I tried now ceaulab1:/opt/pware/var>wbinfo -i brab10_dbr Could not get info for user brab10_dbr
before worked, after changed version not. I got this error at logs but just once after running wbinfo -i brab10_dbr ceaulab1:/opt/pware/var>cat log.winbindd-idmap [2011/04/07 17:29:57.299640, 1] winbindd/idmap_ad.c:651(idmap_ad_sids_to_unixids) Could not get unix ID Em 7 de abril de 2011 17:25, kleber povoação <[email protected]> escreveu: > I didn´t find WINBIND_64 so I changed the versions: > > pware61.base.rte 6.1.0.0 COMMITTED pWare base for 6.1 > pware61.bdb.rte 4.7.25.4 COMMITTED Oracle Berkeley DB 4.7.25 > pware61.cyrus-sasl.rte 2.1.23.0 COMMITTED Cyrus SASL 2.1.23 > pware61.gettext.rte 0.18.1.1 COMMITTED GNU gettext 0.18.1.1 > pware61.krb5.rte 1.8.3.0 COMMITTED MIT Kerberos 1.8.3 > pware61.libiconv.rte 1.13.1.0 COMMITTED GNU libiconv 1.13.1 > pware61.ncurses.rte 5.7.0.0 COMMITTED ncurses 5.7 > pware61.openldap.rte 2.4.23.0 COMMITTED OpenLDAP 2.4.23 > pware61.openssl.rte 0.9.8.15 COMMITTED OpenSSL 0.9.8o > pware61.popt.rte 1.16.0.0 COMMITTED popt 1.16 > pware61.readline.rte 6.1.2.0 COMMITTED GNU readline 6.1 > pware61.samba.rte 3.5.6.0 COMMITTED Samba 3.5.6 > pware61.zlib.rte 1.2.5.0 COMMITTED zlib 1.2.5 > > again this file( WINBIND_64) not exist > > ceaulab1:/opt/pware>find . -name *WINB* > ./lib/security/WINBIND > ceaulab1:/opt/pware> > > I just added one line at methods.cfg > > WINBIND: > program = /usr/lib/security/WINBIND > program_64 = /usr/lib/security/WINBIND > > and tried > > WINBIND: > program_64 = /usr/lib/security/WINBIND > > I just copied it from /opt/pware/lib/security/WINBIND to /usr/lib/security > > I´m at the same. Any idea ? > > > Em 7 de abril de 2011 12:02, William E Jojo <[email protected]> escreveu: >> >> >> ----- Original Message ----- >>> From: "kleber povoação" <[email protected]> >>> To: "William E Jojo" <[email protected]> >>> Cc: [email protected] >>> Sent: Thursday, April 7, 2011 10:05:22 AM >>> Subject: Re: [Samba] login into AIX using winbind >>> I´m trying log using just the username: brab10_dbr, without domain >>> CEABR at login. >>> ********** >>> ceaulab1:/opt/pware64/var>lslpp -l | grep pware >>> pware53-64.base.rte 5.3.0.0 COMMITTED 64-bit pWare base for 5.3 >>> pware53-64.bdb.rte 4.7.25.4 COMMITTED Berkeley DB 4.7.25 (64-bit) >>> pware53-64.cyrus-sasl.rte >>> pware53-64.gettext.rte 0.17.0.0 COMMITTED GNU gettext 0.17 (64-bit) >>> pware53-64.krb5.rte 1.8.3.0 COMMITTED MIT Kerberos 1.8.3 (64-bit) >>> pware53-64.libiconv.rte 1.13.1.0 COMMITTED GNU libiconv 1.13.1 >>> (64-bit) >>> pware53-64.ncurses.rte 5.7.0.1 COMMITTED ncurses 5.7.0.1 (64-bit) >>> pware53-64.openldap.rte 2.4.23.0 COMMITTED OpenLDAP 2.4.23 (64-bit) >>> pware53-64.openssl.rte 0.9.8.15 COMMITTED OpenSSL 0.9.8o (64-bit) >>> pware53-64.popt.rte 1.10.4.0 COMMITTED popt 1.10.4 (64-bit) >>> pware53-64.readline.rte 6.1.0.0 COMMITTED GNU readline 6.1 (64-bit) >>> pware53-64.samba.rte 3.5.6.0 COMMITTED Samba 3.5.6 (64-bit) >>> pware53-64.zlib.rte 1.2.4.0 COMMITTED zlib 1.2.4 (64-bit) >> >> Thank you for using pWare. ;-) >> >> I would have expected the pware61.