[Samba] chown DOMAIN+mylogin /dir fails (Please help)
Doug VanLeuven
roamdad at sonic.net
Fri Feb 10 20:22:37 GMT 2006
David Shapiro wrote:
> I only see winbind_nss_aix.po, but I do not see the .c file. NIS ALL
> works, but LDAP and WINBIND both do not.
Hi Dave,
I'm having to work from memory as the work I did on AIX ended
last June. In addidtion, when I formulated the phase transitions
from samba 2.x nt40 style member to samba 3.x AD member, it
was 2003 and at that time, winbindd on AIX wouldn't support
returning sufficient information to allow managing user and
group accounts using the -R option to chuser, chgroup, mkuser,
mkgroup, rmuser, rmgroup. That's why the writeups say
/usr/lib/security/methods.cfg WINBIND: options=authonly
and KRB5A: options=authonly
So NIS and LDAP can be used to maintain the user and group
attributes but winbind and kerberos were only used to
authenticate an existing user defined locally or in NIS/LDAP,
where LDAP is the AIX native LDAP security model.
If NIS works and LDAP and WINBIND don't, it looks like you've
implemented NIS but not LDAP and WINBIND is configured to
"authonly". If winbind's capable of returning sufficient
information to satisfy lsuser, remove the authonly option.
I figured you'd look thru winbind_nss_aix.c and make a
determiniation whether or not that was possible with
your version of samba.
Regards, Doug
>
> David Shapiro
> Unix Team Lead
> 919-765-2011
>
> >>> Doug VanLeuven <roamdad at sonic.net> 2/9/2006 11:03:38 PM >>>
> David Shapiro wrote:
> > What can I look at to understand why chown keeps saying user does not
> > exist.
> >
> > wbinfo -u/-g returns the user information
> > klist -v shows kerberos is working
> > net ads join works fine
> > wbinfo -t shows secret is fine
> >
> >
> > aix does not have getent so I can't run getent passwd -- is there
> > something equivalent on aix?
>
> Closest you're going to get is lsuser -R <load_module>
> lsuser -R NIS ALL
> lsuser -R LDAP ALL
> lsuser -R WINBIND ALL
>
> and of course lsgroup -R <load_module>
>
> >
> > /usr/lib/security/methods.cfg has:
> >
> > WINBIND:
> > program = /usr/lib/security/WINBIND (set with chmod 444)
> > options =authonly
>
> Authonly means it's not capable of supplying any user information.
> I don't know that's true anymore.
>
> Look in source/nsswitch/winbind_nss_aix.c
> Available methods are at the end of the file.
> Not all methods are implemented, and not all methods implemented
> return a valid answere.
>
> Regards, Doug
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list