Morning,
I'm having problems getting winbind auth working.
My end goal is to setup Samba 4 as a Domain member on our AD domain, and give AD groups access to shares without requiring AIX account creation.
The samba setup itself looks ok, I've added the machine to the domain and as you can see below the wbinfo commands are working as expected.
S922:/etc# wbinfo -n testuserS-1-5-21-2052111302-1637723038-682003330-2625 SID_USER (1)S922:/etc# wbinfo -S S-1-5-21-2052111302-1637723038-682003330-26251102625S922:/etc# wbinfo -i DOMAIN\\testuserDOMAIN\\testuser:*:1102625:1100513:user, test:/home/testuser:/bin/bashIt's AIX 7.2 TL5 SP2
S922:/etc# oslevel -s7200-05-02-2114And I have the following packages installed.
S922:/etc# rpm -qa |grep sambasamba-client-4.14.4-2.ppcsamba-libs-4.14.4-2.ppcsamba-winbind-krb5-locator-4.14.4-2.ppcsamba-test-libs-4.14.4-2.ppcsamba-winbind-devel-4.14.4-2.ppcsamba-pidl-4.14.4-2.ppcsamba-devel-4.14.4-2.ppcsamba-winbind-4.14.4-2.ppcsamba-winbind-clients-4.14.4-2.ppcsamba-common-4.14.4-2.ppcsamba-4.14.4-2.ppcsamba-test-4.14.4-2.ppcsamba-python3-4.14.4-2.ppcS922:/etc#I can not get lsuser -R to work it always returns invalid option. Setup is below. Did I miss something, any suggestions on how to diagnose/etc?
S922:/etc# lsuser -R WINBIND testuserInvalid -R option "WINBIND"S922:/opt/freeware/lib# ls -l /usr/lib/security/WINBINDlrwxrwxrwx 1 root system 28 Sep 10 10:06 /usr/lib/security/WINBIND -> /opt/freeware/lib/WINBIND.soS922:/opt/freeware/lib# ls -l /opt/freeware/lib/WINBIND.so-rwxr-xr-x 1 root system 28153 Jun 18 12:41 /opt/freeware/lib/WINBIND.soS922:/opt/freeware/lib# ldd /opt/freeware/lib/WINBIND.so/opt/freeware/lib/WINBIND.so needs:/opt/freeware/lib/samba/libwinbind-client-samba4.so/opt/freeware/lib/samba/libreplace-samba4.so/usr/lib/libc.a(shr.o)/usr/lib/librtl.a(shr.o)/usr/lib/libbsd.a(shr.o)/usr/lib/libpthreads.a(shr_xpg5.o)/unix/usr/lib/libcrypt.a(shr.o)/usr/lib/libpthreads.a(shr_comm.o)S922:/etc# ls -l /usr/lib/security/methods.cfglrwxrwxrwx 1 root security 16 Jul 13 18:52 /usr/lib/security/methods.cfg -> /etc/methods.cfgS922:/etc# ls -l /etc/methods.cfg-rw-r--r-- 1 root security 1754 Sep 10 10:36 /etc/methods.cfgS922:/etc# cat /etc/methods.cfgWINBIND:program = /usr/lib/security/WINBINDNIS:program = /usr/lib/security/NISprogram_64 = /usr/lib/security/NIS_64DCE:program = /usr/lib/security/DCES922:/etc# grep -p default: /etc/security/userdefault:admin = falselogin = truesu = truedaemon = truerlogin = truesugroups = ALLadmgroups =ttys = ALLauth1 = SYSTEMauth2 = NONEtpath = nosakumask = 022expires = 0SYSTEM = "compat or WINBIND"registry = WINBINDlogintimes =pwdwarntime = 0account_locked = falseloginretries = 0histexpire = 0histsize = 0minage = 0maxage = 0maxexpired = -1minalpha = 0minloweralpha = 0minupperalpha = 0minother = 0mindigit = 0minspecialchar = 0minlen = 0mindiff = 0maxrepeats = 8dictionlist =pwdchecks =default_roles =
Thanks,
Nick.
------------------------------
Nicholas Flintham
------------------------------