[Samba] login into AIX using winbind
kleber povoação
okleber at gmail.com
Wed Apr 6 16:33:10 MDT 2011
Can someone help me ?
I can´t login at the AIX machine using an Active directory user.
****************************
/etc/smb.conf
[global]
security = ads
realm = XXXXXXXX
password server = *
workgroup = YYYYY
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
log level = 3
template homedir = /home/%D/%U
template shell = /usr/bin/ksh
server string = %h server
winbind nested groups = Yes
winbind offline logon = true
interfaces = en3 lo0
bind interfaces only = yes
name resolve order = host wins bcast
lm announce = False
preferred master = False
keepalive = 30
auth methods = winbind
client use spnego = Yes
encrypt passwords = Yes
domain master = no
local master = no
preferred master = no
passdb backend = tdbsam
unix extensions = no
idmap config YYYYY : default = yes
idmap config YYYYY : backend = ad
idmap config YYYYY : range = 10000-20000
********************************************
/usr/lib/security/methods.cfg
WINBIND:
program = /usr/lib/security/WINBIND
KRB5A:
program = /usr/lib/security/KRB5A
options = authonly
program_64 = /usr/lib/security/KRB5A_64
KRB5Afiles:
options = db=BUILTIN,auth=KRB5A
NIS:
program = /usr/lib/security/NIS
program_64 = /usr/lib/security/NIS_64
DCE:
program = /usr/lib/security/DCE
***************************
/etc/security/user
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak
umask = 22
expires = 0
SYSTEM = "WINBIND OR compat"
registry = WINBIND
logintimes =
pwdwarntime = 3
account_locked = false
loginretries = 5
histexpire = 48
histsize = 8
minage = 1
maxage = 0
maxexpired = -1
minalpha = 4
minother = 2
minlen = 8
mindiff = 3
maxrepeats = 8
dictionlist =
pwdchecks =
default_roles =
*************************
/etc/krb5.conf
[libdefaults]
default_realm = wwww
default_keytab_name = FILE:/etc/krb5/krb5.keytab
forwardable = true
clockskew = 300
[realms]
BRASIL.LATAM.CEA = {
kdc = www:88
admin_server = www:749
default_domain = wwww
}
[domain_realm]
.xxx.xx.xx = XXXX
xxx.xx.xx = XXXX
[logging]
kdc = FILE:/var/krb5/log/krb5kdc.log
admin_server = FILE:/var/krb5/log/kadmin.log
kadmin_local = FILE:/var/krb5/log/kadmin_local.log
default = FILE:/var/krb5/log/krb5lib.log
******************
what´s works ?
lab1:/>wbinfo -i brab10_dbr
brab10_dbr:*:10000:10000:Anderson:/home/XXX/brab10_dbr:/usr/bin/ksh
wbinfo -g
net ads info
klist
***********************
what´s not work
lab1:/>lsuser -R WINBIND ALL -> show no error but not return any user.
lab1:/>
login with AD user at telnet or ssh or locally at console
*******************
tks all
More information about the samba
mailing list