Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PB with SAMBA3 on AIX4.3.3 and AD W2K3

Status
Not open for further replies.

aixplorer

Technical User
Dec 29, 2006
2
FR
Hello world,
I try to add samba 3 on AIX 4.3.3-ML11 to windows 2003 AD (DNS,WINS) but i can't connect with a windows AD user on AIX telnet console. su commande work but telnet ftp failed.

My installation:

#install bos.adt.*

#installp rpm.rte

#rpm -ivh --nodeps *.rpm
autoconf-2.53-1.aix4.3.noarch.rpm
automake-1.5-1.aix4.3.noarch.rpm
bash-2.05a-1.aix4.3.ppc.rpm
bison-1.34-2.aix4.3.ppc.rpm
db-3.3.11-3.aix4.3.ppc.rpm
flex-2.5.4a-6.aix4.3.ppc.rpm
gawk-3.1.0-2.aix4.3.ppc.rpm
gettext-0.10.39-2.aix4.3.ppc.rpm
glib-1.2.10-2.aix4.3.ppc.rpm
glib-devel-1.2.10-2.aix4.3.ppc.rpm
glib2-2.2.1-3.aix4.3.ppc.rpm
glib2-devel-2.2.1-3.aix4.3.ppc.rpm
gzip-1.2.4a-7.aix4.3.ppc.rpm
libtool-1.4.2-1.aix4.3.ppc.rpm
m4-1.4-14.aix4.3.ppc.rpm
make-3.79.1-3.aix4.3.ppc.rpm
pkgconfig-0.15.0-1.aix4.3.ppc.rpm
rpm-3.0.5-30.aix4.3.ppc.rpm
sed-3.02-8.aix4.3.ppc.rpm
tar-1.13-4.aix4.3.ppc.rpm

#Install binutils.2.9.1

#Install gcc.3.3.4

#Update PATH and LD_LIBRARY_PATH
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/local/bin:/usr/local/sbin:/usr/local/samba/bin:/usr/local/samba/sbin:/usr/local/rs6000-ibm-aix4.2/bin:/usr/linux/bin
LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:/lib:/usr/local/rs6000-ibm-aix4.2/lib

KERBEROS krb5-1.3.5
#./configure --enable-dns --enable-dns-for-kdc --enable-dns-for-realm --disable-thread-support ac_cv_func_setutent=no
make
make install

OPENLDAP openldap-2.2.18
#./configure --disable-slurpd --disable-bdb --disable-slapd --without-threads
make depend
make
make install

SAMBA samba-3.0.23d
#./configure --with-winbind --with-ldap --with-ads --with-krb5=/usr/local
make
make install

--------------------------------------------------------------------------------

/etc/resolv.conf

domain psl.local
nameserver 10.98.176.181

#nslookup
Default Server: psl2k3
Address: 10.98.176.181

> 10.98.176.181
Server: psl2k3
Address: 10.98.176.181

> b50
Server: psl2k3
Address: 10.98.176.181

Name: b50.psl.local
Address: 10.98.176.156

--------------------------------------------------------------------------------

/etc/krb5.conf

[logging]
default = FILE:/var/log/krb5/libs.log
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/krb5/admin.log

[libdefaults]
default_realm = PSL.LOCAL
ticket_lifetime = 24000
forwardable = true
proxiable = true
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
PSL.LOCAL = {
kdc = PSL2K3
admin_server = PSL2K3
}

[domain_realm]
.psl.local= PSL.LOCAL
psl.local = PSL.LOCAL

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false

--------------------------------------------------------------------------------

/usr/local/samba/lib/smb.conf

[global]
workgroup = PSL
netbios name = B50
server string = AIX-4.3.3
security = ADS
realm = PSL.LOCAL
password server = PSL2K3
wins server = PSL2K3
client use spnego = yes
client signing = yes
encrypt passwords = yes
show add printer wizard = No
winbind use default domain = yes
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
use sendfile = Yes
ldap suffix = "dc=PSL,dc=LOCAL"
winbind cache time = 0
log level = 8
log file = /var/log/samba.log
max log size = 5000000
debug timestamp = yes
browseable = yes
obey pam restrictions = yes
auth methods = winbind

