我想要在 AIX 中进行 winbind 身份验证。桑巴舞效果很好:
wbinfo -g
cert publishers
dnsadmins
domain guests
group policy creator owners
domain computers
allowed rodc password replication group
domain controllers
domain users
ras and ias servers
denied rodc password replication group
read-only domain controllers
domain admins
enterprise read-only domain controllers
schema admins
enterprise admins
dnsupdateproxy
wbinfo -i user 也可以工作
wbinfo -i myuser
myuser:*:10003:10000::/home/myuser:/opt/freeware/bin/bash
我已经以这种方式配置了身份验证我以这种方式修改文件 /etc/security/users
system = "compat or WINBIND"
我还修改了 /usr/lib/security/methods.cfg
WINBIND:
program = /opt/freeware/lib/WINBIND.so
program_64 = /opt/freeware/lib/WINBIND.so
NIS:
program = /usr/lib/security/NIS
program_64 = /usr/lib/security/NIS_64
DCE:
program = /usr/lib/security/DCE
所有命令都有效(ssh、lsuser、id 等),但在 shell 提示符中我得到
对于非 winbind 用户
nonwinbinduser@aix:~$
对于 winbind 用户
I have no name!@aix:~$
我想念什么?
答案1
找到解决方案。配置正确。但是AIX是64位操作系统(至少我的系统启动时使用64位内核,而Samba仅编译为32位(原文如此!)所以解决方案是找到为Aix 64位编译的Samba套件,否则除非运行Aix,否则uid无法翻译具有 32 位内核。
证据
ls32 -ld /home/myuser/
drwxr-xr-x 3 myuser domain u 4096 25 nov 03.07 /home/myuser/
ls -ld /home/myuser/
drwxr-xr-x 3 10003 10000 4096 nov 25 03:07 /home/myuser//
另一个证明
id_32 anotheruser
uid=10005(anotheruser) gid=10016(domain users) groups=10016(domain users)
id_64 anotheruser
id_64: ‘anotheruser’: no such user
id anotheruser
id_64: ‘anotheruser’: no such user