Winbind on AIX
This is pretty much functionally complete, the memory stuff seems OK and getgrset is implemented. The AIX API has a getgracct call, that returns the group struct without the list of members. Considering that some domain groups can be pretty big, doing getgr[nam|id] can take a while for those. Is there a wasy to get the struct group from winbind without the member list so I can implement this call? It isn't required, so I don't think implenting it by doing WINBINDD_GETGR[NAM|ID] and throwing away the member list is worth doing. I'd also love to hear from people who are willing to give this a spin. -Steve winbind_aix.c winbind_aix.c Description: Binary data
RE: Winbind on AIX
I haven't tried it with 2.2.8, I'd like to know if it works. winbind_aix.c should be in source/nsswitch and use this to build it: gcc -o WINBIND winbind_aix.c -lsys -lcsys -lc -I../include -I.. -Xlinker -bM:SRE -Xlinker -ewb_aix_init wb_common.o It should create the file WINBIND which you can put in /usr/lib/security. Thanks for trying it, Steve Roylance -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 26, 2003 2:44 PM To: Roylance, Stephen D. Cc: Samba-Technical (E-mail) Subject: Re: Winbind on AIX I'm trying to test this on AIX 4.3.3 ML 11 with Samba 2.2.8, but get an error when I try to compile it because I don't have winbind_client.h. What is this file? This is a wonderful thing you're doing. I would love to have windbind on my AIX boxes. Roylance, Stephen D. [EMAIL PROTECTED]@lists.samba.org on 03/26/2003 07:05:18 AM Sent by: [EMAIL PROTECTED] To:Samba-Technical (E-mail) [EMAIL PROTECTED] cc: Subject:Winbind on AIX This is pretty much functionally complete, the memory stuff seems OK and getgrset is implemented. The AIX API has a getgracct call, that returns the group struct without the list of members. Considering that some domain groups can be pretty big, doing getgr[nam|id] can take a while for those. Is there a wasy to get the struct group from winbind without the member list so I can implement this call? It isn't required, so I don't think implenting it by doing WINBINDD_GETGR[NAM|ID] and throwing away the member list is worth doing. I'd also love to hear from people who are willing to give this a spin. -Steve
winbind build/link question
I'm trying to use some of the functions in winbind_nss.c in my winbind_aix.c module. It compiles, but when I try to link it fill_pwent is unresolved. What do I need to link against in order to get fill_pwent and such from winbind_nss.c? I tried making nsswitch/winbind_nss.o and linking against that, but it still didn't resolve fill_pwent. I realize this is basic stuff that maybe I should be able to figure out from the Makefile, but it's an order of magnitude more complex than anything I've tried to work with before. Bear with me, I'm trying, Steve Roylance
working winbind for AIX
Still a work-in-progress, but this compiles and works as expected on AIX 5.1. I haven't implemented getgrset yet, the NSS API is pretty different from AIX in that case. It also needs a mechanism to allocate more memory when the winbind response is larger than 4096 bytes. I had to copy fill_pwent, fill_grent, next_token and get_static from winbind_nss.c because they currently IFDEF out on AIX because of the lack of NSS API (I think). Compile with: gcc -o WINBIND winbind_aix.c -lsys -lcsys -lc -I../include -I.. -Xlinker -bM:SRE -Xlinker -ewb_aix_init wb_common.o Feedback would be nice, does anybody other than me need this? -Steve winbind_aix.c Description: Binary data
RE: winbind build/link question
The fill_pwent function is static in winbind_nss.c You are probably trying to call it directly from your winbind_aix.c which won't work. Can winbind_aix.c be modelled like winbind_solaris.c? That is, wrapper functions abstract out the vendor specific nss stuff which then call the _nss_winbind_* functions. Tim. I am by no means an expert. I don't understand the nss api at all, and I only understand the AIX API from studying it over the past two weeks. Nss and AIX loadable auth modules seem very different. In AIX the module is responsible for allocating the memory for the result structures. The return value is a pointer to the result struct and failure is communicated by returning NULL. I'm not sure if it's possible to differentiate between failure because an object wasn't found and some other kind of failure. It appears to be less work to go from AIX-winbind rather than AIX-nss-winbind. I can probably make it cleaner/more efficient if I rewrite what fill_pwent/fill_grent do for AIX, because winbind_aix has to allocate the memory itself anyway. -Steve
Winbind on AIX, again, with some (very little) code this time
In my quest to get winbind working on AIX I've found IBM's documentation on the
AIX loadable auth module API here:
http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/kernextc/sec_l
oad_mod.htm#secloadmod6600bkm1
and also discovered that the PADL LDAP NSS project
((http://www.padl.com/OSS/nss_ldap.html)) has a working AIX LDAP auth module. I
started working on a winbind AIX module, it currently has no functionality, but
does build into a working module. There is a lot more to the API, but these 5
methods are the least required for a module that only supports identification.
Use the command: gcc -o WINBIND winbind_aix.c -lsys -lcsys -lc -Xlinker -bM:SRE
-Xlinker -ewb_aix_init to build
The file is winbind_aix.c:
#include stdlib.h
#include string.h
#include usersec.h
/* #include winbind_client.h */
static struct group *
wb_aix_getgrgid (gid_t gid)
{
/* take a group id and return a filled struct group */
return NULL;
}
static struct group *
wb_aix_getgrnam (const char *name)
{
/* take a group name and return a filled struct group */
return NULL;
}
static char *
wb_aix_getgrset (const char *user)
{
/* take a username and return a comma-separated list of groups names to which
the user belongs */
return NULL;
}
static struct passwd *
wb_aix_getpwuid (uid_t uid)
{
/* take a uid and return a filled struct passwd */
return NULL;
}
static struct passwd *
wb_aix_getpwnam (const char *name)
{
/* take a username and return a filled struct passwd */
return NULL;
}
int
wb_aix_init (struct secmethod_table *methods)
{
memset(methods, 0, sizeof(*methods));
/* identification methods */
methods-method_getgrgid = wb_aix_getgrgid;
methods-method_getgrnam = wb_aix_getgrnam;
methods-method_getgrset = wb_aix_getgrset;
methods-method_getpwnam = wb_aix_getpwnam;
methods-method_getpwuid = wb_aix_getpwuid;
/* support methods
methods-method_open = wb_aix_open;
methods-method_close = wb_aix_close;
*/
return AUTH_SUCCESS;
}
I'm struggling through winbind_nss.c and friends to attempt constructing
something like what winbind_nss_solaris.c does for Sun.
Thanks for looking,
Steve Roylance
FW: winbind on AIX
Hi, I posted this to the main Samba list, but didn't get any replies to my questions. I hope someone on the technical list can provide some insight. I apologize in advance if this mail is not appropriate for the technical list. -Steve Roylance -Original Message- From: Roylance, Stephen D. Sent: Tuesday, March 18, 2003 3:46 PM To: [EMAIL PROTECTED] Subject: winbind on AIX I'm trying to get Samba on AIX 5.1 to work in appliance-like mode. I would like NT domain users to get automatically and persistently mapped to AIX/Unix users. This stuff seemed to work fine without much effort on Solaris 9, but AIX is a different story, and I'm new to AIX as well. AIX 5.1 doesn't use nss so winbind, in its current form, can't work. I saw a post from January that indicated winbind needed to be re-expressed as an AIX 'loadable authentication module', can anyone tell me how much work that will be, and if there is anyone working on it? Can someone point me to information on how smbd and winbindd interact? How does smbd ask winbind to map a new NT user that hasn't been seen before? How does smbd access the mapping from NT sid to Unix uid, does it access winbind's database directly somehow? I don't need to be able to resolve the Unix uid's corresponding to windows users from Unix. It is OK that files on samba shares appear only with numeric uids from unix. Is there a mode where smbd interacts directly with winbind, avoiding going through the nss layer, which doesn't exist on AIX? I've tried both 2.2.8 and3-alpha22 with pretty similar results. I can configure and run winbindd, wbinfo works, but smbd won't authenticate NT users unless they map to existing Unix users already in the passwd file. Any guidance is appreciated, Steve Roylance P.S.- A couple minor issues w/ 3-alpha22 SWAT's http authentication doesn't seem to work correctly in 3-alpha22. I input a WINS server IP address and set WINS mode to 'client of another WINS server' on the wizard pane in swat. After I committed the changes the WINS server textbox contained a few high-ascii characters instead of the dotted-quad IP address. The IP address was correct in smb.conf, however.
