我想要在 AIX 中進行 winbind 身份驗證。森巴舞效果很好:
wbinfo -g
cert publishers
dnsadmins
domain guests
group policy creator owners
domain computers
allowed rodc password replication group
domain controllers
domain users
ras and ias servers
denied rodc password replication group
read-only domain controllers
domain admins
enterprise read-only domain controllers
schema admins
enterprise admins
dnsupdateproxy
wbinfo -i user 也可以運作
wbinfo -i myuser
myuser:*:10003:10000::/home/myuser:/opt/freeware/bin/bash
我已經以這種方式配置了身份驗證我以這種方式修改文件 /etc/security/users
system = "compat or WINBIND"
我還修改了 /usr/lib/security/methods.cfg
WINBIND:
program = /opt/freeware/lib/WINBIND.so
program_64 = /opt/freeware/lib/WINBIND.so
NIS:
program = /usr/lib/security/NIS
program_64 = /usr/lib/security/NIS_64
DCE:
program = /usr/lib/security/DCE
所有命令都有效(ssh、lsuser、id 等),但在 shell 提示符號中我得到
對於非 winbind 用戶
nonwinbinduser@aix:~$
對於 winbind 用戶
I have no name!@aix:~$
我想念什麼?
答案1
找到解決方案。配置正確。但是AIX是64位元作業系統(至少我的系統啟動時使用64位元內核,而Samba僅編譯為32位元(原文如此!)所以解決方案是找到為Aix 64位元編譯的Samba套件,否則除非執行Aix,否則uid無法翻譯具有 32 位元內核。
證據
ls32 -ld /home/myuser/
drwxr-xr-x 3 myuser domain u 4096 25 nov 03.07 /home/myuser/
ls -ld /home/myuser/
drwxr-xr-x 3 10003 10000 4096 nov 25 03:07 /home/myuser//
另一個證明
id_32 anotheruser
uid=10005(anotheruser) gid=10016(domain users) groups=10016(domain users)
id_64 anotheruser
id_64: ‘anotheruser’: no such user
id anotheruser
id_64: ‘anotheruser’: no such user