When I log into the system with ssh my template home/shell works fine. I am on the system and can move about. However, my windows groups other than domain user are unknown to the system (i.e., if I type id, it returns just my uid and one group (domain user). Consequently, I cannot access directories set up to give access to particular groups that user belongs to on the windows side. However, if I log in as, for example, mylogin, and then I type su mylogin and enter the password, the id commands nicely shows my windows groups. Is there something I can do so that the initial login and run of id shows all my windows groups? Why is this happening? Is there some kind of preexec something or other I can do that just makes all logins su to themselves? I tried making a netlogin sction and having it run root preexec su %U, but that did not seem to work.
Bill, Could you review these when you get a chance? Thanks.
(In reply to comment #0)
Are you using trying to use WINBIND in /usr/lib/secuity/methods.cfg?
Created attachment 1769 [details]
How I configured samba
(In reply to comment #3)
> Created an attachment (id=1769) 
> How I configured samba
Yes, I am using WINBIND in /usr/lib/security/methods.cfg.
(In reply to comment #4)
> (In reply to comment #3)
> > Created an attachment (id=1769) 
> > How I configured samba
> Yes, I am using WINBIND in /usr/lib/security/methods.cfg.
Is this still a problem for you? If so, what version of AIX are you using. I have a PMR open on lsuser with AIX 5.3 and WINBIND. AIX 5.2 is fine.
I still have the problem on aix 5.2 systems. It is silly, but I put in my user's .profile an su - myuser. This is not an ideal solution at all. You are saying that you have a pmr open on this. Is the issue related to a bug in lsuser instead of with samba?
(In reply to comment #6)
> I still have the problem on aix 5.2 systems. It is silly, but I put in my
> user's .profile an su - myuser. This is not an ideal solution at all. You are
> saying that you have a pmr open on this. Is the issue related to a bug in
> lsuser instead of with samba?
Apologies for this long delay. Is this still a problem for you and have you tried the binaries for AIX on the Samba site?
No, I could not use the binaries because I needed to use winbind/rid/kerberos/ldap and the binaries do not have those options. The problem still exists.
Are you sure those don't exist? I built those and made certain that AD support was complete. Can you tell me what's missing?
These are the libs that should be present in the package (which I get from my 5.3 box running the same code):
[xpdev:/opt/pware/samba/3.0.23d] # find . -name \*.so
[xpdev:/opt/pware/samba/3.0.23d] # find . -name WINBIND
Let me know how I can help further. Can you conform the ad.so and rid.so?
I do not see ./lib/pam_winbind.so.
(In reply to comment #10)
> I do not see ./lib/pam_winbind.so.
Alrighty then! :-)
Please go to ftp://ftp.hvcc.edu/pub/pware/aix52/ and get the latest 23d I just wrapped up. Thanks to you I found out I was missing a few required dependencies. Please let mw know how you make out. Also note I moved the WINBIND to lib/security with pam_winbind.so.
Bill's AIX packaging issues. He says it should be fixed now.