Re: Samba configuration on AIX 5.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The configuration you've outlined below is for IBM's LAM (Loadable Authentication Modules), not PAM; so I'm not sure how much help you're going to get from this list.

That said, I'd try the following things to get your configuration working:

1) Add a ":" after the first WINBIND in methods.cfg (this is the correct syntax)

2) Make sure that you set SYSTEM = "WINBIND" for whatever users you want to be authenticated by WINBIND in your /etc/security/user file (or "default" user)

3) RTFM about LAM and the config files. AIX docs are available online from IBM.

Good luck.

- Max
(someone who has had the horrifying experience of writing a LAM module for AIX)

<x-tad-bigger>I am trying to configure Samba with ADS integration on AIX 5.2.</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>I am able to join to windows Domain and able to fetch list of windows domain users with the command</x-tad-bigger>

<x-tad-bigger>/usr/local/samba/bin/wbinfo –u and also the groups with usr/local/samba/bin/wbinfo –u .</x-tad-bigger>

<x-tad-bigger>I have added the below line methods.cfg</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>WINBIND</x-tad-bigger>

<x-tad-bigger>        program = /usr/lib/security/WINBIND</x-tad-bigger>

<x-tad-bigger>        options = authonly</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>I am unable to login to the Aix server using credentials of Domain user.</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>This process does not give any significant error in  winbindd.log .</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>I am looking for the steps that need to be followed on the PAM / krb side to be able to login to AIX</x-tad-bigger>

<x-tad-bigger>Server with the windows domain user credentials</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>Here are my smb.conf and krb5.</x-tad-bigger>

<x-tad-bigger>Any help on this would be great.</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

Smb.conf

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>[global]</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>        workgroup = restore</x-tad-bigger>

<x-tad-bigger>        server string = Samba Server</x-tad-bigger>

<x-tad-bigger>        log file = /var/log/samba/%m.log</x-tad-bigger>

<x-tad-bigger>        max log size = 50</x-tad-bigger>

<x-tad-bigger>        security =  ADS</x-tad-bigger>

<x-tad-bigger>        realm = restore.com</x-tad-bigger>

<x-tad-bigger>        password server =  10.80.0.120</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger># Winbind config.###################################</x-tad-bigger>

<x-tad-bigger>        winbind separator = #</x-tad-bigger>

<x-tad-bigger>        idmap uid = 10000-20000</x-tad-bigger>

<x-tad-bigger>        idmap gid = 10000-20000</x-tad-bigger>

<x-tad-bigger>        winbind cache time = 15</x-tad-bigger>

<x-tad-bigger>        winbind enum users = yes</x-tad-bigger>

<x-tad-bigger>        winbind enum groups = yes</x-tad-bigger>

<x-tad-bigger>        template homedir = /home/%D/%U</x-tad-bigger>

<x-tad-bigger>        template shell = /bin/bash</x-tad-bigger>

<x-tad-bigger>        winbind use default domain = yes</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>[homes]</x-tad-bigger>

<x-tad-bigger>        comment = Home Directories</x-tad-bigger>

<x-tad-bigger>        browseable = no</x-tad-bigger>

<x-tad-bigger>        writeable = yes</x-tad-bigger>

<x-tad-bigger>        create mask = 0640</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

krb5.conf

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>[libdefaults]</x-tad-bigger>

<x-tad-bigger>        default_realm = RESTORE.COM</x-tad-bigger>

<x-tad-bigger>        ticket_lifetime = 24000</x-tad-bigger>

<x-tad-bigger>        dns_lookup_realm = true</x-tad-bigger>

<x-tad-bigger>        dns_lookup_kdc = true</x-tad-bigger>

<x-tad-bigger>        krb4_config = /usr/krb5-1.3.6/src/config-files/krb.conf</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>[realms]</x-tad-bigger>

<x-tad-bigger>        RESTORE.COM  = {</x-tad-bigger>

<x-tad-bigger>                admin_server = mailsrvr.restore.com</x-tad-bigger>

<x-tad-bigger>                kdc = mailsrvr.restore.com</x-tad-bigger>

<x-tad-bigger>                default_domain = RESTORE.COM</x-tad-bigger>

<x-tad-bigger>        }</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>[kdc]</x-tad-bigger>

<x-tad-bigger> profile = /usr/krb5-1.3.6/src/config-files/kdc.conf</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>[domain_realm]</x-tad-bigger>

<x-tad-bigger>        .restore.com = RESTORE.COM</x-tad-bigger>

<x-tad-bigger>         restore.com = RESTORE.COM</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>[logging]</x-tad-bigger>

<x-tad-bigger>#       kdc = CONSOLE</x-tad-bigger>

<x-tad-bigger> default = FILE:/var/log/krb5libs.log</x-tad-bigger>

<x-tad-bigger> kdc = FILE:/var/log/krb5kdc.log</x-tad-bigger>

<x-tad-bigger> admin_server = FILE:/var/log/kadmind.log</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>[appdefaults]</x-tad-bigger>

<x-tad-bigger> pam = {</x-tad-bigger>

<x-tad-bigger>   debug = true</x-tad-bigger>

<x-tad-bigger>   ticket_lifetime = 36000</x-tad-bigger>

<x-tad-bigger>   renew_lifetime = 36000</x-tad-bigger>

<x-tad-bigger>   forwardable = true</x-tad-bigger>

<x-tad-bigger>   krb4_convert = false</x-tad-bigger>

<x-tad-bigger> }</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>

<x-tad-bigger>Regards,</x-tad-bigger>

<x-tad-bigger>Chandana</x-tad-bigger>

<x-tad-bigger> </x-tad-bigger>DISCLAIMER:
This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux