AIX Open Source

Samba 4 Winbind issue.

  • 1.  Samba 4 Winbind issue.

    Posted Fri September 10, 2021 09:21 AM
    Morning,

    I'm having problems getting winbind auth working. 

    My end goal is to setup Samba 4 as a Domain member on our AD domain, and give AD groups access to shares without requiring AIX account creation.
    The samba setup itself looks ok, I've added the machine to the domain and as you can see below the wbinfo commands are working as expected.

    S922:/etc# wbinfo -n testuser
    S-1-5-21-2052111302-1637723038-682003330-2625 SID_USER (1)

    S922:/etc# wbinfo -S S-1-5-21-2052111302-1637723038-682003330-2625
    1102625

    S922:/etc# wbinfo -i DOMAIN\\testuser
    DOMAIN\\testuser:*:1102625:1100513:user, test:/home/testuser:/bin/bash

    It's AIX 7.2 TL5 SP2

    S922:/etc# oslevel -s
    7200-05-02-2114

    And I have the following packages installed.

    S922:/etc# rpm -qa |grep samba
    samba-client-4.14.4-2.ppc
    samba-libs-4.14.4-2.ppc
    samba-winbind-krb5-locator-4.14.4-2.ppc
    samba-test-libs-4.14.4-2.ppc
    samba-winbind-devel-4.14.4-2.ppc
    samba-pidl-4.14.4-2.ppc
    samba-devel-4.14.4-2.ppc
    samba-winbind-4.14.4-2.ppc
    samba-winbind-clients-4.14.4-2.ppc
    samba-common-4.14.4-2.ppc
    samba-4.14.4-2.ppc
    samba-test-4.14.4-2.ppc
    samba-python3-4.14.4-2.ppc
    S922:/etc#

    I can not get lsuser -R to work it always returns invalid option. Setup is below. Did I miss something, any suggestions on how to diagnose/etc?

    S922:/etc# lsuser -R WINBIND testuser
    Invalid -R option "WINBIND"

    S922:/opt/freeware/lib# ls -l /usr/lib/security/WINBIND
    lrwxrwxrwx 1 root system 28 Sep 10 10:06 /usr/lib/security/WINBIND -> /opt/freeware/lib/WINBIND.so

    S922:/opt/freeware/lib# ls -l /opt/freeware/lib/WINBIND.so
    -rwxr-xr-x 1 root system 28153 Jun 18 12:41 /opt/freeware/lib/WINBIND.so

    S922:/opt/freeware/lib# ldd /opt/freeware/lib/WINBIND.so
    /opt/freeware/lib/WINBIND.so needs:
    /opt/freeware/lib/samba/libwinbind-client-samba4.so
    /opt/freeware/lib/samba/libreplace-samba4.so
    /usr/lib/libc.a(shr.o)
    /usr/lib/librtl.a(shr.o)
    /usr/lib/libbsd.a(shr.o)
    /usr/lib/libpthreads.a(shr_xpg5.o)
    /unix
    /usr/lib/libcrypt.a(shr.o)
    /usr/lib/libpthreads.a(shr_comm.o)

    S922:/etc# ls -l /usr/lib/security/methods.cfg
    lrwxrwxrwx 1 root security 16 Jul 13 18:52 /usr/lib/security/methods.cfg -> /etc/methods.cfg

    S922:/etc# ls -l /etc/methods.cfg
    -rw-r--r-- 1 root security 1754 Sep 10 10:36 /etc/methods.cfg

    S922:/etc# cat /etc/methods.cfg

    WINBIND:
    program = /usr/lib/security/WINBIND

    NIS:
    program = /usr/lib/security/NIS
    program_64 = /usr/lib/security/NIS_64

    DCE:
    program = /usr/lib/security/DCE

    S922:/etc# grep -p default: /etc/security/user
    default:
    admin = false
    login = true
    su = true
    daemon = true
    rlogin = true
    sugroups = ALL
    admgroups =
    ttys = ALL
    auth1 = SYSTEM
    auth2 = NONE
    tpath = nosak
    umask = 022
    expires = 0
    SYSTEM = "compat or WINBIND"
    registry = WINBIND
    logintimes =
    pwdwarntime = 0
    account_locked = false
    loginretries = 0
    histexpire = 0
    histsize = 0
    minage = 0
    maxage = 0
    maxexpired = -1
    minalpha = 0
    minloweralpha = 0
    minupperalpha = 0
    minother = 0
    mindigit = 0
    minspecialchar = 0
    minlen = 0
    mindiff = 0
    maxrepeats = 8
    dictionlist =
    pwdchecks =
    default_roles =

    Thanks,

    Nick.

    ------------------------------
    Nicholas Flintham
    ------------------------------