----- Original Message -----> From: "kleber povoa??o" <okleber at gmail.com>
> To: samba at lists.samba.org
> Sent: Wednesday, April 6, 2011 6:33:10 PM
> Subject: [Samba] login into AIX using winbind
> Can someone help me ?
>
> I can?t login at the AIX machine using an Active directory user.
> ****************************
> /etc/smb.conf
>
> [global]
> security = ads
> realm = XXXXXXXX
> password server = *
> workgroup = YYYYY
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> winbind use default domain = yes
> log level = 3
> template homedir = /home/%D/%U
> template shell = /usr/bin/ksh
> server string = %h server
> winbind nested groups = Yes
> winbind offline logon = true
> interfaces = en3 lo0
> bind interfaces only = yes
> name resolve order = host wins bcast
> lm announce = False
> preferred master = False
> keepalive = 30
> auth methods = winbind
> client use spnego = Yes
> encrypt passwords = Yes
> domain master = no
> local master = no
> preferred master = no
> passdb backend = tdbsam
> unix extensions = no
> idmap config YYYYY : default = yes
> idmap config YYYYY : backend = ad
> idmap config YYYYY : range = 10000-20000
> ********************************************
> /usr/lib/security/methods.cfg
>
> WINBIND:
> program = /usr/lib/security/WINBIND
>
> KRB5A:
> program = /usr/lib/security/KRB5A
> options = authonly
> program_64 = /usr/lib/security/KRB5A_64
>
> KRB5Afiles:
> options = db=BUILTIN,auth=KRB5A
>
> NIS:
> program = /usr/lib/security/NIS
> program_64 = /usr/lib/security/NIS_64
>
>
> DCE:
> program = /usr/lib/security/DCE
>
>
> ***************************
> /etc/security/user
>
> default:
> admin = false
> login = true
> su = true
> daemon = true
> rlogin = true
> sugroups = ALL
> admgroups > ttys = ALL
> auth1 = SYSTEM
> auth2 = NONE
> tpath = nosak
> umask = 22
> expires = 0
> SYSTEM = "WINBIND OR compat"
> registry = WINBIND
> logintimes > pwdwarntime = 3
> account_locked = false
> loginretries = 5
> histexpire = 48
> histsize = 8
> minage = 1
> maxage = 0
> maxexpired = -1
> minalpha = 4
> minother = 2
> minlen = 8
> mindiff = 3
> maxrepeats = 8
> dictionlist > pwdchecks > default_roles >
*************************
> /etc/krb5.conf
> [libdefaults]
> default_realm = wwww
> default_keytab_name = FILE:/etc/krb5/krb5.keytab
> forwardable = true
> clockskew = 300
>
> [realms]
> BRASIL.LATAM.CEA = {
> kdc = www:88
> admin_server = www:749
> default_domain = wwww
> }
>
> [domain_realm]
> .xxx.xx.xx = XXXX
> xxx.xx.xx = XXXX
>
> [logging]
> kdc = FILE:/var/krb5/log/krb5kdc.log
> admin_server = FILE:/var/krb5/log/kadmin.log
> kadmin_local = FILE:/var/krb5/log/kadmin_local.log
> default = FILE:/var/krb5/log/krb5lib.log
>
> ******************
> what?s works ?
>
>
> lab1:/>wbinfo -i brab10_dbr
> brab10_dbr:*:10000:10000:Anderson:/home/XXX/brab10_dbr:/usr/bin/ksh
>
> wbinfo -g
>
> net ads info
>
> klist
> ***********************
> what?s not work
>
> lab1:/>lsuser -R WINBIND ALL -> show no error but not return any
user.
> lab1:/>
>
ALL has never worked. There is a timeout issue within AIX that I was never able
to track down.
> login with AD user at telnet or ssh or locally at console
How are you logging in? Is the user fully-qualified? (Should not be necessary
with winbind use default domain). Is there a home dir ready to receive them?
Does "lsuser -R WINBIND username" return what you expect?
Does chown allow you to specify an AD user?
Anything in your log level 3 that may help?
Cheers,
Bill
>
> *******************
>
> tks all
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba