Hello, When I log into the system with ssh my template home/shell works fine. I am on the system and can move about. However, my windows groups other than domain user are unknown to the system (i.e., if I type id, it returns just my uid and one group (domain user). Consequently, I cannot access directories set up to give access to particular groups that user belongs to on the windows side. However, if I log in as, for example, mylogin, and then I type su mylogin and enter the password, the id commands nicely shows my windows groups. Is there something I can do so that the initial login and run of id shows all my windows groups? Why is this happening? Is there some kind of preexec something or other I can do that just makes all logins su to themselves? I tried making a netlogin sction and having it run root preexec su %U, but that did not seem to work.
Bill, Could you review these when you get a chance? Thanks.
(In reply to comment #0) Are you using trying to use WINBIND in /usr/lib/secuity/methods.cfg?
Created attachment 1769 [details] How I configured samba
(In reply to comment #3) > Created an attachment (id=1769) [edit] > How I configured samba Yes, I am using WINBIND in /usr/lib/security/methods.cfg.
(In reply to comment #4) > (In reply to comment #3) > > Created an attachment (id=1769) [edit] > > How I configured samba > Yes, I am using WINBIND in /usr/lib/security/methods.cfg. Is this still a problem for you? If so, what version of AIX are you using. I have a PMR open on lsuser with AIX 5.3 and WINBIND. AIX 5.2 is fine. Bill
I still have the problem on aix 5.2 systems. It is silly, but I put in my user's .profile an su - myuser. This is not an ideal solution at all. You are saying that you have a pmr open on this. Is the issue related to a bug in lsuser instead of with samba?
(In reply to comment #6) > I still have the problem on aix 5.2 systems. It is silly, but I put in my > user's .profile an su - myuser. This is not an ideal solution at all. You are > saying that you have a pmr open on this. Is the issue related to a bug in > lsuser instead of with samba? David, Apologies for this long delay. Is this still a problem for you and have you tried the binaries for AIX on the Samba site? Cheers, Bill
No, I could not use the binaries because I needed to use winbind/rid/kerberos/ldap and the binaries do not have those options. The problem still exists.
David, Are you sure those don't exist? I built those and made certain that AD support was complete. Can you tell me what's missing? These are the libs that should be present in the package (which I get from my 5.3 box running the same code): [xpdev:/opt/pware/samba/3.0.23d] # find . -name \*.so ./lib/vfs/recycle.so ./lib/vfs/audit.so ./lib/vfs/extd_audit.so ./lib/vfs/full_audit.so ./lib/vfs/netatalk.so ./lib/vfs/fake_perms.so ./lib/vfs/default_quota.so ./lib/vfs/readonly.so ./lib/vfs/cap.so ./lib/vfs/expand_msdfs.so ./lib/vfs/shadow_copy.so ./lib/idmap/rid.so ./lib/idmap/ad.so ./lib/charset/CP850.so ./lib/charset/CP437.so ./lib/auth/script.so ./lib/libsmbclient.so ./lib/libmsrpc.so [xpdev:/opt/pware/samba/3.0.23d] # find . -name WINBIND ./lib/WINBIND [xpdev:/opt/pware/samba/3.0.23d] # Let me know how I can help further. Can you conform the ad.so and rid.so? Bill
I do not see ./lib/pam_winbind.so.
(In reply to comment #10) > I do not see ./lib/pam_winbind.so. Alrighty then! :-) Please go to ftp://ftp.hvcc.edu/pub/pware/aix52/ and get the latest 23d I just wrapped up. Thanks to you I found out I was missing a few required dependencies. Please let mw know how you make out. Also note I moved the WINBIND to lib/security with pam_winbind.so. Cheers, Bill
Bill's AIX packaging issues. He says it should be fixed now.