search for: authonly

...kerberos is working net ads join works fine wbinfo -t shows secret is fine aix does not have getent so I can't run getent passwd -- is there something equivalent on aix? /usr/lib/security/methods.cfg has: WINBIND: program = /usr/lib/security/WINBIND (set with chmod 444) options =authonly /etc/security/user has for SYSTEM = WINBIND OR WINBIND[FAILURE] AND COMPAT my clock syncs with same ntp as ad server and seems fine I am so tired....been working on this for two days. Please help me figure out why this is not working now. David David Shapiro Unix Team Lead 919-765-2011

...nally. However, when I run chown DOMAIN+mylogin testdir, testdir is not set to DOMAIN+mylogin, it is set to tempfn (temporary id is what the gecos/description says). In aix land, what do I need to do to get it to use WINBIND to set the diretory ownership now? My /usr/lib/security/methods.cfg has authonly for WINBIND. I take it that is not enough? I saw something where they wanted me to change SYSTEM=compat to SYSTEM = "WINBIND OR WINBIND[UNAVAIL] AND compat", but when I do that, nobody can log in to the system anymore. My smb.conf now looks like the following: [global] w...

...d 64bit of samba, neither of them has worked for me. ADS join is ok, I am able to see all good ouput for wbinfo -t/-m/-p etc. I have copied the WINBIND module under /usr/lib/security and changed /usr/lib/security/methods.cfg as WINBIND: program = /usr/lib/security/WINBIND options = authonly the /etc/security/user the default stanza with SYSTEM = "WINBIND OR compat" The errors I have repeatedly encountered is -- Could not trigger lookup sid sid2gid returned an error Could not lookup name for user MYDOMAIN\USER1 Some other errors are Error GID range is full!! No matter I...

...finally. However, when I run chown DOMAIN+mylogin testdir, testdir is not set to DOMAIN+mylogin, it is set to tempfn (temporary id is what the gecos/description says). In aix land, what do I need to do to get it to use WINBIND to set the diretory ownership now? My /usr/lib/security/methods.cfg has authonly for WINBIND. I take it that is not enough? I saw something where they wanted me to change SYSTEM=compat to SYSTEM = "WINBIND OR WINBIND[UNAVAIL] AND compat", but when I do that, nobody can log in to the system anymore. My smb.conf now looks like the following: [global]...

...Users and such. Will this be complicated by the use of three DC's accessing this info? 4) Assuming I do need winbindd, AIX has LDAP method already, but Andrew's WINBIND method looks equally exciting especially if we can implement the extentions that allow WINBIND to have options for "authonly,db=LDAP" or "auth=KRB5,db=LDAP". The former allows winbindd to do the AIX auth and gather user info from LDAP. The latter one would allow for AIX to auth against KRB, lookup user info from LDAP (which allows the use of secldapclntd and the AIX, RFC2307 or RFC2307AIX mappings allowe...

All, I am having a winbind module load error on aix 7.1 trying to load winbind module for 3.6.0. methods.cfg WINBIND: program_64 = /usr/lib/security/WINBIND_64 (have tried authonly here) NIS: program = /usr/lib/security/NIS program_64 = /usr/lib/security/NIS_64 DCE: program = /usr/lib/security/DCE [root] on [barrow] on [/rehash/samba-3.6.0] {932} /security | grep WINBIND < lrwxrwxrwx 1 root staff 33 Feb 19 14:34 WINBIND_64...

...anged.. For example https://support.microsoft.com/nl-nl/help/3181029/smb-file-server-share-access-is-unsuccessful-through-dns-cname-alias I would preffer also to see a clear difference in settings in manuals for samba-AD-DC samba-AD-Member-file server samba-AD-Member-Print server samba-AD-Member-authonly server Samba-NT4-PDC Samba-NT4-BDC Samba-NT4-Member Samba-Standalone Now, add to this the problem Rowland and i are looking into, found recently. A "renamed" computer, might have or is missing or has wrong settings in AD. A common problem we found yesterday, that also exists in wind...

All, I am having a winbind module load error on aix 7.1 trying to load winbind module for 3.6.0. methods.cfg WINBIND: program_64 = /usr/lib/security/WINBIND_64 (have tried authonly here) NIS: program = /usr/lib/security/NIS program_64 = /usr/lib/security/NIS_64 DCE: program = /usr/lib/security/DCE [root] on [barrow] on [/rehash/samba-3.6.0] {932} /security | grep WINBIND < lrwxrwxrwx 1 root staff 33 Feb 19 14:34 WINBIND_64 -&gt...

All, I am having a winbind module load error on aix 7.1 trying to load winbind module for 3.6.0. methods.cfg WINBIND: program_64 = /usr/lib/security/WINBIND_64 (have tried authonly here) NIS: program = /usr/lib/security/NIS program_64 = /usr/lib/security/NIS_64 DCE: program = /usr/lib/security/DCE [root] on [barrow] on [/rehash/samba-3.6.0] {932} /security | grep WINBIND < lrwxrwxrwx 1 root staff 33 Feb 19 14:34 WINBIND_64...

