Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Trouble with Kerberos/LDAP and AIX 6.1
Operating Systems AIX Trouble with Kerberos/LDAP and AIX 6.1 Post 302759083 by jgeiger on Monday 21st of January 2013 11:08:43 AM
Old 01-21-2013
IBM [Solved] Trouble with Kerberos/LDAP and AIX 6.1
The KRB5ALDAP compound load module is giving me fits. Everything looks like it should be working, but no.

Goal: Integrate AIX host with Active Directory using a KRB5ALDAP compound load module so that users can be created in AD and used in AIX, with unix attributes (registry values) being pulled from AD. Eliminate the need to manage user accounts on a per-server basis.

Issue: User attributes are visible with lsuser and returned with ldapsearch. Kerberos authentication shows successful at the domain controller, but a "permission denied" or "invalid login or password" message is displayed. Files can be chown-ed to the user accounts, but SU fails.

I attached a doc with the pertinent configs and troubleshooting steps. Since making that doc, I have also chased the enctype (switched to solely RC4) and the KVNO (tried 2, 3, 4). But no love.

Any help would be greatly appreciated.
AIX_KRB5ALDAP.txt (12.2 KB) 
 

10 More Discussions You Might Find Interesting

1. HP-UX

LDAP/Kerberos Issue

I am getting the following error message when trying to login to the client: while verifying tgt If I move the /etc/krb5.keytab out of /etc, it works fine. This is HP-UX v23 Does anyone have any ideas? (1 Reply)
Discussion started by: dhernand
1 Replies

2. AIX

ldap for aix

hello i look for a ldap for Aix, do know it ? thank you (0 Replies)
Discussion started by: pascalbout
0 Replies

3. UNIX for Advanced & Expert Users

ldap+samba+gdm trouble

I'm having troubles setting up a client(with Ubuntu 8.10) for a ldap+samba server. I can't authenticate through the client with gdm, the messages I have in /etc/auth.log at the client is Dec 4 14:21:56 myuser-mydesktop gdm: nss_ldap: failed to bind to LDAP server ldap://192.168.0.1: Invalid... (5 Replies)
Discussion started by: capibolso
5 Replies

4. AIX

Kerberos and LDAP Auth

Good day I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right. When I ran kinit username I get a ticket and I can display it using klist. When the user login I can see the ticket request on Windows 2003, but the user... (1 Reply)
Discussion started by: mariusb
1 Replies

5. UNIX for Advanced & Expert Users

Compiling Samba from Source on AIX, Active Directory, LDAP, Kerberos

Hello, I asked this question in the AIX subforum but never received an answer, probably because the AIX forum is not that heavily trafficked. Anyway, here it is.. I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs... (9 Replies)
Discussion started by: raidzero
9 Replies

6. Solaris

LDAP Problem during Kerberos setting for Win server 03 Active Directory

Hi, FYI, I'm new in Solaris I'm trying to use Kerberos on authenticating LDAP Client with the Active Directory on Windows Server 2003 on both Solaris 10 5/08 and Solaris 10 9/10 by referring to the pdf file kerberos_s10.pdf available at sun official site. ... (0 Replies)
Discussion started by: chongzh
0 Replies

7. AIX

SSH and kerberos authentication problem AIX 5.3

I've configured an AIX 5.3 client to use our Windows AD for user authentication via Kerberos. When I try to ssh to the server using the AD credentials, I eventually get access but not after getting prompted for a password 3 times (which doesn't work) followed by an accepted login on the 4th... (3 Replies)
Discussion started by: jmroderick
3 Replies

8. AIX

AIX 5.2 ldap client AD

I have been able to configure on an AIX 5.2 ldap.cfg so service starts correctly. but when I try to log on with a windows user after entering the password login hangs and get no response. I have set it up on Aix 5.3 with no problem but in Aix 5.2 I have not been able to log in. ldap.cfg... (1 Reply)
Discussion started by: laxtnog
1 Replies

9. AIX

Samba 3.6.22 on AIX 7.1 with Windows AD (Kerberos and winbind)

Hi all, I have installed samba 3.6.22 on AIX 7.1 and join a windows AD with success. All seem to work fine, I have configured smb.conf, methods.cfg, kerberos, user .... the following command work fine wbinfo -u, wbinfo -g, wbinfo -i, wbinfo -s, wbinfo -S, lsuser, id... The unique... (20 Replies)
Discussion started by: PhilippeA
20 Replies

10. UNIX for Advanced & Expert Users

AD Group Policy Management and Kerberos / LDAP

Has anyone attempted to define GPO / HBAC policies in Windows Server 2012 that could be respected by Kerberos/LDAP on AIX? I'm looking to associate servers to groups so that when a user part of a group tries to login to a host not associated with that group, it would be denied. This would allow... (3 Replies)
Discussion started by: Devyn
3 Replies

LEARN ABOUT HPUX

userstat

userstat(1M)															      userstat(1M)

NAME

       userstat - check status of local user accounts

SYNOPSIS

       [parm]...

       [parm]...

DESCRIPTION

       checks the status of local user accounts and reports abnormal conditions, such as account locks.

       If any parm arguments are specified, abnormal status is displayed only for those parameters, otherwise abnormal status is displayed for all
       parameters.  The section describes the various parameter values that can be used for parm.

       Each account with an abnormal status is displayed on a single line.  Each line contains the username followed by one  or  more  parameters,
       indicating what abnormal conditions exist for the account.  The section describes the various parameters that can be displayed.

   Options
       The following options are recognized:
       Display the status of all users listed in

       (Quiet) Do not print anything to standard output.
	      This can be used when interested only in the return value.

       Check the status of only the specified user
	      name.  The user must be a local user listed in

   Parameters
       The parameters that could be displayed to indicate abnormal account status, or that could be used with the option, include the following:

       is  displayed  if  an  administrator  lock is present on the account.  This lock indicates that the encrypted password in or begins with An
       administrator lock can be set, for example, with

       is displayed if the account is locked because the account expiration
	      date has been reached.  days is the number of days that the account has been expired.  See the description of the  expiration  field
	      in shadow(4).

       is displayed if the account's password has expired.
	      days is the number of days that the password has been expired.  days is displayed only if its value can be determined.

       is displayed if the account is locked because there have been no logins
	      to the account for a time interval that exceeds the maximum allowed.  days is the number of days that the account has been inactive.
	      See the description of the attribute in security(4).

       is displayed if the account is locked because the number of
	      consecutive authentication failures exceeded the maximum allowed.  num is the number of consecutive  authentication  failures.   See
	      the description of the attribute in security(4).

       is displayed if the account is locked because the account has
	      a null password and is not allowed to have a null password.  See the description of the attribute in security(4).

       is displayed if the account has a time-of-day login restriction.
	      times defines the time periods that the user may login.  See the description of the attribute in security(4).

   Security Restrictions
       Users invoking this command must have the authorization.  See authadm(1M).

       is not supported for trusted systems.

RETURN VALUE

       exits with one of the following values:

       did not find abnormal status
       found abnormal status
       invalid usage or user not found

EXAMPLES

       The following example reports all abnormal status for all local accounts.

       The following example shows that the account for user is not locked due to too many consecutive authentication failures.

FILES

       standard password file
       shadow password file
       user database

SEE ALSO

       authadm(1M), passwd(4), security(4), shadow(4), userdb(4).

																      userstat(1M)
All times are GMT -4. The time now is 11:35 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy