----- Original Message ----- > From: "kleber povoação" <[email protected]> > To: "William E Jojo" <[email protected]> > Cc: [email protected] > Sent: Thursday, April 7, 2011 10:05:22 AM > Subject: Re: [Samba] login into AIX using winbind > I´m trying log using just the username: brab10_dbr, without domain > CEABR at login. > ********** > ceaulab1:/opt/pware64/var>lslpp -l | grep pware > pware53-64.base.rte 5.3.0.0 COMMITTED 64-bit pWare base for 5.3 > pware53-64.bdb.rte 4.7.25.4 COMMITTED Berkeley DB 4.7.25 (64-bit) > pware53-64.cyrus-sasl.rte > pware53-64.gettext.rte 0.17.0.0 COMMITTED GNU gettext 0.17 (64-bit) > pware53-64.krb5.rte 1.8.3.0 COMMITTED MIT Kerberos 1.8.3 (64-bit) > pware53-64.libiconv.rte 1.13.1.0 COMMITTED GNU libiconv 1.13.1 > (64-bit) > pware53-64.ncurses.rte 5.7.0.1 COMMITTED ncurses 5.7.0.1 (64-bit) > pware53-64.openldap.rte 2.4.23.0 COMMITTED OpenLDAP 2.4.23 (64-bit) > pware53-64.openssl.rte 0.9.8.15 COMMITTED OpenSSL 0.9.8o (64-bit) > pware53-64.popt.rte 1.10.4.0 COMMITTED popt 1.10.4 (64-bit) > pware53-64.readline.rte 6.1.0.0 COMMITTED GNU readline 6.1 (64-bit) > pware53-64.samba.rte 3.5.6.0 COMMITTED Samba 3.5.6 (64-bit) > pware53-64.zlib.rte 1.2.4.0 COMMITTED zlib 1.2.4 (64-bit)
Thank you for using pWare. ;-) I would have expected the pware61.* to be running on AIX 6.1 Now that I know you are running the 64-bit stuff, you will need to change the methods.cfg: program_64 = /usr/lib/security/WINBIND_64 Only the 64-bit WINBIND is provided with pware53-64. Let me know how you get on. :-) Cheers, Bill > ******** > AIX 6100-06 > ******************** > ceaulab1:/>lsuser -R WINBIND brab10_dbr > 3004-687 User "brab10_dbr" does not exist. > > Do I need not to do a mkuser ok ? Because the user is at AD. > *************************** > ceaulab1:/tmp>touch file > ceaulab1:/tmp>chown brab10_dbr file > chown: 3002-131 brab10_dbr is an unknown username. > *********************** > ceaulab1:/opt/pware64/var>telnet localhost > Trying... > Connected to localhost. > Escape character is '^]'. > > > telnet (ceaulab1) > > > > Login: brab10_dbr > brab10_dbr's Password: > 3004-007 You entered an invalid login name or password. > login: > > ****************** > file /opt/pware64/var/log.winbind > > At the folowing file I noted one line "connection_ok: Connection to > for domain CEABR is not connected" -> CEABR is windows workgroup that > user brab10_db belong. > > ceaulab1:/opt/pware64/var>cat log.winbindd > [2011/04/07 10:48:01, 0] winbindd/winbindd.c:1105(main) > winbindd version 3.5.6 started. > Copyright Andrew Tridgell and the Samba Team 1992-2010 > [2011/04/07 10:48:01.968181, 2] > lib/tallocmsg.c:106(register_msg_pool_usage) > Registered MSG_REQ_POOL_USAGE > [2011/04/07 10:48:01.968302, 2] > lib/dmallocmsg.c:77(register_dmalloc_msgs) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > [2011/04/07 10:48:01.968399, 3] param/loadparm.c:9158(lp_load_ex) > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: rlimit_max (2000) below minimum Windows limit (16384) > [2011/04/07 10:48:01.968567, 3] ../lib/util/params.c:550(pm_process) > params.c:pm_process() - Processing configuration file > "/opt/pware64/lib/smb.conf" > [2011/04/07 10:48:01.968641, 3] param/loadparm.c:7842(do_section) > Processing section "[global]" > [2011/04/07 10:48:01.969161, 3] param/loadparm.c:6313(lp_add_ipc) > adding IPC service > [2011/04/07 10:48:01.976518, 2] lib/interface.c:340(add_interface) > added interface en3 ip=10.x.x.x bcast=10.x.x.255 netmask= > [2011/04/07 10:48:01.976670, 2] lib/interface.c:340(add_interface) > added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask= > [2011/04/07 10:48:01.976832, 2] lib/interface.c:340(add_interface) > added interface en3 ip=10.x.x.x bcast=10.x.x.255 netmask= > [2011/04/07 10:48:01.976912, 2] lib/interface.c:340(add_interface) > added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask= > [2011/04/07 10:48:04.035216, 1] > lib/tdb_validate.c:457(tdb_validate_and_backup) > tdb '/opt/pware64/var/locks/winbindd_cache.tdb' is valid > [2011/04/07 10:48:08.296102, 1] > lib/tdb_validate.c:467(tdb_validate_and_backup) > Created backup '/opt/pware64/var/locks/winbindd_cache.tdb.bak' of > tdb '/opt/pware64/var/locks/winbindd_cache.tdb' > [2011/04/07 10:48:08.375298, 2] > winbindd/winbindd_util.c:221(add_trusted_domain) > Added domain BUILTIN S-1-5-32 > [2011/04/07 10:48:08.375504, 2] > winbindd/winbindd_util.c:221(add_trusted_domain) > Added domain CEAULAB1 S-1-5-21-275589774-1111006802-1142404070 > [2011/04/07 10:48:08.375700, 2] > winbindd/winbindd_util.c:221(add_trusted_domain) > Added domain WW S-1-5-21-477278139-4163948897-2641029873 > [2011/04/07 10:48:09.095861, 2] > winbindd/winbindd_util.c:221(add_trusted_domain) > Added domain WWW S-1-5-21-4109860217-3884139575-1781413053 > [2011/04/07 10:48:09.096544, 2] > winbindd/winbindd_util.c:221(add_trusted_domain) > Added domain CW S-1-5-21-3224037681-1998144755-3803369224 > [2011/04/07 10:48:09.104932, 2] > winbindd/winbindd_util.c:221(add_trusted_domain) > Added domain xxx S-1-5-21-1125475667-1308779437-1236795852 > [2011/04/07 10:48:09.105264, 2] > winbindd/winbindd_util.c:221(add_trusted_domain) > Added domain WWW S-1-5-21-858964348-3275466132-3667905073 > [2011/04/07 10:48:13.512247, 3] > winbindd/winbindd_cm.c:1633(connection_ok) > connection_ok: Connection to for domain CEABR is not connected > [2011/04/07 10:48:13.528483, 3] > libsmb/cliconnect.c:991(cli_session_setup_spnego) > Doing spnego session setup (blob length=115) > [2011/04/07 10:48:13.535011, 3] > libsmb/cliconnect.c:1020(cli_session_setup_spnego) > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.2.840.113554.1.2.2.3 > got OID=1.3.6.1.4.1.311.2.2.10 > [2011/04/07 10:48:13.535212, 3] > libsmb/cliconnect.c:1030(cli_session_setup_spnego) > got principal=ceaadbrp1$@XXX > [2011/04/07 10:48:13.567241, 2] > libsmb/cliconnect.c:795(cli_session_setup_kerberos) > Doing kerberos session setup > [2011/04/07 10:48:13.575172, 3] > libsmb/clikrb5.c:622(ads_cleanup_expired_creds) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] > expiration Thu, 07 Apr 2011 20:48:13 GMT-03:00 > [2011/04/07 10:48:13.575364, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) > ads_krb5_mk_req: server marked as OK to delegate to, building > forwardable TGT > > ********************** > ceaulab1:/opt/pware64/var>cat log.wb-CEABR > > [2011/04/07 10:48:08.446242, 3] > winbindd/winbindd_cm.c:1633(connection_ok) > connection_ok: Connection to for domain CEABR is not connected > [2011/04/07 10:48:08.495255, 3] > libsmb/cliconnect.c:991(cli_session_setup_spnego) > Doing spnego session setup (blob length=115) > [2011/04/07 10:48:08.495545, 3] > libsmb/cliconnect.c:1020(cli_session_setup_spnego) > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.2.840.113554.1.2.2.3 > got OID=1.3.6.1.4.1.311.2.2.10 > [2011/04/07 10:48:08.495666, 3] > libsmb/cliconnect.c:1030(cli_session_setup_spnego) > got principal=ceaadbrp1$@xxxx > [2011/04/07 10:48:08.529939, 2] > libsmb/cliconnect.c:795(cli_session_setup_kerberos) > Doing kerberos session setup > [2011/04/07 10:48:08.538272, 3] > libsmb/clikrb5.c:622(ads_cleanup_expired_creds) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] > expiration Thu, 07 Apr 2011 20:48:08 GMT-03:00 > [2011/04/07 10:48:08.538440, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) > ads_krb5_mk_req: server marked as OK to delegate to, building > forwardable TGT > [2011/04/07 10:48:08.871177, 3] > winbindd/winbindd_ads.c:1206(sequence_number) > ads: fetch sequence_number for CEABR > [2011/04/07 10:48:08.871449, 3] libsmb/namequery.c:1880(get_dc_list) > get_dc_list: preferred server list: "ceaadbrp1.xxx, *" > [2011/04/07 10:48:08.877761, 