[Samba] login into AIX using winbind
kleber povoação
okleber at gmail.com
Thu Apr 7 15:14:33 MDT 2011
NOW WORKS
YES :)
I leave methods.cfg
WINBIND:
program = /usr/lib/security/WINBIND
program_64 = /usr/lib/security/WINBIND
and changed my smb.conf
[global]
security = ads
realm = BRASIL.LATAM.CEA
password server = *
workgroup = CEABR
;idmap backend = idmap_rid:CEABR=10000-20000
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
log level = 3
template shell = /usr/bin/ksh
server string = %h server
winbind nested groups = Yes
winbind offline logon = true
interfaces = en3 lo0
preferred master = False
auth methods = winbind
domain master = no
local master = no
preferred master = no
;allow trusted domains = No
winbind enum users = No
winbind enum groups = No
tks Will for your contribution and if you need some tests or help to
continue developing this works, I´m here.
Tks again.
Em 7 de abril de 2011 17:33, kleber povoação <okleber at gmail.com> escreveu:
> I tried now
> ceaulab1:/opt/pware/var>wbinfo -i brab10_dbr
> Could not get info for user brab10_dbr
>
> before worked, after changed version not.
> I got this error at logs but just once after running wbinfo -i brab10_dbr
>
> ceaulab1:/opt/pware/var>cat log.winbindd-idmap
> [2011/04/07 17:29:57.299640, 1]
> winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids)
> Could not get unix ID
>
>
> Em 7 de abril de 2011 17:25, kleber povoação <okleber at gmail.com> escreveu:
>> I didn´t find WINBIND_64 so I changed the versions:
>>
>> pware61.base.rte 6.1.0.0 COMMITTED pWare base for 6.1
>> pware61.bdb.rte 4.7.25.4 COMMITTED Oracle Berkeley DB 4.7.25
>> pware61.cyrus-sasl.rte 2.1.23.0 COMMITTED Cyrus SASL 2.1.23
>> pware61.gettext.rte 0.18.1.1 COMMITTED GNU gettext 0.18.1.1
>> pware61.krb5.rte 1.8.3.0 COMMITTED MIT Kerberos 1.8.3
>> pware61.libiconv.rte 1.13.1.0 COMMITTED GNU libiconv 1.13.1
>> pware61.ncurses.rte 5.7.0.0 COMMITTED ncurses 5.7
>> pware61.openldap.rte 2.4.23.0 COMMITTED OpenLDAP 2.4.23
>> pware61.openssl.rte 0.9.8.15 COMMITTED OpenSSL 0.9.8o
>> pware61.popt.rte 1.16.0.0 COMMITTED popt 1.16
>> pware61.readline.rte 6.1.2.0 COMMITTED GNU readline 6.1
>> pware61.samba.rte 3.5.6.0 COMMITTED Samba 3.5.6
>> pware61.zlib.rte 1.2.5.0 COMMITTED zlib 1.2.5
>>
>> again this file( WINBIND_64) not exist
>>
>> ceaulab1:/opt/pware>find . -name *WINB*
>> ./lib/security/WINBIND
>> ceaulab1:/opt/pware>
>>
>> I just added one line at methods.cfg
>>
>> WINBIND:
>> program = /usr/lib/security/WINBIND
>> program_64 = /usr/lib/security/WINBIND
>>
>> and tried
>>
>> WINBIND:
>> program_64 = /usr/lib/security/WINBIND
>>
>> I just copied it from /opt/pware/lib/security/WINBIND to /usr/lib/security
>>
>> I´m at the same. Any idea ?
>>
>>
>> Em 7 de abril de 2011 12:02, William E Jojo <w.jojo at hvcc.edu> escreveu:
>>>
>>>
>>> ----- Original Message -----
>>>> From: "kleber povoação" <okleber at gmail.com>
>>>> To: "William E Jojo" <w.jojo at hvcc.edu>
>>>> Cc: samba at lists.samba.org
>>>> Sent: Thursday, April 7, 2011 10:05:22 AM
>>>> Subject: Re: [Samba] login into AIX using winbind
>>>> I´m trying log using just the username: brab10_dbr, without domain
>>>> CEABR at login.
>>>> **********
>>>> ceaulab1:/opt/pware64/var>lslpp -l | grep pware
>>>> pware53-64.base.rte 5.3.0.0 COMMITTED 64-bit pWare base for 5.3
>>>> pware53-64.bdb.rte 4.7.25.4 COMMITTED Berkeley DB 4.7.25 (64-bit)
>>>> pware53-64.cyrus-sasl.rte
>>>> pware53-64.gettext.rte 0.17.0.0 COMMITTED GNU gettext 0.17 (64-bit)
>>>> pware53-64.krb5.rte 1.8.3.0 COMMITTED MIT Kerberos 1.8.3 (64-bit)
>>>> pware53-64.libiconv.rte 1.13.1.0 COMMITTED GNU libiconv 1.13.1
>>>> (64-bit)
>>>> pware53-64.ncurses.rte 5.7.0.1 COMMITTED ncurses 5.7.0.1 (64-bit)
>>>> pware53-64.openldap.rte 2.4.23.0 COMMITTED OpenLDAP 2.4.23 (64-bit)
>>>> pware53-64.openssl.rte 0.9.8.15 COMMITTED OpenSSL 0.9.8o (64-bit)
>>>> pware53-64.popt.rte 1.10.4.0 COMMITTED popt 1.10.4 (64-bit)
>>>> pware53-64.readline.rte 6.1.0.0 COMMITTED GNU readline 6.1 (64-bit)
>>>> pware53-64.samba.rte 3.5.6.0 COMMITTED Samba 3.5.6 (64-bit)
>>>> pware53-64.zlib.rte 1.2.4.0 COMMITTED zlib 1.2.4 (64-bit)
>>>
>>> Thank you for using pWare. ;-)
>>>
>>> I would have expected the pware61.* to be running on AIX 6.1
>>>
>>> Now that I know you are running the 64-bit stuff, you will need to change the methods.cfg:
>>>
>>> program_64 = /usr/lib/security/WINBIND_64
>>>
>>>
>>> Only the 64-bit WINBIND is provided with pware53-64.
>>>
>>>
>>> Let me know how you get on. :-)
>>>
>>>
>>> Cheers,
>>> Bill
>>>
>>>
>>>> ********
>>>> AIX 6100-06
>>>> ********************
>>>> ceaulab1:/>lsuser -R WINBIND brab10_dbr
>>>> 3004-687 User "brab10_dbr" does not exist.
>>>>
>>>> Do I need not to do a mkuser ok ? Because the user is at AD.
>>>> ***************************
>>>> ceaulab1:/tmp>touch file
>>>> ceaulab1:/tmp>chown brab10_dbr file
>>>> chown: 3002-131 brab10_dbr is an unknown username.
>>>> ***********************
>>>> ceaulab1:/opt/pware64/var>telnet localhost
>>>> Trying...
>>>> Connected to localhost.
>>>> Escape character is '^]'.
>>>>
>>>>
>>>> telnet (ceaulab1)
>>>>
>>>>
>>>>
>>>> Login: brab10_dbr
>>>> brab10_dbr's Password:
>>>> 3004-007 You entered an invalid login name or password.
>>>> login:
>>>>
>>>> ******************
>>>> file /opt/pware64/var/log.winbind
>>>>
>>>> At the folowing file I noted one line "connection_ok: Connection to
>>>> for domain CEABR is not connected" -> CEABR is windows workgroup that
>>>> user brab10_db belong.
>>>>
>>>> ceaulab1:/opt/pware64/var>cat log.winbindd
>>>> [2011/04/07 10:48:01, 0] winbindd/winbindd.c:1105(main)
>>>> winbindd version 3.5.6 started.
>>>> Copyright Andrew Tridgell and the Samba Team 1992-2010
>>>> [2011/04/07 10:48:01.968181, 2]
>>>> lib/tallocmsg.c:106(register_msg_pool_usage)
>>>> Registered MSG_REQ_POOL_USAGE
>>>> [2011/04/07 10:48:01.968302, 2]
>>>> lib/dmallocmsg.c:77(register_dmalloc_msgs)
>>>> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
>>>> [2011/04/07 10:48:01.968399, 3] param/loadparm.c:9158(lp_load_ex)
>>>> lp_load_ex: refreshing parameters
>>>> Initialising global parameters
>>>> rlimit_max: rlimit_max (2000) below minimum Windows limit (16384)
>>>> [2011/04/07 10:48:01.968567, 3] ../lib/util/params.c:550(pm_process)
>>>> params.c:pm_process() - Processing configuration file
>>>> "/opt/pware64/lib/smb.conf"
>>>> [2011/04/07 10:48:01.968641, 3] param/loadparm.c:7842(do_section)
>>>> Processing section "[global]"
>>>> [2011/04/07 10:48:01.969161, 3] param/loadparm.c:6313(lp_add_ipc)
>>>> adding IPC service
>>>> [2011/04/07 10:48:01.976518, 2] lib/interface.c:340(add_interface)
>>>> added interface en3 ip=10.x.x.x bcast=10.x.x.255 netmask=
>>>> [2011/04/07 10:48:01.976670, 2] lib/interface.c:340(add_interface)
>>>> added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=
>>>> [2011/04/07 10:48:01.976832, 2] lib/interface.c:340(add_interface)
>>>> added interface en3 ip=10.x.x.x bcast=10.x.x.255 netmask=
>>>> [2011/04/07 10:48:01.976912, 2] lib/interface.c:340(add_interface)
>>>> added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=
>>>> [2011/04/07 10:48:04.035216, 1]
>>>> lib/tdb_validate.c:457(tdb_validate_and_backup)
>>>> tdb '/opt/pware64/var/locks/winbindd_cache.tdb' is valid
>>>> [2011/04/07 10:48:08.296102, 1]
>>>> lib/tdb_validate.c:467(tdb_validate_and_backup)
>>>> Created backup '/opt/pware64/var/locks/winbindd_cache.tdb.bak' of
>>>> tdb '/opt/pware64/var/locks/winbindd_cache.tdb'
>>>> [2011/04/07 10:48:08.375298, 2]
>>>> winbindd/winbindd_util.c:221(add_trusted_domain)
>>>> Added domain BUILTIN S-1-5-32
>>>> [2011/04/07 10:48:08.375504, 2]
>>>> winbindd/winbindd_util.c:221(add_trusted_domain)
>>>> Added domain CEAULAB1 S-1-5-21-275589774-1111006802-1142404070
>>>> [2011/04/07 10:48:08.375700, 2]
>>>> winbindd/winbindd_util.c:221(add_trusted_domain)
>>>> Added domain WW S-1-5-21-477278139-4163948897-2641029873
>>>> [2011/04/07 10:48:09.095861, 2]
>>>> winbindd/winbindd_util.c:221(add_trusted_domain)
>>>> Added domain WWW S-1-5-21-4109860217-3884139575-1781413053
>>>> [2011/04/07 10:48:09.096544, 2]
>>>> winbindd/winbindd_util.c:221(add_trusted_domain)
>>>> Added domain CW S-1-5-21-3224037681-1998144755-3803369224
>>>> [2011/04/07 10:48:09.104932, 2]
>>>> winbindd/winbindd_util.c:221(add_trusted_domain)
>>>> Added domain xxx S-1-5-21-1125475667-1308779437-1236795852
>>>> [2011/04/07 10:48:09.105264, 2]
>>>> winbindd/winbindd_util.c:221(add_trusted_domain)
>>>> Added domain WWW S-1-5-21-858964348-3275466132-3667905073
>>>> [2011/04/07 10:48:13.512247, 3]
>>>> winbindd/winbindd_cm.c:1633(connection_ok)
>>>> connection_ok: Connection to for domain CEABR is not connected
>>>> [2011/04/07 10:48:13.528483, 3]
>>>> libsmb/cliconnect.c:991(cli_session_setup_spnego)
>>>> Doing spnego session setup (blob length=115)
>>>> [2011/04/07 10:48:13.535011, 3]
>>>> libsmb/cliconnect.c:1020(cli_session_setup_spnego)
>>>> got OID=1.2.840.48018.1.2.2
>>>> got OID=1.2.840.113554.1.2.2
>>>> got OID=1.2.840.113554.1.2.2.3
>>>> got OID=1.3.6.1.4.1.311.2.2.10
>>>> [2011/04/07 10:48:13.535212, 3]
>>>> libsmb/cliconnect.c:1030(cli_session_setup_spnego)
>>>> got principal=ceaadbrp1$@XXX
>>>> [2011/04/07 10:48:13.567241, 2]
>>>> libsmb/cliconnect.c:795(cli_session_setup_kerberos)
