Crony,
I also am trying to setup both AIX 6.1 and AIX 7 clients.
Is there anyway I could get you to post you working configurations?
Thanks,
David
-Original Message-From: crony
<leszek@gmail.com<mailto:crony%20%3cleszek@gmail.com%3e>>
To: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: [Freeipa-users] AD Cross Realm Trust + AIX
Date: Thu, 12 Feb 2015 19:06:59 +0100
Hi All,
can I ask you for some advice?
My setup is:
- updated RHEL7 as IPA server (UX.EXAMPLE.COM<http://UX.EXAMPLE.COM>) in trust
with Active Directory 2008R2 domain (EXAMPLE.COM<http://EXAMPLE.COM>)
- AIX 7 as IPA client
I'm using compat tree for connecting AIX as client.
A lot of things work correctly:
# /usr/krb5/bin/kinit leszek
Password for ad_u...@example.com<mailto:ad_u...@example.com>:
# /usr/krb5/bin/klist
Ticket cache: FILE:/var/krb5/security/creds/krb5cc_0
Default principal: ad_u...@example.com<mailto:ad_u...@example.com>
Valid starting ExpiresService principal
02/12/15 15:46:23 02/13/15 01:46:31
krbtgt/example@example.com<mailto:example@example.com>
Renew until 02/13/15 01:46:23
# lsldap -a passwd ad_u...@example.com<mailto:ad_u...@example.com>
dn:
uid=ad_u...@example.com<mailto:ad_u...@example.com>,cn=users,cn=compat,dc=ux,dc=example,dc=com
objectClass: posixAccount
objectClass: extensibleObject
objectClass: top
gecos: ad_user
cn: ad_user
uidNumber: 1036620735
gidNumber: 1036620735
homeDirectory: /home/example.com/ad_user<http://example.com/ad_user>
ipaNTSecurityIdentifier: S-1-5-21--X-XX
uid: ad_u...@example.com<mailto:ad_u...@example.com>
# id ad_u...@example.com<mailto:ad_u...@example.com>
uid=1036620735(ad_u...@example.com<mailto:ad_u...@example.com>)
gid=1036620735(ad_u...@example.com<mailto:ad_u...@example.com>)
groups=1036620733(another_gr...@example.com<mailto:another_gr...@example.com>)
Here I found the first problem:
# su - ad_u...@example.com<mailto:ad_u...@example.com>
3004-614 Unable to change directory to "".
You are in "/home/guest" instead.
$ id
uid=1036620735(ad_u...@example.com<mailto:ad_u...@example.com>)
gid=1036620735(ad_u...@example.com<mailto:ad_u...@example.com>)
groups=1036620733(another_gr...@example.com<mailto:another_gr...@example.com>)
The "3004-614 Unable to change directory to ""." appears after I added to
/etc/methods.cfg:
KRB5A:
program = /usr/lib/security/KRB5A
program_64 = /usr/lib/security/KRB5A_64
options = authonly
LDAP:
program = /usr/lib/security/LDAP
program_64 =/usr/lib/security/LDAP64
Without these lines there is no error "about change to home directory", su from
root works smoothly and entered the user to the homedirectory. But now I can't
ssh to the system, because I have no correct registry.
-
I made another test: if I can log in by just IPA user, ex. admin. There is no
such problem:
# id admin
uid=3(admin) gid=3(admins)
# su - admin
-bash-3.2$ pwd
/export/home/admin
-bash-3.2$ id
uid=3(admin) gid=3(admins)
# ssh admin@localhost
admin@localhost's password:
***
* *
* *
* Welcome to AIX Version 7.1!*
* *
* *
* Please see the README file in /usr/lpp/bos for information pertinent to*
* this release of the AIX Operating System. *
* *
* *
***
-bash-3.2$ id
uid=3(admin) gid=3(admins)
Any idea what is wrong?
I have already changed the AIX max_logname from 8 to 40 characters. Maybe the
"@" character in login name is a problem?
Thank you in advance. -- /lm
#
The information contained in this electronic mail message, including
attachments, if any, is PetSmart confidential information. It is intended only
for the use of the person(s) named above. If the reader of this message is not
the intended recipient, or has received this message in error, you are hereby
notified that any review, dissemination, distribution or copying of this
communication is strictly prohibited. If you are not the intended recipient or
have received this message in error, p