[03:58] <[A] ndy80> hi
[04:00] <[A] ndy80> I've this configuration: a server with samba as PDC and with /home exported via NFS, a linux client that authenticate correctly to the DOMAIN using winbind and that mount /home remotely via NFS.... the problem is: when I login using DEBIANDOMAIN+claudio using client I can see the files on remote /home but I cannot write on it. Look at this strange thing: http://paste.ubuntu-nl.org/7265 the linux client doesn't know who 101
[04:00] <[A] ndy80> 0 UID is.
[04:00] <[A] ndy80> how can I fix this problem?
[04:06] <lionelp> what does an "id claudio" on the client tell you ?
[04:07] <[A] ndy80> lionelp: id: claudio: No such user
[04:07] <[A] ndy80> lionelp: claudio is only present on the server
[04:07] <lionelp> do you add a winbind source in the /etc/nsswitch.conf on the client ?
[04:07] <[A] ndy80> lionelp: the authentication is centralized on the server and the client uses winbind to autenticate on the PDC
[04:07] <lionelp> Ok
[04:08] <lionelp> You have three *diffrent* things that are necessary for what you want
[04:08] <lionelp> - files sharing : done via nfs, ok
[04:08] <lionelp> - authentication : done with PAM probabily, and with pam_winbind i suppose
[04:09] <[A] ndy80> yes pam_winbind
[04:09] <lionelp> - identification : your user must be known by the system. That is the job of libnss
[04:10] <lionelp> so you have to configure your nsswitch.conf in order to get your users via winbind
[04:10] <[A] ndy80> lionelp: I configured it to do it... wanna check my nsswitch.conf ? I can paste somewhere....
[04:11] <lionelp> http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html
[04:11] <lionelp> check the Configure nsswitch.conf and the Winbind Libraries on Linux and Solaris section
[04:11] <lionelp> yeah, paste your nsswitch.conf somewhere :)
[04:11] <[A] ndy80> lionelp: I used that howto. Look here http://paste.ubuntu-nl.org/7266
[04:11] <[A] ndy80> :)
[04:12] <[A] ndy80> idea!
[04:12] <[A] ndy80> passwd:         files winbind
[04:12] <[A] ndy80> maybe I've to change the order!   passwd:         winbind files
[04:12] <lionelp> yes, i saw
[04:12] <[A] ndy80> what do you think about it?
[04:13] <lionelp> no, it is correct
[04:13] <[A] ndy80> ah ok...
[04:13] <lionelp> do you just modify your nsswitch.conf ?
[04:13] <lionelp> (i mean few minutes ago without rebooting)
[04:13] <[A] ndy80> no no... it is the same as two days ago :)
[04:14] <[A] ndy80> I didn't change it
[04:14] <lionelp> Ok, so that's not a cache problem
[04:14] <lionelp> just shut down nscd in case where (/etc/init.d/nscd stop)
[04:15] <lionelp> you do not have any informations in auth.log or syslog ?
[04:19] <[A] ndy80> lionelp: you want to see auth.log on the server or on the client?
[04:19] <lionelp> on the client
[04:20] <[A] ndy80> ah ok... on the server I've: Jan 17 15:34:09 localhost pam_winbind[7973] : user 'DEBIANDOMAIN+claudio' granted access
[04:20] <[A] ndy80> no no!!
[04:20] <[A] ndy80> sorry
[04:20] <[A] ndy80> this is the client!
[04:20] <lionelp> yes, pam is ok
[04:21] <lionelp> you dot not see any information on libnss ?
[04:21] <[A] ndy80> where do I have to see them?
[04:21] <[A] ndy80> on wich log file?
[04:21] <lionelp> auth.log
[04:22] <[A] ndy80> lionelp: http://paste.ubuntu-nl.org/7268
[04:23] <[A] ndy80> a module is missing but I don't think it's related to my problem...
[04:23] <lionelp> no, it's not  a problem
[04:28] <[A] ndy80> lionelp: I'm reading this http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html in particular "Technical Issues"... I cannot understand if this matches my problem... wanna give e look if you can?
[04:29] <lionelp> did you shut down nscd ?
[04:29] <lionelp> it seems to be a big probem with winbind
[04:29] <lionelp> (i can't remember if it is  on the default install or not)
[04:30] <[A] ndy80> what is nscd?
[04:31] <lionelp> it is a cache daemon
[04:31] <Nafallo> Description: GNU C Library: Name Service Cache Daemon
[04:31] <[A] ndy80> lionelp: Do I have to stop it? How can I know if is it on?
[04:31] <[A] ndy80> thanks Nafallo
[04:32] <lionelp>  check if you have it : dpkg -l nscd
[04:32] <lionelp> but i think it is not installed by default
[04:32] <[A] ndy80> No packages found matching nscd.
[04:32] <[A] ndy80> it's not installed on the client
[04:33] <[A] ndy80> bingo!
[04:34] <[A] ndy80> look what getent passwd gives me on the client:
[04:34] <[A] ndy80> DEBIANDOMAIN+claudio:x:10002:10000::/home/DEBIANDOMAIN/claudio:/bin/bash
[04:34] <[A] ndy80> while on the server claudio is 1010
[04:34] <[A] ndy80> could it be the problem?
[04:36] <lionelp> hum... yeah !!!
[04:36] <[A] ndy80> client resolves claudio to 10002 not to 1010, using winbind...
[04:36] <[A] ndy80> :)
[04:36] <[A] ndy80> well.... how can I fix this situation :P ?
[04:37] <lionelp> sure :)
[04:37] <lionelp> can you check what you have in your smb.conf (on the server) in idmap uid =
[04:39] <[A] ndy80> lionelp: there is this line:  idmap uid = 10000-20000 but it's commented!
[04:40] <[A] ndy80> do I have to decomment it?
[04:42] <lionelp> decomment and do 1000-10000
[04:45] <[A] ndy80> and idmap gid?
[04:45] <[A] ndy80> same values?
[04:46] <lionelp> yep
[04:48] <[A] ndy80> lionelp: done... still same error...
[04:52] <[A] ndy80> lionelp: getent passwd executed on server gives me this: claudio:x:1010:1010:,,,:/home/DEBIANDOMAIN/claudio:/bin/bash
[04:52] <[A] ndy80> -__-
[04:52] <[A] ndy80> grrrrrr :\
[04:57] <[A] ndy80> one moment....
[04:58] <[A] ndy80> isn't it normal that local "claudio" user is 1010 and DEBIANDOMAIN+claudio is 10002? it could be that I've to set the owner of /home/DEBIANDOMAIN/claudio to DEBIANDOMAIN+claudio user not to claudio user... is it possible?
[05:01] <[A] ndy80> bingo! another time :)
[05:01] <[A] ndy80> lionelp: on server I did: chown -R 10002:10000 /home/DEBIANDOMAIN/claudio
[05:02] <[A] ndy80> now client "claudio" can write to that folder :)
[05:07] <lionelp> cool !
[05:10] <[A] ndy80> I'd like them to be the same.... :\
[05:35] <[A] ndy80> lionelp: I'm reading the winbind documentation.... winbind is not started on server! And I get an error trying to start it.
[05:35] <[A] ndy80> how can I check for error log?
[05:36] <[A] ndy80> I only see: Starting the Winbind daemon: winbind failed!
[05:38] <lionelp> look in /var/log/samba
[05:40] <[A] ndy80> no sorry... now is running....
[05:40] <[A] ndy80> O_o
[05:40] <[A] ndy80> I'm getting crazy -__-
[05:41] <lionelp> :)
[05:46] <[A] ndy80> lionelp: if I change the nsswitch.conf what Do i have to restart?
[05:46] <lionelp> nothing
[05:48] <[A] ndy80> ok....
[05:48] <[A] ndy80> don't know...
[05:48] <[A] ndy80> thanks anyway, I've to go now :(
[05:48] <[A] ndy80> see ya next time!
[05:48] <[A] ndy80> thanks again!
[06:00] <Pygi> join #fama
[06:00] <Pygi> bah :/
[06:35] <Pygi> o, welcome valandil
[06:39] <spike> anybody with experience running openswan+26sec|KLIPS and Kame that can spend a few words on it? besides the known stuff, KLIPS creating vpn devices, 26sec problems history and similar
[06:39] <spike> mostly I'm curios if any of the two offer advantages in terms of interoperability with appliances like cisco pix
[06:40] <spike> I was reading up on openswan, and NAT-T interoperability with ciscos is unknown
[08:39] <Pygi> o, chara :P