3] libads/ldap.c:634(ads_connect) > Successfully contacted LDAP server 10.16.1.203 > [2011/04/07 10:48:08.877989, 3] libsmb/namequery.c:1880(get_dc_list) > get_dc_list: preferred server list: "ceaadbrp1.xxx, *" > [2011/04/07 10:48:08.878252, 3] libsmb/namequery.c:1880(get_dc_list) > get_dc_list: preferred server list: "ceaadbrp1.xxx, *" > [2011/04/07 10:48:08.943625, 3] libsmb/namequery.c:1880(get_dc_list) > get_dc_list: preferred server list: "ceaadbrp1.xxx, *" > [2011/04/07 10:48:08.946330, 3] libads/ldap.c:634(ads_connect) > Successfully contacted LDAP server 10.x.x.x > [2011/04/07 10:48:08.946581, 3] libsmb/namequery.c:1880(get_dc_list) > get_dc_list: preferred server list: "ceaadbrp1.xxx, *" > [2011/04/07 10:48:08.946852, 3] libsmb/namequery.c:1880(get_dc_list) > get_dc_list: preferred server list: "ceaadbrp1.xxx, *" > [2011/04/07 10:48:09.004434, 3] libads/ldap.c:634(ads_connect) > Successfully contacted LDAP server 10.16.1.203 > [2011/04/07 10:48:09.006830, 3] libads/ldap.c:688(ads_connect) > Connected to LDAP server ceaadbrp1.xxx > [2011/04/07 10:48:09.008109, 3] > libads/sasl.c:782(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 > [2011/04/07 10:48:09.008190, 3] > libads/sasl.c:782(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 > [2011/04/07 10:48:09.008267, 3] > libads/sasl.c:782(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 > [2011/04/07 10:48:09.008343, 3] > libads/sasl.c:782(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 > [2011/04/07 10:48:09.008418, 3] > libads/sasl.c:791(ads_sasl_spnego_bind) > ads_sasl_spnego_bind: got server principal name = ceaadbrp1$@xxx > [2011/04/07 10:48:09.008672, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req) > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache > found) > [2011/04/07 10:48:09.054672, 3] > libsmb/clikrb5.c:622(ads_cleanup_expired_creds) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] > expiration Thu, 07 Apr 2011 20:48:09 GMT-03:00 > [2011/04/07 10:48:09.054867, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) > ads_krb5_mk_req: server marked as OK to delegate to, building > forwardable TGT > [2011/04/07 10:48:09.074603, 3] > libsmb/ntlmssp.c:1101(ntlmssp_client_challenge) > Got challenge flags: > [2011/04/07 10:48:09.074743, 3] > libsmb/ntlmssp.c:65(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x62898235 > [2011/04/07 10:48:09.074819, 3] > libsmb/ntlmssp.c:1123(ntlmssp_client_challenge) > NTLMSSP: Set final flags: > [2011/04/07 10:48:09.074888, 3] > libsmb/ntlmssp.c:65(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x60088235 > [2011/04/07 10:48:09.075079, 3] > libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) > NTLMSSP Sign/Seal - Initialising with flags: > [2011/04/07 10:48:09.075167, 3] > libsmb/ntlmssp.c:65(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0x60088235 > [2011/04/07 10:48:09.081098, 3] > winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) > [6553754]: list trusted domains > [2011/04/07 10:48:09.081206, 3] > winbindd/winbindd_ads.c:1269(trusted_domains) > ads: trusted_domains > [2011/04/07 10:48:09.105515, 3] > winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) > [6553754]: list trusted domains > [2011/04/07 10:48:09.105620, 3] > winbindd/winbindd_ads.c:1269(trusted_domains) > ads: trusted_domains > [2011/04/07 10:53:08.428859, 3] > winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) > [6553754]: list trusted domains > [2011/04/07 10:53:08.429039, 3] > winbindd/winbindd_ads.c:1269(trusted_domains) > ads: trusted_domains > > > TKS > > Em 6 de abril de 2011 22:08, William E Jojo <[email protected]> > escreveu: > > > > ----- Original Message ----- > >> From: "kleber povoação" <[email protected]> > >> To: [email protected] > >> Sent: Wednesday, April 6, 2011 6:33:10 PM > >> Subject: [Samba] login into AIX using winbind > >> Can someone help me ? > >> > >> I can´t login at the AIX machine using an Active directory user. > >> **************************** > >> /etc/smb.conf > >> > >> [global] > >> security = ads > >> realm = XXXXXXXX > >> password server = * > >> workgroup = YYYYY > >> idmap uid = 10000-20000 > >> idmap gid = 10000-20000 > >> winbind use default domain = yes > >> log level = 3 > >> template homedir = /home/%D/%U > >> template shell = /usr/bin/ksh > >> server string = %h server > >> winbind nested groups = Yes > >> winbind offline logon = true > >> interfaces = en3 lo0 > >> bind interfaces only = yes > >> name resolve order = host wins bcast > >> lm announce = False > >> preferred master = False > >> keepalive = 30 > >> auth methods = winbind > >> client use spnego = Yes > >> encrypt passwords = Yes > >> domain master = no > >> local master = no > >> preferred master = no > >> passdb backend = tdbsam > >> unix extensions = no > >> idmap config YYYYY : default = yes > >> idmap config YYYYY : backend = ad > >> idmap config YYYYY : range = 10000-20000 > >> ******************************************** > >> /usr/lib/security/methods.cfg > >> > >> WINBIND: > >> program = /usr/lib/security/WINBIND > >> > >> KRB5A: > >> program = /usr/lib/security/KRB5A > >> options = authonly > >> program_64 = /usr/lib/security/KRB5A_64 > >> > >> KRB5Afiles: > >> options = db=BUILTIN,auth=KRB5A > >> > >> NIS: > >> program = /usr/lib/security/NIS > >> program_64 = /usr/lib/security/NIS_64 > >> > >> > >> DCE: > >> program = /usr/lib/security/DCE > >> > >> > >> *************************** > >> /etc/security/user > >> > >> default: > >> admin = false > >> login = true > >> su = true > >> daemon = true > >> rlogin = true > >> sugroups = ALL > >> admgroups = > >> ttys = ALL > >> auth1 = SYSTEM > >> auth2 = NONE > >> tpath = nosak > >> umask = 22 > >> expires = 0 > >> SYSTEM = "WINBIND OR compat" > >> registry = WINBIND > >> logintimes = > >> pwdwarntime = 3 > >> account_locked = false > >> loginretries = 5 > >> histexpire = 48 > >> histsize = 8 > >> minage = 1 > >> maxage = 0 > >> maxexpired = -1 > >> minalpha = 4 > >> minother = 2 > >> minlen = 8 > >> mindiff = 3 > >> maxrepeats = 8 > >> dictionlist = > >> pwdchecks = > >> default_roles = > >> ************************* > >> /etc/krb5.conf > >> [libdefaults] > >> default_realm = wwww > >> default_keytab_name = FILE:/etc/krb5/krb5.keytab > >> forwardable = true > >> clockskew = 300 > >> > >> [realms] > >> BRASIL.LATAM.CEA = { > >> kdc = www:88 > >> admin_server = www:749 > >> default_domain = wwww > >> } > >> > >> [domain_realm] > >> .xxx.xx.xx = XXXX > >> xxx.xx.xx = XXXX > >> > >> [logging] > >> kdc = FILE:/var/krb5/log/krb5kdc.log > >> admin_server = FILE:/var/krb5/log/kadmin.log > >> kadmin_local = FILE:/var/krb5/log/kadmin_local.log > >> default = FILE:/var/krb5/log/krb5lib.log > >> > >> ****************** > >> what´s works ? > >> > >> > >> lab1:/>wbinfo -i brab10_dbr > >> brab10_dbr:*:10000:10000:Anderson:/home/XXX/brab10_dbr:/usr/bin/ksh > >> > >> wbinfo -g > >> > >> net ads info > >> > >> klist > >> *********************** > >> what´s not work > >> > >> lab1:/>lsuser -R WINBIND ALL -> show no error but not return any > >> user. > >> lab1:/> > >> > > > > ALL has never worked. There is a timeout issue within AIX that I was > > never able to track down. > > > > > >> login with AD user at telnet or ssh or locally at console > > > > > > How are you logging in? Is the user fully-qualified? (Should not be > > necessary with winbind use default domain). Is there a home dir > > ready to receive them? > > > > Does "lsuser -R WINBIND username" return what you expect? > > > > Does chown allow you to specify an AD user? > > > > Anything in your log level 3 that may help? > > > > > > Cheers, > > Bill > > > > > >> > >> ******************* > >> > >> tks all > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
