[Samba] SAMBA Winbind and AIX and chown not showing ad user id
David Shapiro
David.Shapiro at bcbsnc.com
Mon Feb 6 23:19:13 GMT 2006
I changed the separator to + from / and now when I use
users=DOMAIN+mylogin, I get access to a share finally. However, when I
run chown DOMAIN+mylogin testdir, testdir is not set to DOMAIN+mylogin,
it is set to tempfn (temporary id is what the gecos/description says).
In aix land, what do I need to do to get it to use WINBIND to set the
diretory ownership now? My /usr/lib/security/methods.cfg has authonly
for WINBIND. I take it that is not enough? I saw something where they
wanted me to change SYSTEM=compat to
SYSTEM = "WINBIND OR WINBIND[UNAVAIL] AND compat", but when I do that,
nobody can log in to the system anymore.
My smb.conf now looks like the following:
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = User management Server
security = ADS
password server = ad.domain.com
log level = 10
log file = /usr/local/samba/var/log.%m
max log size = 50
name resolve order = hosts wins lmhosts bcast
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
preferred master = No
local master = No
dns proxy = No
wins server = svcmc02, svcmc03
idmap uid = 100000-200000
idmap gid = 100000-200000
winbind separator = +
winbind use default domain = Yes
winbind nested groups = Yes
aio read size = 1
aio write size = 1
[home]
path = /home/%D/%u
valid users = %S
read only = No
browseable = No
[samba]
path = /usr/local/samba
username = DOMAIN+mylogin
valid users = DOMAIN+mylogin
My /usr/lib/security/methods.cfg:
NIS:
program = /usr/lib/security/NIS
program_64 = /usr/lib/security/NIS_64
DCE:
program = /usr/lib/security/DCE
* PAM:
* program = /usr/lib/security/PAM
WINBIND:
program = /usr/lib/security/WINBIND
options = authonly
* options = auth=PAM,db=BUILTIN
(haven't had luck with pam either. It will not let me log in if I use
it too)
pam.conf:
sshd auth required /usr/lib/security/pam_aix
OTHER auth required /usr/lib/security/pam_aix
# Account management
sshd account required /usr/lib/security/pam_aix
OTHER account required /usr/lib/security/pam_aix
# Password management
sshd password required /usr/lib/security/pam_aix
OTHER password required /usr/lib/security/pam_aix
# Session management
sshd session required /usr/lib/security/pam_aix
OTHER session required /usr/lib/security/pam_aix
OTHER auth required /usr/lib/security/pam_winbind.so debug
use_first_pass unknown_ok DOMAIN
OTHER account required /usr/lib/security/pam_winbind.so debug
use_first_pass unknown_ok DOMAIN
OTHER session required /usr/lib/security/pam_winbind.so debug
use_first_pass unknown_ok DOMAIN
OTHER password required /usr/lib/security/pam_winbind.so debug
use_first_pass unknown_ok DOMAIN
David
David Shapiro
Unix Team Lead
919-765-2011
More information about the samba
mailing list