[Samba] cannot login as with domain userid's on AIX
Hi I am trying to configure Samba with ADS integration on AIX 5.2. I am unable to login to the Aix server using credentials of Domain user. I am able to join to windows Domain and able to fetch list of windows domain users with the command /usr/local/samba/bin/wbinfo -u and also the groups with usr/local/samba/bin/wbinfo -g . I have added the below line methods.cfg WINBIND program = /usr/lib/security/WINBIND options = authonly Also included Default: SYSTEM = WINBIND or compat in /etc/security/user file. /usr/local/samba/bin/smbclient -k -U administrator -L mailsrvr.restore.com - works fine too Kinit works fine. Output of klist is : Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 02/17/05 15:37:01 02/18/05 01:37:04 krbtgt/[EMAIL PROTECTED] renew until 02/18/05 15:37:01 02/17/05 16:07:14 02/18/05 01:37:04 [EMAIL PROTECTED] renew until 02/18/05 15:37:01 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached The /var/log/samba/winbindd.log has the following: [2005/02/17 16:30:50, 3] nsswitch/winbindd_ads.c:trusted_domains(832) ads: trusted_domains [2005/02/17 16:30:50, 3] libads/ldap.c:ads_connect(247) Connected to LDAP server 10.80.0.120 [2005/02/17 16:30:50, 3] libads/ldap.c:ads_server_info(2432) got ldap server name [EMAIL PROTECTED], using bind path: dc=RESTORE,dc=COM [2005/02/17 16:30:50, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109) IPC$ connections done anonymously [2005/02/17 16:30:50, 3] libsmb/cliconnect.c:cli_start_connection(1382) Connecting to host=MAILSRVR [2005/02/17 16:30:50, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.80.0.120 at port 445 [2005/02/17 16:30:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(713) Doing spnego session setup (blob length=109) [2005/02/17 16:30:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 2 840 48018 1 2 2 [2005/02/17 16:30:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 2 840 113554 1 2 2 [2005/02/17 16:30:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 2 840 113554 1 2 2 3 [2005/02/17 16:30:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 3 6 1 4 1 311 2 2 10 [2005/02/17 16:30:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(745) got [EMAIL PROTECTED] [2005/02/17 16:30:51, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(538) Doing kerberos session setup [2005/02/17 16:30:51, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(319) Ticket in ccache[MEMORY:cliconnect] expiration Fri, 18 Feb 2005 02:31:08 PAKST [2005/02/17 16:35:51, 3] nsswitch/winbindd_ads.c:trusted_domains(832) ads: trusted_domains [2005/02/17 16:35:51, 3] libads/ldap.c:ads_connect(247) Connected to LDAP server 10.80.0.120 [2005/02/17 16:35:51, 3] libads/ldap.c:ads_server_info(2432) got ldap server name [EMAIL PROTECTED], using bind path: dc=RESTORE,dc=COM [2005/02/17 16:35:51, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109) IPC$ connections done anonymously [2005/02/17 16:35:51, 3] libsmb/cliconnect.c:cli_start_connection(1382) Connecting to host=MAILSRVR [2005/02/17 16:35:51, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.80.0.120 at port 445 [2005/02/17 16:35:51, 3] libsmb/cliconnect.c:cli_session_setup_spnego(713) Doing spnego session setup (blob length=109) [2005/02/17 16:35:51, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 2 840 48018 1 2 2 [2005/02/17 16:35:51, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 2 840 113554 1 2 2 [2005/02/17 16:35:51, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 2 840 113554 1 2 2 3 [2005/02/17 16:35:51, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738) got OID=1 3 6 1 4 1 311 2 2 10 [2005/02/17 16:35:51, 3] libsmb/cliconnect.c:cli_session_setup_spnego(745) got [EMAIL PROTECTED] [2005/02/17 16:35:51, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(538) Doing kerberos session setup [2005/02/17 16:35:51, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(319) Ticket in ccache[MEMORY:cliconnect] expiration Fri, 18 Feb 2005 02:41:08 PAKST I am looking for the steps that need to be followed on the PAM / krb side to be able to login to AIX Server with the windows domain user credentials Here are my smb.conf and krb5. Any help on this would be great. Smb.conf [workgroup = restore server string = Samba Server log file = /var/log/samba/%m.log log level = 3 max log size = 50 security = ADS realm = RESTORE.COM use kerberos keytab = Yes password server = 10.80.0.120 winbind separator = # idmap uid = 1-2 idmap gid = 1-2 winbind cache time = 15 winbind
