gives me on the client: [04:34] <[A] ndy80> DEBIANDOMAIN+claudio:x:10002:10000::/home/DEBIANDOMAIN/claudio:/bin/bash [04:34] <[A] ndy80> while on the server claudio is 1010 [04:34] <[A] ndy80> could it be the problem? [04:36] hum... yeah !!! [04:36] <[A] ndy80> client resolves claudio to 10002 not to 1010, using winbind... [04:36] <[A] ndy80> :) [04:36] <[A] ndy80> well.... how can I fix this situation :P ? [04:37] sure :) [04:37] can you check what you have in your smb.conf (on the server) in idmap uid = [04:39] <[A] ndy80> lionelp: there is this line: idmap uid = 10000-20000 but it's commented! [04:40] <[A] ndy80> do I have to decomment it? [04:42] decomment and do 1000-10000 [04:45] <[A] ndy80> and idmap gid? [04:45] <[A] ndy80> same values? [04:46] yep [04:48] <[A] ndy80> lionelp: done... still same error... === soumyadip [n=soumyadi@59.93.241.200] has joined #ubuntu-server === ealden [n=ealden@219.90.91.90] has joined #ubuntu-server [04:52] <[A] ndy80> lionelp: getent passwd executed on server gives me this: claudio:x:1010:1010:,,,:/home/DEBIANDOMAIN/claudio:/bin/bash [04:52] <[A] ndy80> -__- [04:52] <[A] ndy80> grrrrrr :\ [04:57] <[A] ndy80> one moment.... [04:58] <[A] ndy80> isn't it normal that local "claudio" user is 1010 and DEBIANDOMAIN+claudio is 10002? it could be that I've to set the owner of /home/DEBIANDOMAIN/claudio to DEBIANDOMAIN+claudio user not to claudio user... is it possible? [05:01] <[A] ndy80> bingo! another time :) [05:01] <[A] ndy80> lionelp: on server I did: chown -R 10002:10000 /home/DEBIANDOMAIN/claudio [05:02] <[A] ndy80> now client "claudio" can write to that folder :) [05:07] cool ! [05:10] <[A] ndy80> I'd like them to be the same.... :\ [05:35] <[A] ndy80> lionelp: I'm reading the winbind documentation.... winbind is not started on server! And I get an error trying to start it. [05:35] <[A] ndy80> how can I check for error log? [05:36] <[A] ndy80> I only see: Starting the Winbind daemon: winbind failed! [05:38] look in /var/log/samba [05:40] <[A] ndy80> no sorry... now is running.... [05:40] <[A] ndy80> O_o [05:40] <[A] ndy80> I'm getting crazy -__- [05:41] :) [05:46] <[A] ndy80> lionelp: if I change the nsswitch.conf what Do i have to restart? [05:46] nothing === ajmitch [i=ajmitch@port164-8.ubs.maxnet.co.nz] has joined #ubuntu-server [05:48] <[A] ndy80> ok.... [05:48] <[A] ndy80> don't know... [05:48] <[A] ndy80> thanks anyway, I've to go now :( [05:48] <[A] ndy80> see ya next time! [05:48] <[A] ndy80> thanks again! === Pygi [n=mario@83-131-248-12.adsl.net.t-com.hr] has joined #ubuntu-server [06:00] join #fama [06:00] bah :/ === beezly [n=beezly@2001:630:63:16:230:1bff:feb7:2528] has joined #ubuntu-server === Valandil [n=chrys@dslb-084-056-104-208.pools.arcor-ip.net] has joined #ubuntu-server [06:35] o, welcome valandil [06:39] anybody with experience running openswan+26sec|KLIPS and Kame that can spend a few words on it? besides the known stuff, KLIPS creating vpn devices, 26sec problems history and similar [06:39] mostly I'm curios if any of the two offer advantages in terms of interoperability with appliances like cisco pix [06:40] I was reading up on openswan, and NAT-T interoperability with ciscos is unknown === lionelp [n=lionel@ip-128.net-82-216-65.rev.numericable.fr] has joined #ubuntu-server === zenrox [n=zenrox@71.115.198.118] has joined #ubuntu-server === MarioMeyer [n=meyer@ubuntu/member/mariomeyer] has joined #ubuntu-server [08:39] o, chara :P === _torkel [n=torkel@217.168.89.82] has joined #ubuntu-server === mipe [n=michael@135-2-124-83.dsl.3u.net] has joined #ubuntu-server