First, let me start off saying this is not spam. This is me trying to help out other AIX Admins with MS AD servers. If it is not applicable to you, someone else will find it useful.
As long as the "KDC" service is running on your AD server, these steps should work. There should be no additional configuration required on the Windows Active Directory servers by your Windows administrators (assuming you already have name matching AIX and Windows accounts). These steps work on AIX 7.1 and AIX 6.1. This configuration only authenticates an existing user's password. Each user still has to have their local AIX account created on each AIX box that matches their existing account already setup in Active Directory. As a side note, you do NOT have to set the local password. Just make sure the AD username and the local AIX user name match, like "user1" and "user1". Also, this is not an "all-or-nothing" change. Some users can authenticate from the Active Diretory server while others do not. Here is how to set it up:
Copy or install the following kerberos client filesets from the AIX 7.1 Expansion DVD
Use smitty to install those filesets
Run the following command to create the /etc/krb5/krb5.conf files. "adhost.domain.com" is the fully qualified hostname of your active directory server.
Update "[libdefaults]" section in /etc/krb5/krb5.conf. Change these lines:
... to this:
In the "KRB5" section of the /etc/methods.cfg, make the change below. The Windows AD server is not "kadmin" compliant but, for who knows what reason, the default value placed into the /etc/methods.cfg by the mkkrb5clnt is not recognized.
Setup "Kerberos 5" as a valid authentication type for AIX to use:
Change the authentication parameters for your local users to use KRB5files (Kerberos):
If you want users to go back to local authentication, use this:
This seems too easy for as much time as I put into figuring it out.
These 3 Users Gave Thanks to kah00na For This Post:
Hello, I asked this question in the AIX subforum but never received an answer, probably because the AIX forum is not that heavily trafficked. Anyway, here it is..
I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs... (9 Replies)
Hello,
I've configured an user authentication against Active Directory (Windows Server 2008 R2) on AIX V6 with LDAP. It works fine.
And here's my problem:
How can I control ldap user permissions on the local AIX machine?
E.g. an AD user should be able to write all files of local sys... (1 Reply)
Hi,
is that possible to login to solaris 11.1 authenticate with windows active directory? the user id is created in the windows active directory.
Environment:
Solaris 11.1
Windows 2012 Active Directory (3 Replies)
Hello folks, Please advise me what is the best way to authenticate Windows AD users against Linux machines.
Currently I am going to take a look of Vintela Authentication Services and please let me know if you have experience with VIntela.
Thanks in advance (1 Reply)
Hi. Ive recently upgraded Samba on an AIX server to Samba 4. The aim is to allow a specific group of Windows AD users to access some AIX file shares (with no requirement to enter passwords) - using AD to authenticate.
Currently I have:
Samba 4 installed ( and 3 daemons running)
Installed... (1 Reply)
I am running AIX 7.1 and currently we have samba 3.6.25 installed on the server. As it stands some AIX folders are shared that can be accessed by certain Windows users.
The problem is that since Windows 10 the guest feature no longer works so users have to manually type in their Windows login/pwd... (14 Replies)