[Samba] Question on AIX 5.2, Samba and NT domains

[David Shapiro]

Welcome to the nightmare.  Well, I have gleemed the following:
 
After your make install, go into nsswitch directory in source and copy
WINBIND to /usr/lib/security.  Next, add to
/usr/lib/security/methods.cfg
WINBIND:
         programs=/usr/lib/security/WINBIND
 
Make sure this is before PAM: if that is in there.  You should then be
able to lsuser DOMAIN+user and do other commands too.  I know that the
lenght seems to be an issue (home directory does not work for me yet
(DOMAIN+user > 8).  I also have not had luck getting any idmap_backend
options to work (they all core dump winbindd).  I have seen no good
samba document either, although some mention to a dead link at redbooks
was out there, so maybe somewhere on redbooks ibm site there is a doc.
 
David
 
David Shapiro
Unix Team Lead
919-765-2011

>>> "Kent Wick" <Kent.Wick at ers.state.tx.us> 2/10/2006 12:33:08 PM >>>

Environment:
  AIX 5.2
  Samba 3.0.21b (compiled at this site with Visualage C/C++ 6.0)
      configure was run as:
      ./configure --prefix=/usr/local/samba --with-pam
--with-acl-support --with-aio-support --with-winbind
  Windows environment is a mix of Windows NT domain and Novell file
servers.

Does anybody know of a single document or set of documents that have a
"cookbook"
approach to creating/modifying the necessary AIX files to work with
Samba with "pam",
"winbind" and NSS support as a "member server"?

If I have userids in the NT domain that are longer than 8 characters,
am I "effed" when trying to get
them to seamlessly access Samba?  AIX 5.2 and below do not allow a
username or group name to 
have a value longer than 8 characters.  Do I need a "username map" file
for the long usernames?
As far as I can tell, the issue of long names in NT versus limitations
of some OS versions is never
discussed.

The "Samba3-HOWTO" document(s) in Chapter 23 talk about the compile
process creating the file
"libnss_winbind.so".  Something changed between document and Makefile
because I get a file named
WINBIND automatically created.  In that same chapter, it goes on to
talk about verifying winbind.
I can run the "wbinfo -u" and "wbinfo -g" commands just find and it
returns the the users and gorups
in the NT domain that Samba joined.  Then the document talks about
using "getent" to see both local
(AIX) and PDC users and groups.  Unfortunately, I don't have that one
in executable form.  I can see
the "getent" source in the testsuite/nsswitch directory but when I
compile just that program all that
it returns in the local users, nothing from the PDC.

If I am using Samba as a member server, do I even need to worry about
integrating PAM and winbindd?

Another few "nit's" in the Samba-HOWTO in "The Samba Checklist":
(1) When I run the "smbclient -L sambasrvrname" (as root), it asks for
a password.  When I give it the root
password, it comes back with "session setup failed:
NT_STATUS_LOGON_FAILURE".  When I just press
enter in response to the password request, it responds that it
connected anonymously and returns the 
necessary data.
(2) The "nmblookup" command in step 4 needs to be clarified a bit more.
 When I look at a print of the
web page, it sure looks like the BIGSERVER and the "__SAMBA__" are run
together.  For that matter,
I had to go the web page source to be certain that the "__" was a
double underscore and not a single.
Given the way some laser printer formatting works, it is entirely
possible that it could have been a single
underscore.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba