Re: [Samba] Winbind on AIX 5.2
Hi! Ee are using samba/winbind authing agains w2k3 AD native mode we hade to modify the winbind_nss_aix so it works with AIX and build a new WINBINDD and creates the home dir in /home/%D/%U We have about 900 users on the AIX box authing against AD :) // Anders On Wed, Feb 23, 2005 at 05:04:30PM -0600, [EMAIL PROTECTED] wrote: Has anyone had luck getting Winbind from Samba 3.0.11 to compile and authenticate users telnetting (or ssh'ing) into an AIX lpar? If so, what'd you do? :) I've compiled kerberos and openldap, both installed. Able to run the configure script for Samba, pointing LDFLAGS and related to the correct location for the openldap libraries. I've been unable to get Samba compiled correctly when adding --with-pam to the configure script though. I've followed the instructions in the Samba docs and placed lines in /usr/lib/security/methods.cfg as well as changing the SYSTEM line in /etc/security/user. wbinfo -u shows the domain users. wbinfo --authenticate=user%password indicates that the user could be authenticated in the domain. Still can't telnet into the server. The syslog says something to the effect of authentication denied for UNKNOWN_USER from ip. A pam problem perhaps? The winbindd log has errors such as Illegal multibyte sequence too. Any hints, pointers, etc from someone who has this working would be appreciated. I've just about googled everything I could think of at this point. The goal is to be able to use active directory to store and manage all user information and not have to do any of that on the lpar itself. Thanks for any help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dependent module libiconv.a (libiconv.so.2) could not be loaded. .......error starting smbd on AIX v5.1
Hi! hope u arelady solved it but u need to install libiconv and point that out with configure with samba. // Anders On Thu, Aug 26, 2004 at 12:26:50PM +0300, Eli Kirzner wrote: Hi, My name is Eli Kirzner and I confront the same problem you described. Have you managed to resolve it ? If yes be so kind and let me know how ,Please. Thaks in advance. Eli Kirzner 972-4-8296390 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] wb_getgrgid: failed to locate gid == 10002
Hi! samba 3.0.6 AIX 5.1 ML5 AD 2003 native mode I have big problems to get AIX auth against a AD with winbind The problem is the primary grouplookup idefix#lsuser adminanla adminanla id=1 pgrp=Domain Users idefix#id adminanla uid=1(adminanla) gid=1 [2004/07/22 16:20:13, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124) [13174]: getpwnam adminanla [2004/07/22 16:20:13, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(124) [13174]: getpwnam adminanla [2004/07/22 16:20:13, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(348) [13174]: getgrgid 1 [2004/07/22 16:20:13, 4] nsswitch/winbindd_acct.c:wb_getgrgid(544) wb_getgrgid: failed to locate gid == 1 if we have less than 1000 users in the domain then the id works but i get same error with wb_getgrgid: failed wbinfo -a adminanla%password works im stuck with this problem there are no problem at all in a Linux box with pam Regards Anders -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating UNIX Cluster with Active Directory
Hi! we are using samba/winbind in a AIX HACMP and that works very well, autning against 2003 server. And we are using the node name so the package can do a failover and users can access same home dir's. Regards Anders On Mon, Aug 02, 2004 at 06:19:35PM +0100, Hodder, Keith wrote: Hi All, We're running Samba 3.0.2 on Solaris and have successfully implemented a number of samba servers authenticating with Active Directory. I now have a requirement to try and implement a samba service using Active Directory authentication within a two-node Veritas Cluster 3.5 environment. My aim is to have the users access the samba share not by the individual cluster node names, but by the clusters Virtual Nodename (the nodename that moves between the cluster nodes). I'm not bothered about heavily integrating Samba itself within the cluster, the logistics of the solution have all been sorted out. It is purely the authentication process that I don't know how to achieve i.e. how to go about registering a virtual ip address with active directory so that no matter which cluster node has possesion of the virtual interface, the users can still access the share without changing anything. Many Thanks, Keith. Senior Technical Analyst (Solaris) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind on AIX
Great that it works We have modified the winbind_nss_aix.c so it make homedirs in /home/%D/%u and copy in a .profile Regards Anders On Wed, Jul 21, 2004 at 01:57:21PM +0200, Stephane DAVY wrote: Hi, Thanks for the tip, it works better now. Not perfectly, but I think we have to fix a few things on our DC Regards, Le mar 20/07/2004 à 15:54, Anders Larsson a écrit : Hi! yes we are using samba/winbind as auth against AD 2003 server u need to join your domain ner join -U username%password and then wbinfo -set-auth-user=username%pass and modify methods and modify /etc/security/user default: SYSTEM = WINBIND or compat and conf your smb.conf for winbind Regards Anders On Tue, Jul 20, 2004 at 02:26:48PM +0200, Stephane DAVY wrote: Deal all, I'd like to use winbind capabilities on AIX servers (AIX 4.3.3 and AIX 5.2). In particular, I'd like to define share access based on NT group. I think I've successfully setup my Samba suite, I've entered my AIX box in my NT domain and playing with wbinfo (-t, or -a user%passwd) works fine. As told in the documentation, I've copied the WINBIND module under /usr/lib/security, and modify the methods.cfg file like that: WINBIND: program = /usr/lib/security/WINBIND and... it doesn't work. Does some of you have some experience with the AIX plateform? Thanks a lot -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] AIX winbind auth AD 2003 gid problem
Hi! We have a production cluster AIX 5.1 (HACMP) with Samba (2.99 alpha) as auth today, it handles aroud 800-900 users, we have no local users on the box except the one that must be there... But now we need to uppgrade. Now im testing the 3.0.4 I have manged to get samba to work in a native mode AD. with one domain the problem is when i try to use the production domain, thats runs in mixed mode and having ROOT\ and JLL\ and 2 netbios names jll.jllad.se = JLL jllad.se = ROOT from wbinfo -g |grep Domain Users ROOT\Domain Users Domain Users should this be any problem ? i dont think so. The gid that is the problem is the primary group in this case Domain Users all other groups works I have tried to change to another Doamin group as primary and then i get same problmem. This is running in a AIX 5.1 with ml5 uid=1(xanla) gid=1 groups=10001(GG_kovis_user),10002(GG_Helpdesk),10003(GG_Siss_2000),10004(GG_Siss) wb_getgrgid: failed to locate gid == 1 wbinfo --gid-to-sid=1 S-1-5-21-1458514816-1055937895-1845911597-513 and in group_mapping UNIXGROUP/S-1-5-21-1057440853-1614694893-2568930014-513 Domain Users is this ok should'nt they match ? I hope someone can help me out... Regards Anders I cant find why i cant get the gid thats is primary on ms 2003 server -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problem with ldap and Windows 2003 server
Hi! This is a AIX 5.1 with samba 3.0.4 I have added this line to smb.conf passdb backend = ldapsam:ldap://testad.test.local/ #idmap backend = ldap:ldap://testad.test.local ldap idmap suffix = ou=Idmap,dc=test,dc=local ldap suffix = dc=test,dc=local idmap uid = 4-5 idmap gid = 4-5 ldap passwd sync = only ldap admin dn = cn=administrator,ou=Users,dc=test,dc=local ldap user suffix = ou=User ldap group suffix = cn=Groups ldap machine suffix = cn=Computers # ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ##(objectclass=sambaSamAccount)) ldap delete dn = no ldap port = 389 ldap ssl = off i have set the smbpasswd -w for the user administrator openldap works ldapsearch -h 10.5.0.49 -x -D cn=adminanla,cn=Users,dc=test,dc=local -w password -b dc=test,dc=local # search result search: 2 result: 4 Size limit exceeded # numResponses: 16 # numEntries: 12 # numReferences: 3 this is the errors i get idefix# smbpasswd -D 5 xanla Netbios name list:- my_netbios_names[0]=IDEFIX Trying to load: ldapsam:ldap://testad.test.local/ Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend guest Successfully added passdb backend 'guest' Attempting to find an passdb backend to match ldapsam:ldap://testad.test.local/ (ldapsam) Found pdb backend ldapsam Searching for:[((objectClass=sambaDomain)(sambaDomainName=IDEFIX))] smbldap_search: base = [dc=test,dc=local], filter = [((objectClass=sambaDomain)(sambaDomainName=IDEFIX))], scope = [2] smbldap_open_connection: connection opened failed to bind to server with dn= cn=administrator,ou=Users,dc=test,dc=local Error: Can't contact LDAP server (unknown) Connection to LDAP Server failed for the 1 try! and then it retries... I dont get it :) what have i missed // Anders -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba