Bug 3550 - logon with ssh and id commands is sparse - su and id info correct
logon with ssh and id commands is sparse - su and id info correct
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.21b
Other AIX
: P3 major
: none
Assigned To: William Jojo
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-23 21:34 UTC by David Shapiro
Modified: 2007-04-03 23:30 UTC (History)
1 user (show)

See Also:


Attachments
How I configured samba (12.25 KB, text/plain)
2006-03-02 08:00 UTC, David Shapiro
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description David Shapiro 2006-02-23 21:34:37 UTC
Hello,

When I log into the system with ssh my template home/shell works fine. I am on the system and can move about.  However, my windows groups other than domain user are unknown to the system (i.e., if I type id, it returns just my uid and one group (domain user).  Consequently, I cannot access directories set up to give access to particular groups that user belongs to on the windows side.  However, if I log in as, for example, mylogin, and then I type su mylogin and enter the password, the id commands nicely shows my windows groups.  Is there something I can do so that the initial login and run of id shows all my windows groups?  Why is this happening?  Is there some kind of preexec something or other I can do that just makes all logins su to themselves?  I tried making a netlogin sction and having it run root preexec su %U, but that did not seem to work.
Comment 1 Gerald (Jerry) Carter 2006-03-01 08:37:46 UTC
Bill,  Could you review these when you get a chance?  Thanks.
Comment 2 William Jojo 2006-03-02 07:49:47 UTC
(In reply to comment #0)

Are you using trying to use WINBIND in /usr/lib/secuity/methods.cfg?
Comment 3 David Shapiro 2006-03-02 08:00:08 UTC
Created attachment 1769 [details]
How I configured samba
Comment 4 David Shapiro 2006-03-02 08:56:16 UTC
(In reply to comment #3)
> Created an attachment (id=1769) [edit]
> How I configured samba

Yes, I am using WINBIND in /usr/lib/security/methods.cfg.  
Comment 5 William Jojo 2006-05-04 15:26:14 UTC
(In reply to comment #4)
> (In reply to comment #3)
> > Created an attachment (id=1769) [edit]
> > How I configured samba
> Yes, I am using WINBIND in /usr/lib/security/methods.cfg.  

Is this still a problem for you? If so, what version of AIX are you using. I have a PMR open on lsuser with AIX 5.3 and WINBIND. AIX 5.2 is fine.

Bill
Comment 6 David Shapiro 2006-05-08 07:37:31 UTC
I still have the problem on aix 5.2 systems.  It is silly, but I put in my user's .profile an su - myuser.  This is not an ideal solution at all.  You are saying that you have a pmr open on this.  Is the issue related to a bug in lsuser instead of with samba?

Comment 7 William Jojo 2006-12-12 18:51:31 UTC
(In reply to comment #6)
> I still have the problem on aix 5.2 systems.  It is silly, but I put in my
> user's .profile an su - myuser.  This is not an ideal solution at all.  You are
> saying that you have a pmr open on this.  Is the issue related to a bug in
> lsuser instead of with samba?

David,

Apologies for this long delay. Is this still a problem for you and have you tried the binaries for AIX on the Samba site?

Cheers,

Bill
Comment 8 David Shapiro 2006-12-13 09:38:23 UTC
No, I could not use the binaries because I needed to use winbind/rid/kerberos/ldap and the binaries do not have those options.  The problem still exists.
Comment 9 William Jojo 2006-12-13 09:46:25 UTC
David,

Are you sure those don't exist? I built those and made certain that AD support was complete. Can you tell me what's missing?

These are the libs that should be present in the package (which I get from my 5.3 box running the same code):

[xpdev:/opt/pware/samba/3.0.23d] # find . -name \*.so
./lib/vfs/recycle.so
./lib/vfs/audit.so
./lib/vfs/extd_audit.so
./lib/vfs/full_audit.so
./lib/vfs/netatalk.so
./lib/vfs/fake_perms.so
./lib/vfs/default_quota.so
./lib/vfs/readonly.so
./lib/vfs/cap.so
./lib/vfs/expand_msdfs.so
./lib/vfs/shadow_copy.so
./lib/idmap/rid.so
./lib/idmap/ad.so
./lib/charset/CP850.so
./lib/charset/CP437.so
./lib/auth/script.so
./lib/libsmbclient.so
./lib/libmsrpc.so
[xpdev:/opt/pware/samba/3.0.23d] # find . -name WINBIND 
./lib/WINBIND
[xpdev:/opt/pware/samba/3.0.23d] # 


Let me know how I can help further. Can you conform the ad.so and rid.so?


Bill
Comment 10 David Shapiro 2006-12-13 10:29:00 UTC
I do not see ./lib/pam_winbind.so.  
Comment 11 William Jojo 2006-12-13 15:37:29 UTC
(In reply to comment #10)
> I do not see ./lib/pam_winbind.so.  

Alrighty then! :-)

Please go to ftp://ftp.hvcc.edu/pub/pware/aix52/ and get the latest 23d I just wrapped up. Thanks to you I found out I was missing a few required dependencies. Please let mw know how you make out. Also note I moved the WINBIND to lib/security with pam_winbind.so.

Cheers,

Bill
Comment 12 Gerald (Jerry) Carter 2007-04-03 23:30:37 UTC
Bill's AIX packaging issues.  He says it should be fixed now.