[Samba] login into AIX using winbind

kleber povoação okleber at gmail.com
Wed Apr 6 16:33:10 MDT 2011 

Can someone help me ?

I can´t login at the AIX machine using an Active directory user.
****************************
/etc/smb.conf

[global]
security = ads
realm = XXXXXXXX
password server = *
workgroup = YYYYY
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
log level = 3
template homedir = /home/%D/%U
template shell = /usr/bin/ksh
server string = %h server
winbind nested groups = Yes
winbind offline logon = true
interfaces = en3 lo0
bind interfaces only = yes
name resolve order = host wins bcast
lm announce = False
preferred master = False
keepalive = 30
auth methods = winbind
client use spnego = Yes
encrypt passwords = Yes
domain master = no
local master = no
preferred master = no
passdb backend = tdbsam
unix extensions = no
idmap config YYYYY : default  = yes
idmap config YYYYY : backend  = ad
idmap config YYYYY : range  = 10000-20000
********************************************
/usr/lib/security/methods.cfg

WINBIND:
       program = /usr/lib/security/WINBIND

KRB5A:
        program = /usr/lib/security/KRB5A
        options = authonly
        program_64 = /usr/lib/security/KRB5A_64

KRB5Afiles:
        options = db=BUILTIN,auth=KRB5A

NIS:
        program = /usr/lib/security/NIS
        program_64 = /usr/lib/security/NIS_64


DCE:
        program = /usr/lib/security/DCE


***************************
/etc/security/user

default:
        admin = false
        login = true
        su = true
        daemon = true
        rlogin = true
        sugroups = ALL
        admgroups =
        ttys = ALL
        auth1 = SYSTEM
        auth2 = NONE
        tpath = nosak
        umask = 22
        expires = 0
        SYSTEM = "WINBIND OR compat"
        registry = WINBIND
        logintimes =
        pwdwarntime = 3
        account_locked = false
        loginretries = 5
        histexpire = 48
        histsize = 8
        minage = 1
        maxage = 0
        maxexpired = -1
        minalpha = 4
        minother = 2
        minlen = 8
        mindiff = 3
        maxrepeats = 8
        dictionlist =
        pwdchecks =
        default_roles =
*************************
/etc/krb5.conf
[libdefaults]
        default_realm = wwww
        default_keytab_name = FILE:/etc/krb5/krb5.keytab
        forwardable = true
        clockskew = 300

[realms]
        BRASIL.LATAM.CEA = {
                kdc = www:88
                admin_server = www:749
                default_domain = wwww
        }

[domain_realm]
        .xxx.xx.xx = XXXX
        xxx.xx.xx = XXXX

[logging]
        kdc = FILE:/var/krb5/log/krb5kdc.log
        admin_server = FILE:/var/krb5/log/kadmin.log
        kadmin_local = FILE:/var/krb5/log/kadmin_local.log
        default = FILE:/var/krb5/log/krb5lib.log

******************
what´s works ?


lab1:/>wbinfo -i brab10_dbr
brab10_dbr:*:10000:10000:Anderson:/home/XXX/brab10_dbr:/usr/bin/ksh

wbinfo -g

net ads info

klist
***********************
what´s not work

lab1:/>lsuser -R WINBIND ALL  -> show no error but not return any user.
lab1:/>

login with AD user at telnet or ssh or locally at console

*******************

tks all

More information about the samba mailing list