>>>> Doing kerberos session setup
>>>> [2011/04/07 10:48:13.575172, 3]
>>>> libsmb/clikrb5.c:622(ads_cleanup_expired_creds)
>>>> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect]
>>>> expiration Thu, 07 Apr 2011 20:48:13 GMT-03:00
>>>> [2011/04/07 10:48:13.575364, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req)
>>>> ads_krb5_mk_req: server marked as OK to delegate to, building
>>>> forwardable TGT
>>>>
>>>> **********************
>>>> ceaulab1:/opt/pware64/var>cat log.wb-CEABR
>>>>
>>>> [2011/04/07 10:48:08.446242, 3]
>>>> winbindd/winbindd_cm.c:1633(connection_ok)
>>>> connection_ok: Connection to for domain CEABR is not connected
>>>> [2011/04/07 10:48:08.495255, 3]
>>>> libsmb/cliconnect.c:991(cli_session_setup_spnego)
>>>> Doing spnego session setup (blob length=115)
>>>> [2011/04/07 10:48:08.495545, 3]
>>>> libsmb/cliconnect.c:1020(cli_session_setup_spnego)
>>>> got OID=1.2.840.48018.1.2.2
>>>> got OID=1.2.840.113554.1.2.2
>>>> got OID=1.2.840.113554.1.2.2.3
>>>> got OID=1.3.6.1.4.1.311.2.2.10
>>>> [2011/04/07 10:48:08.495666, 3]
>>>> libsmb/cliconnect.c:1030(cli_session_setup_spnego)
>>>> got principal=ceaadbrp1$@xxxx
>>>> [2011/04/07 10:48:08.529939, 2]
>>>> libsmb/cliconnect.c:795(cli_session_setup_kerberos)
>>>> Doing kerberos session setup
>>>> [2011/04/07 10:48:08.538272, 3]
>>>> libsmb/clikrb5.c:622(ads_cleanup_expired_creds)
>>>> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect]
>>>> expiration Thu, 07 Apr 2011 20:48:08 GMT-03:00
>>>> [2011/04/07 10:48:08.538440, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req)
>>>> ads_krb5_mk_req: server marked as OK to delegate to, building
>>>> forwardable TGT
>>>> [2011/04/07 10:48:08.871177, 3]
>>>> winbindd/winbindd_ads.c:1206(sequence_number)
>>>> ads: fetch sequence_number for CEABR
>>>> [2011/04/07 10:48:08.871449, 3] libsmb/namequery.c:1880(get_dc_list)
>>>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *"
>>>> [2011/04/07 10:48:08.877761, 3] libads/ldap.c:634(ads_connect)
>>>> Successfully contacted LDAP server 10.16.1.203
>>>> [2011/04/07 10:48:08.877989, 3] libsmb/namequery.c:1880(get_dc_list)
>>>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *"
>>>> [2011/04/07 10:48:08.878252, 3] libsmb/namequery.c:1880(get_dc_list)
>>>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *"
>>>> [2011/04/07 10:48:08.943625, 3] libsmb/namequery.c:1880(get_dc_list)
>>>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *"
>>>> [2011/04/07 10:48:08.946330, 3] libads/ldap.c:634(ads_connect)
>>>> Successfully contacted LDAP server 10.x.x.x
>>>> [2011/04/07 10:48:08.946581, 3] libsmb/namequery.c:1880(get_dc_list)
>>>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *"
>>>> [2011/04/07 10:48:08.946852, 3] libsmb/namequery.c:1880(get_dc_list)
>>>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *"
>>>> [2011/04/07 10:48:09.004434, 3] libads/ldap.c:634(ads_connect)
>>>> Successfully contacted LDAP server 10.16.1.203
>>>> [2011/04/07 10:48:09.006830, 3] libads/ldap.c:688(ads_connect)
>>>> Connected to LDAP server ceaadbrp1.xxx
>>>> [2011/04/07 10:48:09.008109, 3]
>>>> libads/sasl.c:782(ads_sasl_spnego_bind)
>>>> ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
>>>> [2011/04/07 10:48:09.008190, 3]
>>>> libads/sasl.c:782(ads_sasl_spnego_bind)
>>>> ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
>>>> [2011/04/07 10:48:09.008267, 3]
>>>> libads/sasl.c:782(ads_sasl_spnego_bind)
>>>> ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
>>>> [2011/04/07 10:48:09.008343, 3]
>>>> libads/sasl.c:782(ads_sasl_spnego_bind)
>>>> ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
>>>> [2011/04/07 10:48:09.008418, 3]
>>>> libads/sasl.c:791(ads_sasl_spnego_bind)
>>>> ads_sasl_spnego_bind: got server principal name = ceaadbrp1$@xxx
>>>> [2011/04/07 10:48:09.008672, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req)
>>>> ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
>>>> found)
>>>> [2011/04/07 10:48:09.054672, 3]
>>>> libsmb/clikrb5.c:622(ads_cleanup_expired_creds)
>>>> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache]
>>>> expiration Thu, 07 Apr 2011 20:48:09 GMT-03:00
>>>> [2011/04/07 10:48:09.054867, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req)
>>>> ads_krb5_mk_req: server marked as OK to delegate to, building
>>>> forwardable TGT
>>>> [2011/04/07 10:48:09.074603, 3]
>>>> libsmb/ntlmssp.c:1101(ntlmssp_client_challenge)
>>>> Got challenge flags:
>>>> [2011/04/07 10:48:09.074743, 3]
>>>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>>> Got NTLMSSP neg_flags=0x62898235
>>>> [2011/04/07 10:48:09.074819, 3]
>>>> libsmb/ntlmssp.c:1123(ntlmssp_client_challenge)
>>>> NTLMSSP: Set final flags:
>>>> [2011/04/07 10:48:09.074888, 3]
>>>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>>> Got NTLMSSP neg_flags=0x60088235
>>>> [2011/04/07 10:48:09.075079, 3]
>>>> libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
>>>> NTLMSSP Sign/Seal - Initialising with flags:
>>>> [2011/04/07 10:48:09.075167, 3]
>>>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
>>>> Got NTLMSSP neg_flags=0x60088235
>>>> [2011/04/07 10:48:09.081098, 3]
>>>> winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains)
>>>> [6553754]: list trusted domains
>>>> [2011/04/07 10:48:09.081206, 3]
>>>> winbindd/winbindd_ads.c:1269(trusted_domains)
>>>> ads: trusted_domains
>>>> [2011/04/07 10:48:09.105515, 3]
>>>> winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains)
>>>> [6553754]: list trusted domains
>>>> [2011/04/07 10:48:09.105620, 3]
>>>> winbindd/winbindd_ads.c:1269(trusted_domains)
>>>> ads: trusted_domains
>>>> [2011/04/07 10:53:08.428859, 3]
>>>> winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains)
>>>> [6553754]: list trusted domains
>>>> [2011/04/07 10:53:08.429039, 3]
>>>> winbindd/winbindd_ads.c:1269(trusted_domains)
>>>> ads: trusted_domains
>>>>
>>>>
>>>> TKS
>>>>
>>>> Em 6 de abril de 2011 22:08, William E Jojo <w.jojo at hvcc.edu>
>>>> escreveu:
>>>> >
>>>> > ----- Original Message -----
>>>> >> From: "kleber povoação" <okleber at gmail.com>
>>>> >> To: samba at lists.samba.org
>>>> >> Sent: Wednesday, April 6, 2011 6:33:10 PM
>>>> >> Subject: [Samba] login into AIX using winbind
>>>> >> Can someone help me ?
>>>> >>
>>>> >> I can´t login at the AIX machine using an Active directory user.
>>>> >> ****************************
>>>> >> /etc/smb.conf
>>>> >>
>>>> >> [global]
>>>> >> security = ads
>>>> >> realm = XXXXXXXX
>>>> >> password server = *
>>>> >> workgroup = YYYYY
>>>> >> idmap uid = 10000-20000
>>>> >> idmap gid = 10000-20000
>>>> >> winbind use default domain = yes
>>>> >> log level = 3
>>>> >> template homedir = /home/%D/%U
>>>> >> template shell = /usr/bin/ksh
>>>> >> server string = %h server
>>>> >> winbind nested groups = Yes
>>>> >> winbind offline logon = true
>>>> >> interfaces = en3 lo0
>>>> >> bind interfaces only = yes
>>>> >> name resolve order = host wins bcast
>>>> >> lm announce = False
>>>> >> preferred master = False
>>>> >> keepalive = 30
>>>> >> auth methods = winbind
>>>> >> client use spnego = Yes
>>>> >> encrypt passwords = Yes
>>>> >> domain master = no
>>>> >> local master = no
>>>> >> preferred master = no
>>>> >> passdb backend = tdbsam
>>>> >> unix extensions = no
>>>> >> idmap config YYYYY : default = yes
>>>> >> idmap config YYYYY : backend = ad
>>>> >> idmap config YYYYY : range = 10000-20000
>>>> >> ********************************************
>>>> >> /usr/lib/security/methods.cfg
>>>> >>
>>>> >> WINBIND:
>>>> >> program = /usr/lib/security/WINBIND
>>>> >>
>>>> >> KRB5A:
>>>> >> program = /usr/lib/security/KRB5A
>>>> >> options = authonly
>>>> >> program_64 = /usr/lib/security/KRB5A_64
>>>> >>
>>>> >> KRB5Afiles:
>>>> >> options = db=BUILTIN,auth=KRB5A
>>>> >>
>>>> >> NIS:
>>>> >> program = /usr/lib/security/NIS
>>>> >> program_64 = /usr/lib/security/NIS_64
>>>> >>
>>>> >>
>>>> >> DCE:
>>>> >> program = /usr/lib/security/DCE
>>>> >>
>>>> >>
>>>> >> ***************************
>>>> >> /etc/security/user
>>>> >>
>>>> >> default:
>>>> >> admin = false
>>>> >> login = true
>>>> >> su = true
>>>> >> daemon = true
>>>> >> rlogin = true
>>>> >> sugroups = ALL
>>>> >> admgroups =
>>>> >> ttys = ALL
>>>> >> auth1 = SYSTEM
>>>> >> auth2 = NONE
>>>> >> tpath = nosak
>>>> >> umask = 22
>>>> >> expires = 0
>>>> >> SYSTEM = "WINBIND OR compat"
>>>> >> registry = WINBIND
>>>> >> logintimes =
>>>> >> pwdwarntime = 3
>>>> >> account_locked = false
>>>> >> loginretries = 5
>>>> >> histexpire = 48
>>>> >> histsize = 8
>>>> >> minage = 1
>>>> >> maxage = 0
>>>> >> maxexpired = -1
>>>> >> minalpha = 4
>>>> >> minother = 2
>>>> >> minlen = 8
>>>> >> mindiff = 3
>>>> >> maxrepeats = 8
>>>> >> dictionlist =
>>>> >> pwdchecks =
>>>> >> default_roles =
>>>> >> *************************
>>>> >> /etc/krb5.conf
>>>> >> [libdefaults]
>>>> >> default_realm = wwww
>>>> >> default_keytab_name = FILE:/etc/krb5/krb5.keytab
>>>> >> forwardable = true
>>>> >> clockskew = 300
>>>> >>
>>>> >> [realms]
>>>> >> BRASIL.LATAM.CEA = {
>>>> >> kdc = www:88
>>>> >> admin_server = www:749
>>>> >> default_domain = wwww
>>>> >> }
>>>> >>
>>>> >> [domain_realm]
>>>> >> .xxx.xx.xx = XXXX
>>>> >> xxx.xx.xx = XXXX
>>>> >>
>>>> >> [logging]
>>>> >> kdc = FILE:/var/krb5/log/krb5kdc.log
>>>> >> admin_server = FILE:/var/krb5/log/kadmin.log
>>>> >> kadmin_local = FILE:/var/krb5/log/kadmin_local.log
>>>> >> default = FILE:/var/krb5/log/krb5lib.log
>>>> >>
>>>> >> ******************
>>>> >> what´s works ?
>>>> >>
>>>> >>
>>>> >> lab1:/>wbinfo -i brab10_dbr
>>>> >> brab10_dbr:*:10000:10000:Anderson:/home/XXX/brab10_dbr:/usr/bin/ksh
>>>> >>
>>>> >> wbinfo -g
>>>> >>
>>>> >> net ads info
>>>> >>
>>>> >> klist
>>>> >> ***********************
>>>> >> what´s not work
>>>> >>
>>>> >> lab1:/>lsuser -R WINBIND ALL -> show no error but not return any
>>>> >> user.
>>>> >> lab1:/>
>>>> >>
>>>> >
>>>> > ALL has never worked. There is a timeout issue within AIX that I was
>>>> > never able to track down.
>>>> >
>>>> >
>>>> >> login with AD user at telnet or ssh or locally at console
>>>> >
>>>> >
>>>> > How are you logging in? Is the user fully-qualified? (Should not be
>>>> > necessary with winbind use default domain). Is there a home dir
>>>> > ready to receive them?
>>>> >
>>>> > Does "lsuser -R WINBIND username" return what you expect?
>>>> >
>>>> > Does chown allow you to specify an AD user?
>>>> >
>>>> > Anything in your log level 3 that may help?
>>>> >
>>>> >
>>>> > Cheers,
>>>> > Bill
>>>> >
>>>> >
>>>> >>
>>>> >> *******************
>>>> >>
>>>> >> tks all
>>>> >> --
>>>> >> To unsubscribe from this list go to the following URL and read the
>>>> >> instructions: https://lists.samba.org/mailman/options/samba
>>>> >
>>>
>>
>
More information about the samba
mailing list