I have installed following packages from perzl
samba-winbind-clients-3.6.22-1
samba-client-3.6.22-1
samba-domainjoin-gui-3.6.22-1
samba-winbind-devel-3.6.22-1
samba-3.6.22-1
samba-common-3.6.22-1
samba-winbind-krb5-locator-3.6.22-1
samba-doc-3.6.22-1
samba-swat-3.6.22-1
samba-winbind-3.6.22-1
libsmbclient-3.6.22-1
libsmbclient-devel-3.6.22-1
but I only find this files under /opt/freeware/lib/security :
# pwd
/opt/freeware/lib/security
# ls -al
total 6624
drwxr-xr-x 2 root system 256 Sep 19 08:51 .
drwxr-xr-x 15 root system 8192 Sep 19 08:51 ..
-rwxr-xr-x 1 root system 3225482 Dec 10 2013 pam_smbpass.so
-rwxr-xr-x 1 root system 155064 Dec 10 2013 pam_winbind.so
WINBIND module is missing and I have executed a find command for WINBIIND and is not located at any path.
I can join the Domain correctly and wbinfo �u works but I can not access any shares , I guess it is because I�m missing that module.
check_ntlm_password: Authentication for user [XXXXXX] -> [XXXXXX] FAILED with
error NT_STATUS_NO_SUCH_USER
Since you have wbinfo I dont believe its missing...
Have you configured correctly kerberos, smb.conf, methods.conf?
Have you tried the other options of wbinfo? Have you looked in the logs?
but I execute find / -name WINBIND and I can not find anything.
methods.cfg :
WINBIND:
program = /usr/lib/security/WINBIND
LDAP:
program = /usr/lib/security/LDAP
program_64 = /usr/lib/security/LDAP64
NIS:
program = /usr/lib/security/NIS
program_64 = /usr/lib/security/NIS_64
DCE:
program = /usr/lib/security/DCE
PAM:
program = /usr/lib/security/PAM
kerberos and smb.conf are correct , I have another aix 5.3 machines working fine .
I can get a ticket with kerberos:
kinit user
asks for password and then I get sucess messages :
Done!
New ticket is stored in cache file //krb5cc_root
This is my smb.conf :
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
server string = Samba server
security = ADS
log file = /var/log/samba/log.%m
dos filetime resolution = yes
debug level = 2
max log size = 1000
winbinduid = 30000-40000
winbindgid = 30000-40000
winbind enum users = Yes
winbind enum groups = Yes
winbind separator = +
winbind use default domain = Yes
winbind nested groups = No
read only = No
lock directory = /var/locks/samba
socket options = TCP_NODELAY
allow trusted domains = no
panic action = "/usr/bin/sleep 90000"
nmbd bind explicit broadcast = no
[TMP]
comment = TMP
path = /tmp
valid_users = "MYDOMAIN+myuser"
When I try to access TMP share with my user I get a login window and I can not access even setting user and password.
i get this message in the log file :
[2014/09/19 12:33:30.507018, 2] auth/auth.c:319(check_ntlm_password)
check_ntlm_password: Authentication for user [myuser] -> [myuser] FAILED with error NT_STATUS_NO_SUCH_USER
Ive been also able to generate a ticket for a user on my aix that is not known in the AD...
Then this is client side, what about the smb.conf or it equivalent in WINDOWS? who does it allow to mount?
sorry , I did not explain it correctly .
The ticket is created in the aix client machine with a windows user , I execute :
> kinit myuser
Password for myuser@MYDOMAIN.COM:
I type windows passwdor and then
Done!
New ticket is stored in cache file //krb5cc_root
So aix client's kerberos configuration with windows domain controller is Ok.
what you mean for smb.conf equivalent in windows?
Samba is configured for windows authentication so the domain controller is supposed to allow access to the share.
I'm going to try to find any messages in the windows dc.
but I still do not understand if samba installation has gone Ok why can not find WINBIND module in the aix client...
because I have no more AIX smb servers since last year and cant remember all but I think there was winbind stuff but lowercase in my mind like winbindd...