[Samba] chown DOMAIN+mylogin /dir fails (Please help)

David Shapiro David.Shapiro at bcbsnc.com
Fri Feb 10 22:53:00 GMT 2006 

Thanks for the info.  Should I expect su - DOMAIN+mylogin to work?  I
can now do chown/chgrp commands.  When I run su - DOMAIN+mylogin, I get
in messages:
 
Feb 10 17:39:59 svcanimp su: BAD SU from root to _0100000 at
/dev/pts/5
 
and the message: 3004-503 Cannot set process credentials. goes out to
stdout.
 
David
 
 
 
David Shapiro
Unix Team Lead
919-765-2011

>>> Doug VanLeuven <roamdad at sonic.net> 2/10/2006 3:22:37 PM >>>

David Shapiro wrote:
> I only see winbind_nss_aix.po, but I do not see the .c file.  NIS ALL

> works, but LDAP and WINBIND both do not.

Hi Dave,
I'm having to work from memory as the work I did on AIX ended
last June.  In addidtion, when I formulated the phase transitions
from samba 2.x nt40 style member to samba 3.x AD member, it
was 2003 and at that time, winbindd on AIX wouldn't support
returning sufficient information to allow managing user and
group accounts using the -R option to chuser, chgroup, mkuser,
mkgroup, rmuser, rmgroup.  That's why the writeups say
/usr/lib/security/methods.cfg WINBIND: options=authonly
and KRB5A: options=authonly

So NIS and LDAP can be used to maintain the user and group
attributes but winbind and kerberos were only used to
authenticate an existing user defined locally or in NIS/LDAP,
where LDAP is the AIX native LDAP security model.

If NIS works and LDAP and WINBIND don't, it looks like you've
implemented NIS but not LDAP and WINBIND is configured to
"authonly".  If winbind's capable of returning sufficient
information to satisfy lsuser, remove the authonly option.
I figured you'd look thru winbind_nss_aix.c and make a
determiniation whether or not that was possible with
your version of samba.

Regards, Doug

>  
> David Shapiro
> Unix Team Lead
> 919-765-2011
> 
>  >>> Doug VanLeuven <roamdad at sonic.net> 2/9/2006 11:03:38 PM >>>
> David Shapiro wrote:
>  > What can I look at to understand why chown keeps saying user does
not
>  > exist. 
>  > 
>  > wbinfo -u/-g returns the user information
>  > klist -v shows kerberos is working
>  > net ads join works fine
>  > wbinfo -t shows secret is fine
>  > 
>  > 
>  > aix does not have getent so I can't run getent passwd -- is there
>  > something equivalent on aix?
> 
> Closest you're going to get is lsuser -R <load_module>
> lsuser -R NIS ALL
> lsuser -R LDAP ALL
> lsuser -R WINBIND ALL
> 
> and of course lsgroup -R <load_module>
> 
>  > 
>  > /usr/lib/security/methods.cfg has:
>  > 
>  > WINBIND:
>  >     program = /usr/lib/security/WINBIND (set with chmod 444)
>  >     options =authonly
> 
> Authonly means it's not capable of supplying any user information.
> I don't know that's true anymore.
> 
> Look in source/nsswitch/winbind_nss_aix.c
> Available methods are at the end of the file.
> Not all methods are implemented, and not all methods implemented
> return a valid answere.
> 
> Regards, Doug
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list