Samba configuration on AIX 5.2

Max Campos lists at bridgeportsoftware.com
Tue Mar 1 17:32:38 UTC 2005


The configuration you've outlined below is for IBM's LAM (Loadable 
Authentication Modules), not PAM; so I'm not sure how much help you're 
going to get from this list.

That said, I'd try the following things to get your configuration 
working:

1) Add a ":" after the first WINBIND in methods.cfg  (this is the 
correct syntax)

2) Make sure that you set SYSTEM = "WINBIND" for whatever users you 
want to be authenticated by WINBIND in your /etc/security/user file  
(or "default" user)

3) RTFM about LAM and the config files.  AIX docs are available online 
from IBM.

Good luck.

- Max
(someone who has had the horrifying experience of writing a LAM module 
for AIX)

> I am trying to configure Samba with ADS integration on AIX 5.2.
>
>  
>
> I am able to join to windows Domain and able to fetch list of windows 
> domain users with the command
>
> /usr/local/samba/bin/wbinfo –u and also the groups with 
> usr/local/samba/bin/wbinfo –u .
>
> I have added the below line methods.cfg
>
>  
>
> WINBIND
>
>         program = /usr/lib/security/WINBIND
>
>         options = authonly
>
>  
>
> I am unable to login to the Aix server using credentials of Domain 
> user.
>
>  
>
> This process does not give any significant error in  winbindd.log .
>
>  
>
> I am looking for the steps that need to be followed on the PAM / krb 
> side to be able to login to AIX
>
> Server with the windows domain user credentials
>
>  
>
> Here are my smb.conf and krb5.
>
> Any help on this would be great.
>
>  
>
> Smb.conf
>
>  
>
> [global]
>
>  
>
>         workgroup = restore
>
>         server string = Samba Server
>
>         log file = /var/log/samba/%m.log
>
>         max log size = 50
>
>         security =  ADS
>
>         realm = restore.com
>
>         password server =  10.80.0.120
>
>  
>
> # Winbind config.###################################
>
>         winbind separator = #
>
>         idmap uid = 10000-20000
>
>         idmap gid = 10000-20000
>
>         winbind cache time = 15
>
>         winbind enum users = yes
>
>         winbind enum groups = yes
>
>         template homedir = /home/%D/%U
>
>         template shell = /bin/bash
>
>         winbind use default domain = yes
>
>  
>
> [homes]
>
>         comment = Home Directories
>
>         browseable = no
>
>         writeable = yes
>
>         create mask = 0640
>
>  
>
> krb5.conf
>
>  
>
> [libdefaults]
>
>         default_realm = RESTORE.COM
>
>         ticket_lifetime = 24000
>
>         dns_lookup_realm = true
>
>         dns_lookup_kdc = true
>
>         krb4_config = /usr/krb5-1.3.6/src/config-files/krb.conf
>
>  
>
> [realms]
>
>         RESTORE.COM  = {
>
>                 admin_server = mailsrvr.restore.com
>
>                 kdc = mailsrvr.restore.com
>
>                 default_domain = RESTORE.COM
>
>         }
>
>  
>
>  
>
> [kdc]
>
>  profile = /usr/krb5-1.3.6/src/config-files/kdc.conf
>
>  
>
> [domain_realm]
>
>         .restore.com = RESTORE.COM
>
>          restore.com = RESTORE.COM
>
>  
>
> [logging]
>
> #       kdc = CONSOLE
>
>  default = FILE:/var/log/krb5libs.log
>
>  kdc = FILE:/var/log/krb5kdc.log
>
>  admin_server = FILE:/var/log/kadmind.log
>
>  
>
> [appdefaults]
>
>  pam = {
>
>    debug = true
>
>    ticket_lifetime = 36000
>
>    renew_lifetime = 36000
>
>    forwardable = true
>
>    krb4_convert = false
>
>  }
>
>  
>
> Regards,
>
> Chandana
>
>  DISCLAIMER:
> This message contains privileged and confidential information and is 
> intended only for the individual named.If you are not the intended 
> recipient you should not disseminate,distribute,store,print, copy or 
> deliver this message.Please notify the sender immediately by e-mail if 
> you have received this e-mail by mistake and delete this e-mail from 
> your system.E-mail transmission cannot be guaranteed to be secure or 
> error-free as information could be 
> intercepted,corrupted,lost,destroyed,arrive late or incomplete or 
> contain viruses.The sender therefore does not accept liability for any 
> errors or omissions in the contents of this message which arise as a 
> result of e-mail transmission. If verification is required please 
> request a hard-copy version.
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 11241 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20050301/6ec1c716/attachment.bin>


More information about the Pam-list mailing list