[Samba] Samba configuration on AIX 5.2
Hi , I am trying to configure Samba with ADS integration on AIX 5.2. I am able to join to windows Domain and able to fetch list of windows domain users with the command /usr/local/samba/bin/wbinfo -u and also the groups with usr/local/samba/bin/wbinfo -u . I have added the below line methods.cfg WINBIND program = /usr/lib/security/WINBIND options = authonly I am unable to login to the Aix server using credentials of Domain user. This process does not give any significant error in winbindd.log . I am looking for the steps that need to be followed on the PAM / krb side to be able to login to AIX Server with the windows domain user credentials Here are my smb.conf and krb5. Any help on this would be great. Smb.conf [global] workgroup = restore server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 security = ADS realm = restore.com password server = 10.80.0.120 # Winbind config.### winbind separator = # idmap uid = 1-2 idmap gid = 1-2 winbind cache time = 15 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash winbind use default domain = yes [homes] comment = Home Directories browseable = no writeable = yes create mask = 0640 krb5.conf [libdefaults] default_realm = RESTORE.COM ticket_lifetime = 24000 dns_lookup_realm = true dns_lookup_kdc = true krb4_config = /usr/krb5-1.3.6/src/config-files/krb.conf [realms] RESTORE.COM = { admin_server = mailsrvr.restore.com kdc = mailsrvr.restore.com default_domain = RESTORE.COM } [kdc] profile = /usr/krb5-1.3.6/src/config-files/kdc.conf [domain_realm] .restore.com = RESTORE.COM restore.com = RESTORE.COM [logging] # kdc = CONSOLE default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [appdefaults] pam = { debug = true ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Regards, Shaista DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] error duing executing make of samba on aix
Hi , I am facing a problem while configuring Samba on AIX 5.2. The configure completes without any issues , but getting an error while running make . Any pointers to this problem will be helpfull. Options used for Configure are - ./configure --with-winbind --with-ldap --with-ads --with-pam Here is the Error - # make Using FLAGS = -O -I/usr/local/include -I./popt -Iinclude -I/usr/samba-3.0.1/sou rce/include -I/usr/samba-3.0.1/source/ubiqx -I/usr/samba-3.0.1/source/smbwrapper -I. -I/usr/local/include -I/usr/samba-3.0.1/source LIBS = LDSHFLAGS = -Wl,-bexpall,-bM:SRE,-bnoentry,-berok LDFLAGS = Compiling nsswitch/pam_winbind.c with -O2 nsswitch/pam_winbind.c: In function `converse': nsswitch/pam_winbind.c:67: warning: passing arg 3 of `pam_get_item' from incompa tible pointer type nsswitch/pam_winbind.c:70: warning: passing arg 2 of pointer to function from in compatible pointer type nsswitch/pam_winbind.c: In function `_make_remark': nsswitch/pam_winbind.c:85: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c: In function `_winbind_read_password': nsswitch/pam_winbind.c:297: warning: passing arg 3 of `pam_get_item' from incomp atible pointer type nsswitch/pam_winbind.c:309: error: `PAM_AUTHTOK_RECOVER_ERR' undeclared (first u se in this function) nsswitch/pam_winbind.c:309: error: (Each undeclared identifier is reported only once nsswitch/pam_winbind.c:309: error: for each function it appears in.) nsswitch/pam_winbind.c:330: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:338: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:344: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:402: warning: passing arg 3 of `pam_get_item' from incomp atible pointer type nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:417: error: syntax error before int nsswitch/pam_winbind.c: In function `pam_sm_authenticate': nsswitch/pam_winbind.c:428: warning: passing arg 2 of `pam_get_user' from incomp atible pointer type nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:461: error: syntax error before int nsswitch/pam_winbind.c:472: error: syntax error before int nsswitch/pam_winbind.c: In function `pam_sm_acct_mgmt': nsswitch/pam_winbind.c:482: warning: passing arg 2 of `pam_get_user' from incomp atible pointer type nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:518: error: syntax error before int nsswitch/pam_winbind.c:528: error: syntax error before int nsswitch/pam_winbind.c:540: error: syntax error before int nsswitch/pam_winbind.c: In function `pam_sm_chauthtok': nsswitch/pam_winbind.c:559: warning: passing arg 2 of `pam_get_user' from incomp atible pointer type nsswitch/pam_winbind.c:636: warning: passing arg 3 of `pam_get_item' from incomp atible pointer type make: 1254-004 The error code from the last command is 1. Stop. Thanks Shaista DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem while configuring Samba
Hi , I am facing a problem while configuring Samba on AIX 5.2. The configure completes without any issues , but getting an error while running make . Any pointers to this problem will be helpfull. Options used for Configure are - ./configure --with-winbind --with-ldap --with-ads --with-pam Here is the Error - # make Using FLAGS = -O -I/usr/local/include -I./popt -Iinclude -I/usr/samba-3.0.1/sou rce/include -I/usr/samba-3.0.1/source/ubiqx -I/usr/samba-3.0.1/source/smbwrapper -I. -I/usr/local/include -I/usr/samba-3.0.1/source LIBS = LDSHFLAGS = -Wl,-bexpall,-bM:SRE,-bnoentry,-berok LDFLAGS = Compiling nsswitch/pam_winbind.c with -O2 nsswitch/pam_winbind.c: In function `converse': nsswitch/pam_winbind.c:67: warning: passing arg 3 of `pam_get_item' from incompa tible pointer type nsswitch/pam_winbind.c:70: warning: passing arg 2 of pointer to function from in compatible pointer type nsswitch/pam_winbind.c: In function `_make_remark': nsswitch/pam_winbind.c:85: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c: In function `_winbind_read_password': nsswitch/pam_winbind.c:297: warning: passing arg 3 of `pam_get_item' from incomp atible pointer type nsswitch/pam_winbind.c:309: error: `PAM_AUTHTOK_RECOVER_ERR' undeclared (first u se in this function) nsswitch/pam_winbind.c:309: error: (Each undeclared identifier is reported only once nsswitch/pam_winbind.c:309: error: for each function it appears in.) nsswitch/pam_winbind.c:330: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:338: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:344: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:402: warning: passing arg 3 of `pam_get_item' from incomp atible pointer type nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:417: error: syntax error before int nsswitch/pam_winbind.c: In function `pam_sm_authenticate': nsswitch/pam_winbind.c:428: warning: passing arg 2 of `pam_get_user' from incomp atible pointer type nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:461: error: syntax error before int nsswitch/pam_winbind.c:472: error: syntax error before int nsswitch/pam_winbind.c: In function `pam_sm_acct_mgmt': nsswitch/pam_winbind.c:482: warning: passing arg 2 of `pam_get_user' from incomp atible pointer type nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:518: error: syntax error before int nsswitch/pam_winbind.c:528: error: syntax error before int nsswitch/pam_winbind.c:540: error: syntax error before int nsswitch/pam_winbind.c: In function `pam_sm_chauthtok': nsswitch/pam_winbind.c:559: warning: passing arg 2 of `pam_get_user' from incomp atible pointer type nsswitch/pam_winbind.c:636: warning: passing arg 3 of `pam_get_item' from incomp atible pointer type make: 1254-004 The error code from the last command is 1. Stop. Thanks DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba