----- Original Message ----- > From: "kleber povoação" <[email protected]> > To: [email protected] > Sent: Wednesday, April 6, 2011 6:33:10 PM > Subject: [Samba] login into AIX using winbind > Can someone help me ? > > I can´t login at the AIX machine using an Active directory user. > **************************** > /etc/smb.conf > > [global] > security = ads > realm = XXXXXXXX > password server = * > workgroup = YYYYY > idmap uid = 10000-20000 > idmap gid = 10000-20000 > winbind use default domain = yes > log level = 3 > template homedir = /home/%D/%U > template shell = /usr/bin/ksh > server string = %h server > winbind nested groups = Yes > winbind offline logon = true > interfaces = en3 lo0 > bind interfaces only = yes > name resolve order = host wins bcast > lm announce = False > preferred master = False > keepalive = 30 > auth methods = winbind > client use spnego = Yes > encrypt passwords = Yes > domain master = no > local master = no > preferred master = no > passdb backend = tdbsam > unix extensions = no > idmap config YYYYY : default = yes > idmap config YYYYY : backend = ad > idmap config YYYYY : range = 10000-20000 > ******************************************** > /usr/lib/security/methods.cfg > > WINBIND: > program = /usr/lib/security/WINBIND > > KRB5A: > program = /usr/lib/security/KRB5A > options = authonly > program_64 = /usr/lib/security/KRB5A_64 > > KRB5Afiles: > options = db=BUILTIN,auth=KRB5A > > NIS: > program = /usr/lib/security/NIS > program_64 = /usr/lib/security/NIS_64 > > > DCE: > program = /usr/lib/security/DCE > > > *************************** > /etc/security/user > > default: > admin = false > login = true > su = true > daemon = true > rlogin = true > sugroups = ALL > admgroups = > ttys = ALL > auth1 = SYSTEM > auth2 = NONE > tpath = nosak > umask = 22 > expires = 0 > SYSTEM = "WINBIND OR compat" > registry = WINBIND > logintimes = > pwdwarntime = 3 > account_locked = false > loginretries = 5 > histexpire = 48 > histsize = 8 > minage = 1 > maxage = 0 > maxexpired = -1 > minalpha = 4 > minother = 2 > minlen = 8 > mindiff = 3 > maxrepeats = 8 > dictionlist = > pwdchecks = > default_roles = > ************************* > /etc/krb5.conf > [libdefaults] > default_realm = wwww > default_keytab_name = FILE:/etc/krb5/krb5.keytab > forwardable = true > clockskew = 300 > > [realms] > BRASIL.LATAM.CEA = { > kdc = www:88 > admin_server = www:749 > default_domain = wwww > } > > [domain_realm] > .xxx.xx.xx = XXXX > xxx.xx.xx = XXXX > > [logging] > kdc = FILE:/var/krb5/log/krb5kdc.log > admin_server = FILE:/var/krb5/log/kadmin.log > kadmin_local = FILE:/var/krb5/log/kadmin_local.log > default = FILE:/var/krb5/log/krb5lib.log > > ****************** > what´s works ? > > > lab1:/>wbinfo -i brab10_dbr > brab10_dbr:*:10000:10000:Anderson:/home/XXX/brab10_dbr:/usr/bin/ksh > > wbinfo -g > > net ads info > > klist > *********************** > what´s not work > > lab1:/>lsuser -R WINBIND ALL -> show no error but not return any user. > lab1:/> >
ALL has never worked. There is a timeout issue within AIX that I was never able to track down. > login with AD user at telnet or ssh or locally at console How are you logging in? Is the user fully-qualified? (Should not be necessary with winbind use default domain). Is there a home dir ready to receive them? Does "lsuser -R WINBIND username" return what you expect? Does chown allow you to specify an AD user? Anything in your log level 3 that may help? Cheers, Bill > > ******************* > > tks all > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