[homes]
comment = User Home
path = /home/%U
force group = %U
read only = No
browseable = yes

[tmp]
comment = tmp
path = /tmp
read only = No
browseable = yes
public = yes

--------------------------------------------------------------------------------

#kinit administrator
Password for administrator@PSL.LOCAL:
b50.psl.local / #klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@PSL.LOCAL

Valid starting Expires Service principal
12/29/06 10:20:53 12/29/06 20:20:57 krbtgt/PSL.LOCAL@PSL.LOCAL
renew until 12/30/06 10:20:53


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

--------------------------------------------------------------------------------

#net ads join -U administrator
administrator's password:
Using short domain name -- PSL
Joined 'B50' to realm 'PSL.LOCAL'

--------------------------------------------------------------------------------

/usr/local/etc/openldap/ldap.conf

HOST 10.98.176.181
BASE cn=Users,dc=PSL,dc=LOCAL
binddn cn=ldapuser,cn=Users, dc=PSL,dc=LOCAL
bindpw $Azert*
scope sub
ssl no

--------------------------------------------------------------------------------

#cp /path/to/samba-source/nsswitch/WINBIND /usr/lib/security

--------------------------------------------------------------------------------

/usr/security/method.cfg

WINBIND:
program = /usr/lib/security/WINBIND
options = authonly

--------------------------------------------------------------------------------

/etc/security/user

default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 =
tpath = nosak
umask = 022
expires = 0
SYSTEM = "WINDBIND"
logintimes =
pwdwarntime = 0
account_locked = false
loginretries = 0
histexpire = 0
histsize = 0
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
minother = 0
minlen = 0
mindiff = 0
maxrepeats = 8
dictionlist =
pwdchecks =

--------------------------------------------------------------------------------

Start SAMBA services

/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D
/usr/local/samba/sbin/winbindd

--------------------------------------------------------------------------------

#wbinfo -u
administrator
guest
krbtgt
aa
ldapuser

#wbinfo -g
BUILTIN\administrators
BUILTIN\users
domain computers
domain controllers
schema admins
enterprise admins
domain admins
domain users
domain guests
group policy creator owners
dnsupdateproxy

#wbinfo -i aa
aa:*:15012:15000:aa:/home/aa:/bin/bash

#wbinfo -a aa%passw0rd
plaintext password authentication succeeded
challenge/response password authentication succeeded

#mkdir /home/aa ; chown 15012:15000 /home/aa ; ls -l /home/aa
drwxr-xr-x 2 aa domain u 512 Dec 29 12:01 aa

#ls -l /bin/bash
lrwxrwxrwx 1 root system 27 Dec 18 15:33 /bin/bash -> ../../opt/freeware/bin/bash

#lsuser aa
aa id=15012 pgrp=domain users groups=15000,15003 home=/home/aa shell=/bin/bash gecos=aa login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2= umask=22 registry=WINBIND SYSTEM=WINDBIND logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=0 pwdchecks= dictionlist= fsize=2097151 cpu=-1 data=262144 stack=65536 core=2097151 rss=65536 nofiles=2000 roles=

#su - aa
bash-2.05a$ id
uid=15012(aa) gid=15000(domain users)

--------------------------------------------------------------------------------

su commande or telnet connection failed by telnet with user aa
login: aa
aa's Password:
3004-007 You entered an invalid login name or password.

#syslog.out
Dec 29 12:05:16 b50 su: BAD SU from aa to aa at /dev/pts/0
Dec 29 12:06:52 b50 syslog: pts/1: failed login attempt for aa from b50

If there is some little light on the black unix univers for help me to understand this problem.
thank's.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top