...s. That is I edited the /etc/security/user file and changed the SYSTEM and registry variables to: SYSTEM = "WINBIND or compat" registry = WINBIND I also edited the /usr/lib/security/methods.cfg and added at the end: WINBIND: program = /usr/lib/security/WINBIND options = authonly Hopefully I am telling AIX, that from now on it should use winbind as the authentication method for users (default users). Users that are already defined on the system and are not on AD will be able to log in. I also left the compat method on the default stanza so if winbind fails it will check lo...

Hi all, I've got Samba with Winbind working on AIX 5.3 and 6.1 fairly well with Active Directory 2003. In fact, I'd say short of 2 very important services, it's working almost perfectly. Unfortunately, these 2 services are quite critical, and without them I'm afraid we'll have to resort to some sort of proprietary identity solution like Novell, which I'm not crazy about.

...ble to join to windows Domain and able to fetch list of windows domain users with the command /usr/local/samba/bin/wbinfo -u and also the groups with usr/local/samba/bin/wbinfo -g . I have added the below line methods.cfg WINBIND program = /usr/lib/security/WINBIND options = authonly Also included Default: SYSTEM = "WINBIND or compat" in /etc/security/user file. /usr/local/samba/bin/smbclient -k -U administrator -L mailsrvr.restore.com - works fine too Kinit works fine. Output of klist is : Ticket cache: FILE:/tmp/krb5cc_0 Default princ...

...use_first_pass /etc/security/user Changed SYSTEM= SYSTEM = "compat" to SYSTEM = "DCE OR DCE[UNAVAIL] AND compat" /usr/lib/security/methods.cfg WINDBIND: program = /opt/pware64/lib/security/WINBIND program_64 = /opt/pware64/lib/security/WINBIND options = authonly LDAP: program = /usr/lib/security/LDAP program_64 = /usr/lib/security/LDAP_64 I?ve been combing the documentation to try and figure this out, but my head is spinning right now and I just haven?t been able to put things together to get this to work. Thanks for any help? -- Jim T...

I've followed the instructions in the README at http://us4.samba.org/samba/ftp/Binary_Packages/AIX/ for building 3.0.21x on AIX 5.2 ('oslevel -r' reports '5200-07'). The last version I was able to build on the system was 3.0.14a. 3.0.21c's configure completes with no errors, but the make immediately bombs with: # make Using FLAGS = -O -D_SAMBA_BUILD_ -I./popt

...ND file from where is was created when you compiled Samba to /usr/lib/security: cp /path/to/samba-3.0.8pre2/nsswitch/WINBIND /usr/lib/security Next you will need to add a stanza to the file /usr/lib/security/methods.cfg: WINBIND: program = /usr/lib/security/WINBIND options = authonly Finally you will need to edit /etc/security/users and make sure under the default stanza that SYSTEM is set to WINBIND: default: admin = false login = true su = true daemon = true rlogin = true sugroups = ALL admgroups = t...

...k.domain.net } [domain_realm] .uk.domain.net = UK.DOMAIN.NET uk.domain.net = UK.DOMAIN.NET $ cat /usr/lib/security/methods.cfg WINBIND: program = /usr/lib/security/WINBIND options = debug KRB5A: program = /usr/lib/security/KRB5A options = authonly KRB5Afiles: options = db=BUILTIN,auth=KRB5A ## WINBIND copied in from /usr/local/samba/sbin $ ls -l /usr/lib/security/WINBIND -rwxr-xr-x 1 root system 9381212 25 Nov 09:57 /usr/lib/ security/WINBIND $ grep -p WINBIND /etc/security/user default: admin = false l...

...k.domain.net } [domain_realm] .uk.domain.net = UK.DOMAIN.NET uk.domain.net = UK.DOMAIN.NET $ cat /usr/lib/security/methods.cfg WINBIND: program = /usr/lib/security/WINBIND options = debug KRB5A: program = /usr/lib/security/KRB5A options = authonly KRB5Afiles: options = db=BUILTIN,auth=KRB5A ## WINBIND copied in from /usr/local/samba/sbin $ ls -l /usr/lib/security/WINBIND -rwxr-xr-x 1 root system 9381212 25 Nov 09:57 /usr/lib/ security/WINBIND $ grep -p WINBIND /etc/security/user default: admin = false l...

Once again, something with Samba thirty bazillion components broke. Once again, my choices for logging are "nothing" or "15 MB/s spread of ten different files, because 'client authentication failed' totally needs to be lower priority than malloc debug info". Once again, none of these messages is actually able to convey what broke, where, why. Why is it impossible for