[Samba] SAMBA Winbind and AIX and chown not showing ad user id

David Shapiro David.Shapiro at bcbsnc.com
Mon Feb 6 23:19:13 GMT 2006


I changed the separator to + from / and now when I use
users=DOMAIN+mylogin, I get access to a share finally.  However, when I
run chown DOMAIN+mylogin testdir, testdir is not set to DOMAIN+mylogin,
it is set to tempfn (temporary id is what the gecos/description says). 
In aix land, what do I need to do to get it to use WINBIND to set the
diretory ownership now?  My /usr/lib/security/methods.cfg has authonly
for WINBIND.  I take it that is not enough?  I saw something where they
wanted me to change SYSTEM=compat to 
 SYSTEM = "WINBIND OR WINBIND[UNAVAIL] AND compat", but when I do that,
nobody can log in to the system anymore.  
 
My smb.conf now looks like the following:
 
[global]
        workgroup = DOMAIN
        realm = DOMAIN.COM
        server string = User management Server
        security = ADS
        password server = ad.domain.com
        log level = 10
        log file = /usr/local/samba/var/log.%m
        max log size = 50
        name resolve order = hosts wins lmhosts bcast
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        preferred master = No
        local master = No
        dns proxy = No
        wins server = svcmc02, svcmc03
        idmap uid = 100000-200000
        idmap gid = 100000-200000
        winbind separator = +
        winbind use default domain = Yes
        winbind nested groups = Yes
        aio read size = 1
        aio write size = 1
 
[home]
        path = /home/%D/%u
        valid users = %S
        read only = No
        browseable = No
 
[samba]
        path = /usr/local/samba
        username = DOMAIN+mylogin
        valid users = DOMAIN+mylogin

 
My /usr/lib/security/methods.cfg:
 
NIS:
        program = /usr/lib/security/NIS
        program_64 = /usr/lib/security/NIS_64
 
DCE:
        program = /usr/lib/security/DCE
 
* PAM:
*       program = /usr/lib/security/PAM
 
WINBIND:
        program = /usr/lib/security/WINBIND
        options = authonly
*        options = auth=PAM,db=BUILTIN

(haven't had luck with pam either.  It will not let me log in if I use
it too)
 
pam.conf:
 
sshd    auth            required        /usr/lib/security/pam_aix
OTHER   auth            required        /usr/lib/security/pam_aix
 
# Account management
sshd    account         required        /usr/lib/security/pam_aix
OTHER   account         required        /usr/lib/security/pam_aix
 
# Password management
sshd    password        required        /usr/lib/security/pam_aix
OTHER   password        required        /usr/lib/security/pam_aix
 
# Session management
sshd    session         required        /usr/lib/security/pam_aix
OTHER   session         required        /usr/lib/security/pam_aix
 
OTHER   auth     required       /usr/lib/security/pam_winbind.so debug
use_first_pass unknown_ok DOMAIN
OTHER   account  required       /usr/lib/security/pam_winbind.so debug
use_first_pass unknown_ok DOMAIN
OTHER   session  required       /usr/lib/security/pam_winbind.so debug
use_first_pass unknown_ok DOMAIN
OTHER   password required       /usr/lib/security/pam_winbind.so debug
use_first_pass unknown_ok DOMAIN

 
David
 
David Shapiro
Unix Team Lead
919-765-2011


More information about the samba mailing list