FW: Samba configuration on AIX 5.2

Chandana.Varsha at iflexsolutions.com Chandana.Varsha at iflexsolutions.com
Tue Mar 1 06:56:52 UTC 2005


Hi all,

 

I am trying to configure Samba with ADS integration on AIX 5.2.

 

I am able to join to windows Domain and able to fetch list of windows
domain users with the command

/usr/local/samba/bin/wbinfo -u and also the groups with
usr/local/samba/bin/wbinfo -u .

I have added the below line methods.cfg

 

WINBIND

        program = /usr/lib/security/WINBIND

        options = authonly

 

I am unable to login to the Aix server using credentials of Domain user.

 

This process does not give any significant error in  winbindd.log .

 

I am looking for the steps that need to be followed on the PAM / krb
side to be able to login to AIX

Server with the windows domain user credentials

 

Here are my smb.conf and krb5.

Any help on this would be great.

 

Smb.conf

 

[global]

 

        workgroup = restore

        server string = Samba Server

        log file = /var/log/samba/%m.log

        max log size = 50

        security =  ADS

        realm = restore.com

        password server =  10.80.0.120

 

# Winbind config.###################################

        winbind separator = #

        idmap uid = 10000-20000

        idmap gid = 10000-20000

        winbind cache time = 15

        winbind enum users = yes

        winbind enum groups = yes

        template homedir = /home/%D/%U

        template shell = /bin/bash

        winbind use default domain = yes

 

[homes]

        comment = Home Directories

        browseable = no

        writeable = yes

        create mask = 0640

 

krb5.conf

 

[libdefaults]

        default_realm = RESTORE.COM

        ticket_lifetime = 24000

        dns_lookup_realm = true

        dns_lookup_kdc = true

        krb4_config = /usr/krb5-1.3.6/src/config-files/krb.conf

 

[realms]

        RESTORE.COM  = {

                admin_server = mailsrvr.restore.com

                kdc = mailsrvr.restore.com

                default_domain = RESTORE.COM

        }

 

 

[kdc]

 profile = /usr/krb5-1.3.6/src/config-files/kdc.conf

 

[domain_realm]

        .restore.com = RESTORE.COM

         restore.com = RESTORE.COM

 

[logging]

#       kdc = CONSOLE

 default = FILE:/var/log/krb5libs.log

 kdc = FILE:/var/log/krb5kdc.log

 admin_server = FILE:/var/log/kadmind.log

 

[appdefaults]

 pam = {

   debug = true

   ticket_lifetime = 36000

   renew_lifetime = 36000

   forwardable = true

   krb4_convert = false

 }

 

Regards,

Chandana 



DISCLAIMER:
This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20050301/525f800c/attachment.htm>


More information about the Pam-list mailing list