Subject: Re: nsswitch and libnss_winbind
To: Robby Griffin <rmg@yakshavers.com>
From: Sarton O'Brien <bsd-xen@roguewrt.org>
List: netbsd-users
Date: 05/30/2007 09:49:11
On Wed, 30 May 2007 12:29:42 am Robby Griffin wrote:
>  From experience with nss_ldap, I'd point out that the library will
> need to be found at /usr/lib/nss_foo.so.0, where foo is what you put
> in nsswitch.conf -- you can probably ktruss your test program and
> watch it try to dlopen this location. The library version number =3D=3D 0
> was not optional when I did this in NetBSD 3.1.

This was my first assumption as I use nss_ldap quite a bit for virtual=20
hosting.

As mentioned I tried copying and linking but no joy.

I found an archive from way back stating that libnss_winbind was not suppor=
ted=20
and that the nss_ldap library had been modified for NetBSD but the=20
pam_winbind library should still allow authentication if you modify your=20
pam.d conf.

I thought seeing as the article was quite old that this may have changed.

> Make sure your test program is something dynamically linked. I
> happened to make the mistake of deciding on "echo ~user" in tcsh, but
> then running a static tcsh on the box I was setting up. In that case
> dynamic loading of arbitrary nss modules just doesn't happen.

=46rom my understanding I should at least receive debug from winbindd once=
=20
libnss_winbind has been accessed for retrieving the group listing from the=
=20
DC. So far I get nothing at all. It seems the library is not in the right=20
spot, linked correctly or is just not being used.

As the program I am using to test merely uses nsswitch I wouldn't know wher=
e=20
to look for any calls possibly being made to the required library.

I guess the answer I am looking for is a firm 'yes this facility works, I h=
ave=20
it set like this'  :) ... or a 'no it's not supported' would suffice.

Thanks for your help.

Sarton