[Samba] login into AIX using winbind

William E Jojo w.jojo at hvcc.edu
Wed Apr 6 19:08:57 MDT 2011


----- Original Message -----
> From: "kleber povoação" <okleber at gmail.com>
> To: samba at lists.samba.org
> Sent: Wednesday, April 6, 2011 6:33:10 PM
> Subject: [Samba] login into AIX using winbind
> Can someone help me ?
> 
> I can´t login at the AIX machine using an Active directory user.
> ****************************
> /etc/smb.conf
> 
> [global]
> security = ads
> realm = XXXXXXXX
> password server = *
> workgroup = YYYYY
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind use default domain = yes
> log level = 3
> template homedir = /home/%D/%U
> template shell = /usr/bin/ksh
> server string = %h server
> winbind nested groups = Yes
> winbind offline logon = true
> interfaces = en3 lo0
> bind interfaces only = yes
> name resolve order = host wins bcast
> lm announce = False
> preferred master = False
> keepalive = 30
> auth methods = winbind
> client use spnego = Yes
> encrypt passwords = Yes
> domain master = no
> local master = no
> preferred master = no
> passdb backend = tdbsam
> unix extensions = no
> idmap config YYYYY : default = yes
> idmap config YYYYY : backend = ad
> idmap config YYYYY : range = 10000-20000
> ********************************************
> /usr/lib/security/methods.cfg
> 
> WINBIND:
> program = /usr/lib/security/WINBIND
> 
> KRB5A:
> program = /usr/lib/security/KRB5A
> options = authonly
> program_64 = /usr/lib/security/KRB5A_64
> 
> KRB5Afiles:
> options = db=BUILTIN,auth=KRB5A
> 
> NIS:
> program = /usr/lib/security/NIS
> program_64 = /usr/lib/security/NIS_64
> 
> 
> DCE:
> program = /usr/lib/security/DCE
> 
> 
> ***************************
> /etc/security/user
> 
> default:
> admin = false
> login = true
> su = true
> daemon = true
> rlogin = true
> sugroups = ALL
> admgroups =
> ttys = ALL
> auth1 = SYSTEM
> auth2 = NONE
> tpath = nosak
> umask = 22
> expires = 0
> SYSTEM = "WINBIND OR compat"
> registry = WINBIND
> logintimes =
> pwdwarntime = 3
> account_locked = false
> loginretries = 5
> histexpire = 48
> histsize = 8
> minage = 1
> maxage = 0
> maxexpired = -1
> minalpha = 4
> minother = 2
> minlen = 8
> mindiff = 3
> maxrepeats = 8
> dictionlist =
> pwdchecks =
> default_roles =
> *************************
> /etc/krb5.conf
> [libdefaults]
> default_realm = wwww
> default_keytab_name = FILE:/etc/krb5/krb5.keytab
> forwardable = true
> clockskew = 300
> 
> [realms]
> BRASIL.LATAM.CEA = {
> kdc = www:88
> admin_server = www:749
> default_domain = wwww
> }
> 
> [domain_realm]
> .xxx.xx.xx = XXXX
> xxx.xx.xx = XXXX
> 
> [logging]
> kdc = FILE:/var/krb5/log/krb5kdc.log
> admin_server = FILE:/var/krb5/log/kadmin.log
> kadmin_local = FILE:/var/krb5/log/kadmin_local.log
> default = FILE:/var/krb5/log/krb5lib.log
> 
> ******************
> what´s works ?
> 
> 
> lab1:/>wbinfo -i brab10_dbr
> brab10_dbr:*:10000:10000:Anderson:/home/XXX/brab10_dbr:/usr/bin/ksh
> 
> wbinfo -g
> 
> net ads info
> 
> klist
> ***********************
> what´s not work
> 
> lab1:/>lsuser -R WINBIND ALL -> show no error but not return any user.
> lab1:/>
> 

ALL has never worked. There is a timeout issue within AIX that I was never able to track down.


> login with AD user at telnet or ssh or locally at console


How are you logging in? Is the user fully-qualified? (Should not be necessary with winbind use default domain). Is there a home dir ready to receive them?

Does "lsuser -R WINBIND username" return what you expect?

Does chown allow you to specify an AD user?

Anything in your log level 3 that may help?


Cheers,
Bill


> 
> *******************
> 
> tks all
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba


More information about the samba mailing list