* to be running on AIX 6.1 >> >> Now that I know you are running the 64-bit stuff, you will need to change >> the methods.cfg: >> >> program_64 = /usr/lib/security/WINBIND_64 >> >> >> Only the 64-bit WINBIND is provided with pware53-64. >> >> >> Let me know how you get on. :-) >> >> >> Cheers, >> Bill >> >> >>> ******** >>> AIX 6100-06 >>> ******************** >>> ceaulab1:/>lsuser -R WINBIND brab10_dbr >>> 3004-687 User "brab10_dbr" does not exist. >>> >>> Do I need not to do a mkuser ok ? Because the user is at AD. >>> *************************** >>> ceaulab1:/tmp>touch file >>> ceaulab1:/tmp>chown brab10_dbr file >>> chown: 3002-131 brab10_dbr is an unknown username. >>> *********************** >>> ceaulab1:/opt/pware64/var>telnet localhost >>> Trying... >>> Connected to localhost. >>> Escape character is '^]'. >>> >>> >>> telnet (ceaulab1) >>> >>> >>> >>> Login: brab10_dbr >>> brab10_dbr's Password: >>> 3004-007 You entered an invalid login name or password. >>> login: >>> >>> ****************** >>> file /opt/pware64/var/log.winbind >>> >>> At the folowing file I noted one line "connection_ok: Connection to >>> for domain CEABR is not connected" -> CEABR is windows workgroup that >>> user brab10_db belong. >>> >>> ceaulab1:/opt/pware64/var>cat log.winbindd >>> [2011/04/07 10:48:01, 0] winbindd/winbindd.c:1105(main) >>> winbindd version 3.5.6 started. >>> Copyright Andrew Tridgell and the Samba Team 1992-2010 >>> [2011/04/07 10:48:01.968181, 2] >>> lib/tallocmsg.c:106(register_msg_pool_usage) >>> Registered MSG_REQ_POOL_USAGE >>> [2011/04/07 10:48:01.968302, 2] >>> lib/dmallocmsg.c:77(register_dmalloc_msgs) >>> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >>> [2011/04/07 10:48:01.968399, 3] param/loadparm.c:9158(lp_load_ex) >>> lp_load_ex: refreshing parameters >>> Initialising global parameters >>> rlimit_max: rlimit_max (2000) below minimum Windows limit (16384) >>> [2011/04/07 10:48:01.968567, 3] ../lib/util/params.c:550(pm_process) >>> params.c:pm_process() - Processing configuration file >>> "/opt/pware64/lib/smb.conf" >>> [2011/04/07 10:48:01.968641, 3] param/loadparm.c:7842(do_section) >>> Processing section "[global]" >>> [2011/04/07 10:48:01.969161, 3] param/loadparm.c:6313(lp_add_ipc) >>> adding IPC service >>> [2011/04/07 10:48:01.976518, 2] lib/interface.c:340(add_interface) >>> added interface en3 ip=10.x.x.x bcast=10.x.x.255 netmask= >>> [2011/04/07 10:48:01.976670, 2] lib/interface.c:340(add_interface) >>> added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask= >>> [2011/04/07 10:48:01.976832, 2] lib/interface.c:340(add_interface) >>> added interface en3 ip=10.x.x.x bcast=10.x.x.255 netmask= >>> [2011/04/07 10:48:01.976912, 2] lib/interface.c:340(add_interface) >>> added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask= >>> [2011/04/07 10:48:04.035216, 1] >>> lib/tdb_validate.c:457(tdb_validate_and_backup) >>> tdb '/opt/pware64/var/locks/winbindd_cache.tdb' is valid >>> [2011/04/07 10:48:08.296102, 1] >>> lib/tdb_validate.c:467(tdb_validate_and_backup) >>> Created backup '/opt/pware64/var/locks/winbindd_cache.tdb.bak' of >>> tdb '/opt/pware64/var/locks/winbindd_cache.tdb' >>> [2011/04/07 10:48:08.375298, 2] >>> winbindd/winbindd_util.c:221(add_trusted_domain) >>> Added domain BUILTIN S-1-5-32 >>> [2011/04/07 10:48:08.375504, 2] >>> winbindd/winbindd_util.c:221(add_trusted_domain) >>> Added domain CEAULAB1 S-1-5-21-275589774-1111006802-1142404070 >>> [2011/04/07 10:48:08.375700, 2] >>> winbindd/winbindd_util.c:221(add_trusted_domain) >>> Added domain WW S-1-5-21-477278139-4163948897-2641029873 >>> [2011/04/07 10:48:09.095861, 2] >>> winbindd/winbindd_util.c:221(add_trusted_domain) >>> Added domain WWW S-1-5-21-4109860217-3884139575-1781413053 >>> [2011/04/07 10:48:09.096544, 2] >>> winbindd/winbindd_util.c:221(add_trusted_domain) >>> Added domain CW S-1-5-21-3224037681-1998144755-3803369224 >>> [2011/04/07 10:48:09.104932, 2] >>> winbindd/winbindd_util.c:221(add_trusted_domain) >>> Added domain xxx S-1-5-21-1125475667-1308779437-1236795852 >>> [2011/04/07 10:48:09.105264, 2] >>> winbindd/winbindd_util.c:221(add_trusted_domain) >>> Added domain WWW S-1-5-21-858964348-3275466132-3667905073 >>> [2011/04/07 10:48:13.512247, 3] >>> winbindd/winbindd_cm.c:1633(connection_ok) >>> connection_ok: Connection to for domain CEABR is not connected >>> [2011/04/07 10:48:13.528483, 3] >>> libsmb/cliconnect.c:991(cli_session_setup_spnego) >>> Doing spnego session setup (blob length=115) >>> [2011/04/07 10:48:13.535011, 3] >>> libsmb/cliconnect.c:1020(cli_session_setup_spnego) >>> got OID=1.2.840.48018.1.2.2 >>> got OID=1.2.840.113554.1.2.2 >>> got OID=1.2.840.113554.1.2.2.3 >>> got OID=1.3.6.1.4.1.311.2.2.10 >>> [2011/04/07 10:48:13.535212, 3] >>> libsmb/cliconnect.c:1030(cli_session_setup_spnego) >>> got principal=ceaadbrp1$@XXX >>> [2011/04/07 10:48:13.567241, 2] >>> libsmb/cliconnect.c:795(cli_session_setup_kerberos) >>> Doing kerberos session setup >>> [2011/04/07 10:48:13.575172, 3] >>> libsmb/clikrb5.c:622(ads_cleanup_expired_creds) >>> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] >>> expiration Thu, 07 Apr 2011 20:48:13 GMT-03:00 >>> [2011/04/07 10:48:13.575364, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) >>> ads_krb5_mk_req: server marked as OK to delegate to, building >>> forwardable TGT >>> >>> ********************** >>> ceaulab1:/opt/pware64/var>cat log.wb-CEABR >>> >>> [2011/04/07 10:48:08.446242, 3] >>> winbindd/winbindd_cm.c:1633(connection_ok) >>> connection_ok: Connection to for domain CEABR is not connected >>> [2011/04/07 10:48:08.495255, 3] >>> libsmb/cliconnect.c:991(cli_session_setup_spnego) >>> Doing spnego session setup (blob length=115) >>> [2011/04/07 10:48:08.495545, 3] >>> libsmb/cliconnect.c:1020(cli_session_setup_spnego) >>> got OID=1.2.840.48018.1.2.2 >>> got OID=1.2.840.113554.1.2.2 >>> got OID=1.2.840.113554.1.2.2.3 >>> got OID=1.3.6.1.4.1.311.2.2.10 >>> [2011/04/07 10:48:08.495666, 3] >>> libsmb/cliconnect.c:1030(cli_session_setup_spnego) >>> got principal=ceaadbrp1$@xxxx >>> [2011/04/07 10:48:08.529939, 2] >>> libsmb/cliconnect.c:795(cli_session_setup_kerberos) >>> Doing kerberos session setup >>> [2011/04/07 10:48:08.538272, 3] >>> libsmb/clikrb5.c:622(ads_cleanup_expired_creds) >>> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] >>> expiration Thu, 07 Apr 2011 20:48:08 GMT-03:00 >>> [2011/04/07 10:48:08.538440, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) >>> ads_krb5_mk_req: server marked as OK to delegate to, building >>> forwardable TGT >>> [2011/04/07 10:48:08.871177, 3] >>> winbindd/winbindd_ads.c:1206(sequence_number) >>> ads: fetch sequence_number for CEABR >>> [2011/04/07 10:48:08.871449, 3] libsmb/namequery.c:1880(get_dc_list) >>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *" >>> [2011/04/07 10:48:08.877761, 3] libads/ldap.c:634(ads_connect) >>> Successfully contacted LDAP server 10.16.1.203 >>> [2011/04/07 10:48:08.877989, 3] libsmb/namequery.c:1880(get_dc_list) >>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *" >>> [2011/04/07 10:48:08.878252, 3] libsmb/namequery.c:1880(get_dc_list) >>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *" >>> [2011/04/07 10:48:08.943625, 3] libsmb/namequery.c:1880(get_dc_list) >>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *" >>> [2011/04/07 10:48:08.946330, 3] libads/ldap.c:634(ads_connect) >>> Successfully contacted LDAP server 10.x.x.x >>> [2011/04/07 10:48:08.946581, 3] libsmb/namequery.c:1880(get_dc_list) >>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *" >>> [2011/04/07 10:48:08.946852, 3] libsmb/namequery.c:1880(get_dc_list) >>> get_dc_list: preferred server list: "ceaadbrp1.xxx, *" >>> [2011/04/07 10:48:09.004434, 3] libads/ldap.c:634(ads_connect) >>> Successfully contacted LDAP server 10.16.1.203 >>> [2011/04/07 10:48:09.006830, 3] libads/ldap.c:688(ads_connect) >>> Connected to LDAP server ceaadbrp1.xxx >>> [2011/04/07 10:48:09.008109, 3] >>> libads/sasl.c:782(ads_sasl_spnego_bind) >>> ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 >>> [2011/04/07 10:48:09.008190, 3] >>> libads/sasl.c:782(ads_sasl_spnego_bind) >>> ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 >>> [2011/04/07 10:48:09.008267, 3] >>> libads/sasl.c:782(ads_sasl_spnego_bind) >>> ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 >>> [2011/04/07 10:48:09.008343, 3] >>> libads/sasl.c:782(ads_sasl_spnego_bind) >>> ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 >>> [2011/04/07 10:48:09.008418, 3] >>> libads/sasl.c:791(ads_sasl_spnego_bind) >>> ads_sasl_spnego_bind: got server principal name = ceaadbrp1$@xxx >>> [2011/04/07 10:48:09.008672, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req) >>> ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache >>> found) >>> [2011/04/07 10:48:09.054672, 3] >>> libsmb/clikrb5.c:622(ads_cleanup_expired_creds) >>> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] >>> expiration Thu, 07 Apr 2011 20:48:09 GMT-03:00 >>> [2011/04/07 10:48:09.054867, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) >>> ads_krb5_mk_req: server marked as OK to delegate to, building >>> forwardable TGT >>> [2011/04/07 10:48:09.074603, 3] >>> libsmb/ntlmssp.c:1101(ntlmssp_client_challenge) >>> Got challenge flags: >>> [2011/04/07 10:48:09.074743, 3] >>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags) >>> Got NTLMSSP neg_flags=0x62898235 >>> [2011/04/07 10:48:09.074819, 3] >>> libsmb/ntlmssp.c:1123(ntlmssp_client_challenge) >>> NTLMSSP: Set final flags: >>> [2011/04/07 10:48:09.074888, 3] >>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags) >>> Got NTLMSSP neg_flags=0x60088235 >>> [2011/04/07 10:48:09.075079, 3] >>> libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) >>> NTLMSSP Sign/Seal - Initialising with flags: >>> [2011/04/07 10:48:09.075167, 3] >>> libsmb/ntlmssp.c:65(debug_ntlmssp_flags) >>> Got NTLMSSP neg_flags=0x60088235 >>> [2011/04/07 10:48:09.081098, 3] >>> winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) >>> [6553754]: list trusted domains >>> [2011/04/07 10:48:09.081206, 3] >>> winbindd/winbindd_ads.c:1269(trusted_domains) >>> ads: trusted_domains >>> [2011/04/07 10:48:09.105515, 3] >>> winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) >>> [6553754]: list trusted domains >>> [2011/04/07 10:48:09.105620, 3] >>> winbindd/winbindd_ads.c:1269(trusted_domains) >>> ads: trusted_domains >>> [2011/04/07 10:53:08.428859, 3] >>> winbindd/winbindd_misc.c:159(winbindd_dual_list_trusted_domains) >>> [6553754]: list trusted domains >>> [2011/04/07 10:53:08.429039, 3] >>> winbindd/winbindd_ads.c:1269(trusted_domains) >>> ads: trusted_domains >>> >>> >>> TKS >>> >>> Em 6 de abril de 2011 22:08, William E Jojo <[email protected]> >>> escreveu: >>> > >>> > ----- Original Message ----- >>> >> From: "kleber povoação" <[email protected]> >>> >> To: [email protected] >>> >> Sent: Wednesday, April 6, 2011 6:33:10 PM >>> >> Subject: [Samba] login into AIX using winbind >>> >> Can someone help me ? >>> >> >>> >> I can´t login at the AIX machine using an Active directory user. >>> >> **************************** >>> >> /etc/smb.conf >>> >> >>> >> [global] >>> >> security = ads >>> >> realm = XXXXXXXX >>> >> password server = * >>> >> workgroup = YYYYY >>> >> idmap uid = 10000-20000 >>> >> idmap gid = 10000-20000 >>> >> winbind use default domain = yes >>> >> log level = 3 >>> >> template homedir = /home/%D/%U >>> >> template shell = /usr/bin/ksh >>> >> server string = %h server >>> >> winbind nested groups = Yes >>> >> winbind offline logon = true >>> >> interfaces = en3 lo0 >>> >> bind interfaces only = yes >>> >> name resolve order = host wins bcast >>> >> lm announce = False >>> >> preferred master = False >>> >> keepalive = 30 >>> >> auth methods = winbind >>> >> client use spnego = Yes >>> >> encrypt passwords = Yes >>> >> domain master = no >>> >> local master = no >>> >> preferred master = no >>> >> passdb backend = tdbsam >>> >> unix extensions = no >>> >> idmap config YYYYY : default = yes >>> >> idmap config YYYYY : backend = ad >>> >> idmap config YYYYY : range = 10000-20000 >>> >> ******************************************** >>> >> /usr/lib/security/methods.cfg >>> >> >>> >> WINBIND: >>> >> program = /usr/lib/security/WINBIND >>> >> >>> >> KRB5A: >>> >> program = /usr/lib/security/KRB5A >>> >> options = authonly >>> >> program_64 = /usr/lib/security/KRB5A_64 >>> >> >>> >> KRB5Afiles: >>> >> options = db=BUILTIN,auth=KRB5A >>> >> >>> >> NIS: >>> >> program = /usr/lib/security/NIS >>> >> program_64 = /usr/lib/security/NIS_64 >>> >> >>> >> >>> >> DCE: >>> >> program = /usr/lib/security/DCE >>> >> >>> >> >>> >> *************************** >>> >> /etc/security/user >>> >> >>> >> default: >>> >> admin = false >>> >> login = true >>> >> su = true >>> >> daemon = true >>> >> rlogin = true >>> >> sugroups = ALL >>> >> admgroups = >>> >> ttys = ALL >>> >> auth1 = SYSTEM >>> >> auth2 = NONE >>> >> tpath = nosak >>> >> umask = 22 >>> >> expires = 0 >>> >> SYSTEM = "WINBIND OR compat" >>> >> registry = WINBIND >>> >> logintimes = >>> >> pwdwarntime = 3 >>> >> account_locked = false >>> >> loginretries = 5 >>> >> histexpire = 48 >>> >> histsize = 8 >>> >> minage = 1 >>> >> maxage = 0 >>> >> maxexpired = -1 >>> >> minalpha = 4 >>> >> minother = 2 >>> >> minlen = 8 >>> >> mindiff = 3 >>> >> maxrepeats = 8 >>> >> dictionlist = >>> >> pwdchecks = >>> >> default_roles = >>> >> ************************* >>> >> /etc/krb5.conf >>> >> [libdefaults] >>> >> default_realm = wwww >>> >> default_keytab_name = FILE:/etc/krb5/krb5.keytab >>> >> forwardable = true >>> >> clockskew = 300 >>> >> >>> >> [realms] >>> >> BRASIL.LATAM.CEA = { >>> >> kdc = www:88 >>> >> admin_server = www:749 >>> >> default_domain = wwww >>> >> } >>> >> >>> >> [domain_realm] >>> >> .xxx.xx.xx = XXXX >>> >> xxx.xx.xx = XXXX >>> >> >>> >> [logging] >>> >> kdc = FILE:/var/krb5/log/krb5kdc.log >>> >> admin_server = FILE:/var/krb5/log/kadmin.log >>> >> kadmin_local = FILE:/var/krb5/log/kadmin_local.log >>> >> default = FILE:/var/krb5/log/krb5lib.log >>> >> >>> >> ****************** >>> >> what´s works ? >>> >> >>> >> >>> >> lab1:/>wbinfo -i brab10_dbr >>> >> brab10_dbr:*:10000:10000:Anderson:/home/XXX/brab10_dbr:/usr/bin/ksh >>> >> >>> >> wbinfo -g >>> >> >>> >> net ads info >>> >> >>> >> klist >>> >> *********************** >>> >> what´s not work >>> >> >>> >> lab1:/>lsuser -R WINBIND ALL -> show no error but not return any >>> >> user. >>> >> lab1:/> >>> >> >>> > >>> > ALL has never worked. There is a timeout issue within AIX that I was >>> > never able to track down. >>> > >>> > >>> >> login with AD user at telnet or ssh or locally at console >>> > >>> > >>> > How are you logging in? Is the user fully-qualified? (Should not be >>> > necessary with winbind use default domain). Is there a home dir >>> > ready to receive them? >>> > >>> > Does "lsuser -R WINBIND username" return what you expect? >>> > >>> > Does chown allow you to specify an AD user? >>> > >>> > Anything in your log level 3 that may help? >>> > >>> > >>> > Cheers, >>> > Bill >>> > >>> > >>> >> >>> >> ******************* >>> >> >>> >> tks all >>> >> -- >>> >> To unsubscribe from this list go to the following URL and read the >>> >> instructions: https://lists.samba.org/mailman/options/samba >>> > >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
