I´m trying log using just the username: brab10_dbr, without domain CEABR at login. ********** ceaulab1:/opt/pware64/var>lslpp -l | grep pware pware53-64.base.rte 5.3.0.0 COMMITTED 64-bit pWare base for 5.3 pware53-64.bdb.rte 4.7.25.4 COMMITTED Berkeley DB 4.7.25 (64-bit) pware53-64.cyrus-sasl.rte pware53-64.gettext.rte 0.17.0.0 COMMITTED GNU gettext 0.17 (64-bit) pware53-64.krb5.rte 1.8.3.0 COMMITTED MIT Kerberos 1.8.3 (64-bit) pware53-64.libiconv.rte 1.13.1.0 COMMITTED GNU libiconv 1.13.1 (64-bit) pware53-64.ncurses.rte 5.7.0.1 COMMITTED ncurses 5.7.0.1 (64-bit) pware53-64.openldap.rte 2.4.23.0 COMMITTED OpenLDAP 2.4.23 (64-bit) pware53-64.openssl.rte 0.9.8.15 COMMITTED OpenSSL 0.9.8o (64-bit) pware53-64.popt.rte 1.10.4.0 COMMITTED popt 1.10.4 (64-bit) pware53-64.readline.rte 6.1.0.0 COMMITTED GNU readline 6.1 (64-bit) pware53-64.samba.rte 3.5.6.0 COMMITTED Samba 3.5.6 (64-bit) pware53-64.zlib.rte 1.2.4.0 COMMITTED zlib 1.2.4 (64-bit) ******** AIX 6100-06 ******************** ceaulab1:/>lsuser -R WINBIND brab10_dbr 3004-687 User "brab10_dbr" does not exist.
Do I need not to do a mkuser ok ? Because the user is at AD. *************************** ceaulab1:/tmp>touch file ceaulab1:/tmp>chown brab10_dbr file chown: 3002-131 brab10_dbr is an unknown username. *********************** ceaulab1:/opt/pware64/var>telnet localhost Trying... Connected to localhost. Escape character is '^]'. telnet (ceaulab1) Login: brab10_dbr brab10_dbr's Password: 3004-007 You entered an invalid login name or password. login: ****************** file /opt/pware64/var/log.winbind At the folowing file I noted one line "connection_ok: Connection to for domain CEABR is not connected" -> CEABR is windows workgroup that user brab10_db belong. ceaulab1:/opt/pware64/var>cat log.winbindd [2011/04/07 10:48:01, 0] winbindd/winbindd.c:1105(main) winbindd version 3.5.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [2011/04/07 10:48:01.968181, 2] lib/tallocmsg.c:106(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2011/04/07 10:48:01.968302, 2] lib/dmallocmsg.c:77(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2011/04/07 10:48:01.968399, 3] param/loadparm.c:9158(lp_load_ex) lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: rlimit_max (2000) below minimum Windows limit (16384) [2011/04/07 10:48:01.968567, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/opt/pware64/lib/smb.conf" [2011/04/07 10:48:01.968641, 3] param/loadparm.c:7842(do_section) Processing section "[global]" [2011/04/07 10:48:01.969161, 3] param/loadparm.c:6313(lp_add_ipc) adding IPC service [2011/04/07 10:48:01.976518, 2] lib/interface.c:340(add_interface) added interface en3 ip=10.x.x.x bcast=10.x.x.255 netmask= [2011/04/07 10:48:01.976670, 2] lib/interface.c:340(add_interface) added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask= [2011/04/07 10:48:01.976832, 2] lib/interface.c:340(add_interface) added interface en3 ip=10.x.x.x bcast=10.x.x.255 netmask= [2011/04/07 10:48:01.976912, 2] lib/interface.c:340(add_interface) added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask= [2011/04/07 10:48:04.035216, 1] lib/tdb_validate.c:457(tdb_validate_and_backup) tdb '/opt/pware64/var/locks/winbindd_cache.tdb' is valid [2011/04/07 10:48:08.296102, 1] lib/tdb_validate.c:467(tdb_validate_and_backup) Created backup '/opt/pware64/var/locks/winbindd_cache.tdb.bak' of tdb '/opt/pware64/var/locks/winbindd_cache.tdb' [2011/04/07 10:48:08.375298, 2] winbindd/winbindd_util.c:221(add_trusted_domain) Added domain BUILTIN S-1-5-32 [2011/04/07 10:48:08.375504, 2] winbindd/winbindd_util.c:221(add_trusted_domain) Added domain CEAULAB1 S-1-5-21-275589774-1111006802-1142404070 [2011/04/07 10:48:08.375700, 2] winbindd/winbindd_util.c:221(add_trusted_domain) Added domain WW S-1-5-21-477278139-4163948897-2641029873 [2011/04/07 10:48:09.095861, 2] winbindd/winbindd_util.c:221(add_trusted_domain) Added domain WWW S-1-5-21-4109860217-3884139575-1781413053 [2011/04/07 10:48:09.096544, 2] winbindd/winbindd_util.c:221(add_trusted_domain) Added domain CW S-1-5-21-3224037681-1998144755-3803369224 [2011/04/07 10:48:09.104932, 2] winbindd/winbindd_util.c:221(add_trusted_domain) Added domain xxx S-1-5-21-1125475667-1308779437-1236795852 [2011/04/07 10:48:09.105264, 2] winbindd/winbindd_util.c:221(add_trusted_domain) Added domain WWW S-1-5-21-858964348-3275466132-3667905073 [2011/04/07 10:48:13.512247, 3] winbindd/winbindd_cm.c:1633(connection_ok) connection_ok: Connection to for domain CEABR is not connected [2011/04/07 10:48:13.528483, 3] libsmb/cliconnect.c:991(cli_session_setup_spnego) Doing spnego session setup (blob length=115) [2011/04/07 10:48:13.535011, 3] libsmb/cliconnect.c:1020(cli_session_setup_spnego) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 [2011/04/07 10:48:13.535212, 3] libsmb/cliconnect.c:1030(cli_session_setup_spnego) got principal=ceaadbrp1$@XXX [2011/04/07 10:48:13.567241, 2] libsmb/cliconnect.c:795(cli_session_setup_kerberos) Doing kerberos session setup [2011/04/07 10:48:13.575172, 3] libsmb/clikrb5.c:622(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Thu, 07 Apr 2011 20:48:13 GMT-03:00 [2011/04/07 10:48:13.575364, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT ********************** ceaulab1:/opt/pware64/var>cat log.wb-CEABR [2011/04/07 10:48:08.446242, 3] winbindd/winbindd_cm.c:1633(connection_ok) connection_ok: Connection to for domain CEABR is not connected [2011/04/07 10:48:08.495255, 3] libsmb/cliconnect.c:991(cli_session_setup_spnego) Doing spnego session setup (blob length=115) [2011/04/07 10:48:08.495545, 3] libsmb/cliconnect.c:1020(cli_session_setup_spnego) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 [2011/04/07 10:48:08.495666, 3] libsmb/cliconnect.c:1030(cli_session_setup_spnego) got principal=ceaadbrp1$@xxxx [2011/04/07 10:48:08.529939, 2] libsmb/cliconnect.c:795(cli_session_setup_kerberos) Doing kerberos session setup [2011/04/07 10:48:08.538272, 3] libsmb/clikrb5.c:622(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Thu, 07 Apr 2011 20:48:08 GMT-03:00 [2011/04/07 10:48:08.538440, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2011/04/07 10:48:08.871177, 3] winbindd/winbindd_ads.c:1206(sequence_number) ads: fetch sequence_number for CEABR [2011/04/07 10:48:08.871449, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "ceaadbrp1.xxx, *" [2011/04/07 10:48:08.877761, 3] libads/ldap.c:634(ads_connect) Successfully contacted LDAP server 10.16.1.203 [2011/04/07 10:48:08.877989, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "ceaadbrp1.xxx, *" [2011/04/07 10:48:08.878252, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "ceaadbrp1.xxx, *" [2011/04/07 10:48:08.943625, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "ceaadbrp1.xxx, *" [2011/04/07 10:48:08.946330, 3] libads/ldap.c:634(ads_connect) Successfully contacted LDAP server 10.x.x.x [2011/04/07 10:48:08.946581, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "ceaadbrp1.xxx, *" [2011/04/07 10:48:08.946852, 3] libsmb/namequery.c:1880(get_dc_list) get_dc_list: preferred server list: "ceaadbrp1.xxx, *" [2011/04/07 10:48:09.004434, 3] libads/ldap.c:634(ads_connect) Successfully contacted LDAP server 10.16.1.203 [2011/04/07 10:48:09.006830, 3] libads/ldap.c:688(ads_connect) Connected to LDAP server ceaadbrp1.xxx [2011/04/07 10:48:09.008109, 3] libads/sasl.c:782(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2011/04/07 10:48:09.008190, 3] libads/sasl.c:782(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2011/04/07 10:48:09.008267, 3] libads/sasl.c:782(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2011/04/07 10:48:09.008343, 3] libads/sasl.c:782(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2011/04/07 10:48:09.008418, 3] libads/sasl.c:791(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = ceaadbrp1$@xxx [2011/04/07 10:48:09.008672, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2011/04/07 10:48:09.054672, 3] libsmb/clikrb5.c:622(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Thu, 07 Apr 2011 20:48:09 GMT-03:00 [2011/04/07 10:48:09.054867, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2011/04/07 10:48:09.074603, 3] libsmb/ntlmssp.c:1101(ntlmssp_client_challenge) Got challenge flags: [2011/04/07 10:48:09.074743, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62898235 [2011/04/07 10:48:09.074819, 3] libsmb/ntlmssp.c:1123(ntlmssp_client_challenge) NTLMSSP: Set final flags: [2011/04/07 10:48:09.074888, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088235 [2011/04/07 10:48:09.075079, 3] libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2011/04/07 10:48:09.075167, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088235 [2011/04/07 10:48:09.081098, 3] winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) [6553754]: list trusted domains [2011/04/07 10:48:09.081206, 3] winbindd/winbindd_ads.c:1269(trusted_domains) ads: trusted_domains [2011/04/07 10:48:09.105515, 3] winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) [6553754]: list trusted domains [2011/04/07 10:48:09.105620, 3] winbindd/winbindd_ads.c:1269(trusted_domains) ads: trusted_domains [2011/04/07 10:53:08.428859, 3] winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) [6553754]: list trusted domains [2011/04/07 10:53:08.429039, 3] winbindd/winbindd_ads.c:1269(trusted_domains) ads: trusted_domains TKS Em 6 de abril de 2011 22:08, William E Jojo <[email protected]> escreveu: > > ----- Original Message ----- >> From: "kleber povoação" <[email protected]> >> To: [email protected] >> Sent: Wednesday, April 6, 2011 6:33:10 PM >> Subject: [Samba] login into AIX using winbind >> Can someone help me ? >> >> I can´t login at the AIX machine using an Active directory user. >> **************************** >> /etc/smb.conf >> >> [global] >> security = ads >> realm = XXXXXXXX >> password server = * >> workgroup = YYYYY >> idmap uid = 10000-20000 >> idmap gid = 10000-20000 >> winbind use default domain = yes >> log level = 3 >> template homedir = /home/%D/%U >> template shell = /usr/bin/ksh >> server string = %h server >> winbind nested groups = Yes >> winbind offline logon = true >> interfaces = en3 lo0 >> bind interfaces only = yes >> name resolve order = host wins bcast >> lm announce = False >> preferred master = False >> keepalive = 30 >> auth methods = winbind >> client use spnego = Yes >> encrypt passwords = Yes >> domain master = no >> local master = no >> preferred master = no >> passdb backend = tdbsam >> unix extensions = no >> idmap config YYYYY : default = yes >> idmap config YYYYY : backend = ad >> idmap config YYYYY : range = 10000-20000 >> ******************************************** >> /usr/lib/security/methods.cfg >> >> WINBIND: >> program = /usr/lib/security/WINBIND >> >> KRB5A: >> program = /usr/lib/security/KRB5A >> options = authonly >> program_64 = /usr/lib/security/KRB5A_64 >> >> KRB5Afiles: >> options = db=BUILTIN,auth=KRB5A >> >> NIS: >> program = /usr/lib/security/NIS >> program_64 = /usr/lib/security/NIS_64 >> >> >> DCE: >> program = /usr/lib/security/DCE >> >> >> *************************** >> /etc/security/user >> >> default: >> admin = false >> login = true >> su = true >> daemon = true >> rlogin = true >> sugroups = ALL >> admgroups = >> ttys = ALL >> auth1 = SYSTEM >> auth2 = NONE >> tpath = nosak >> umask = 22 >> expires = 0 >> SYSTEM = "WINBIND OR compat" >> registry = WINBIND >> logintimes = >> pwdwarntime = 3 >> account_locked = false >> loginretries = 5 >> histexpire = 48 >> histsize = 8 >> minage = 1 >> maxage = 0 >> maxexpired = -1 >> minalpha = 4 >> minother = 2 >> minlen = 8 >> mindiff = 3 >> maxrepeats = 8 >> dictionlist = >> pwdchecks = >> default_roles = >> ************************* >> /etc/krb5.conf >> [libdefaults] >> default_realm = wwww >> default_keytab_name = FILE:/etc/krb5/krb5.keytab >> forwardable = true >> clockskew = 300 >> >> [realms] >> BRASIL.LATAM.CEA = { >> kdc = www:88 >> admin_server = www:749 >> default_domain = wwww >> } >> >> [domain_realm] >> .xxx.xx.xx = XXXX >> xxx.xx.xx = XXXX >> >> [logging] >> kdc = FILE:/var/krb5/log/krb5kdc.log >> admin_server = FILE:/var/krb5/log/kadmin.log >> kadmin_local = FILE:/var/krb5/log/kadmin_local.log >> default = FILE:/var/krb5/log/krb5lib.log >> >> ****************** >> what´s works ? >> >> >> lab1:/>wbinfo -i brab10_dbr >> brab10_dbr:*:10000:10000:Anderson:/home/XXX/brab10_dbr:/usr/bin/ksh >> >> wbinfo -g >> >> net ads info >> >> klist >> *********************** >> what´s not work >> >> lab1:/>lsuser -R WINBIND ALL -> show no error but not return any user. >> lab1:/> >> > > ALL has never worked. There is a timeout issue within AIX that I was never > able to track down. > > >> login with AD user at telnet or ssh or locally at console > > > How are you logging in? Is the user fully-qualified? (Should not be necessary > with winbind use default domain). Is there a home dir ready to receive them? > > Does "lsuser -R WINBIND username" return what you expect? > > Does chown allow you to specify an AD user? > > Anything in your log level 3 that may help? > > > Cheers, > Bill > > >> >> ******************* >> >> tks all >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
