How to use AD accounts in AIX? Post: 302942584

Sponsored Content

Operating Systems AIX How to use AD accounts in AIX? Post 302942584 by agent.kgb on Thursday 30th of April 2015 05:27:55 AM

04-30-2015

Registered User

Yes, you can create user and keytab file, but with the settings in methods.cfg above it works without keytab and the user too.

Code:

$ grep keytab /etc/krb5.conf
        default_keytab_name = FILE:/etc/krb5/krb5.keytab
$ ls -l /etc/krb5/krb5.keytab
/etc/krb5/krb5.keytab not found
$ /usr/krb5/bin/kinit -f user
Password for user@DOMAIN:
Warning: Your password will expire in 5 days.
$ /usr/krb5/bin/klist
Ticket cache:  FILE:/var/krb5/security/creds/krb5cc_0
Default principal:  user@DOMAIN

Valid starting     Expires            Service principal
04/30/15 11:21:06  04/30/15 21:21:08  krbtgt/DOMAIN@DOMAIN
        Renew until 05/01/15 11:21:06

---------- Post updated at 11:27 AM ---------- Previous update was at 11:22 AM ----------

Quote:

Originally Posted by aaron8667

but for some reason, it did not work. May be i missed something. please see the error below.

the only difference between what I posted and what you posted is the realm name. It must be in big letters -> DOMAIN.COM. Everything else should be ok.

Which versions of AIX and Windows do you have?

agent.kgb

View Public Profile for agent.kgb

Find all posts by agent.kgb

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Mail accounts

Hi there I am a newbie. want to learn followings: 1. How can i create an mail only account.? 2. Where is the file containing mail accounts?What is the path? 3. Can i create mail accounts from PHP? Thanx

2. UNIX for Advanced & Expert Users

creating user accounts in AIX

Hello all: I am new to UNIX and I am given the responsibility of administering a UNIX machine recently. The system is a IBM AIX 3.1. As a part of my duties I recently created some user accounts using "smit". It looked as if everything went well. But, after creating the account, I logged into...

3. Shell Programming and Scripting

User Accounts

I have found a script to create user accounts. But there are a few lines i dont understand. Can someone help me with this? Here's the code: ###################################### while ; do ACCT=${USER_ACCT}${START} START=`expr $START + 1` START=`echo ${START} | awk...

4. HP-UX

Activated accounts

Hello all, I am trying to list all accounts that are still activated on a HP-UX trusted system. I have tried to do something with the modprpw command but can't think of any way. Can someone give me a hint? I am not looking for a whole script, this I can do it, but just a way to get that into a...

5. Post Here to Contact Site Administrators and Moderators

Combine Accounts

I have two different accounts under two names. That is my fault and I own that issue. I would like to combine the two account or just remove one of them. How do I go about doing that on this site.

6. Post Here to Contact Site Administrators and Moderators

combine accounts

I have two accounts, one for gmail and one for all other Google applications. I would like to put the gmail account on the same account as the others. I like Google, and all the products offered. However, it has been very difficult and frustrating to find this forum, and to figure out how to...

7. Solaris

Help with user accounts

Hi All, How to know all the shells a user has access. Thank you .

8. Shell Programming and Scripting

Finding AIX user accounts expired or locked

// AIX 6.1 In need of finding which AIX user accounts will be expired and are locked. I have placed the following parameters under /etc/security/user...

LEARN ABOUT NETBSD

kimpersonate

KIMPERSONATE(8) 					    BSD System Manager's Manual 					   KIMPERSONATE(8)

NAME

     kimpersonate -- impersonate a user when there exist a srvtab, keyfile or KeyFile

SYNOPSIS

     kimpersonate [-s string | --server=string] [-c string | --client=string] [-k string | --keytab=string] [-5 | --krb5]
		  [-e integer | --expire-time=integer] [-a string | --client-address=string] [-t string | --enc-type=string]
		  [-f string | --ticket-flags=string] [--verbose] [--version] [--help]

DESCRIPTION

     The kimpersonate program creates a "fake" ticket using the service-key of the service.  The service key can be read from a Kerberos 5 keytab,
     AFS KeyFile or (if compiled with support for Kerberos 4) a Kerberos 4 srvtab.  Supported options:

     -s string, --server=string
	     name of server principal

     -c string, --client=string
	     name of client principal

     -k string, --keytab=string
	     name of keytab file

     -5, --krb5
	     create a Kerberos 5 ticket

     -e integer, --expire-time=integer
	     lifetime of ticket in seconds

     -a string, --client-address=string
	     address of client

     -t string, --enc-type=string
	     encryption type

     -f string, --ticket-flags=string
	     ticket flags for krb5 ticket

     --verbose
	     Verbose output

     --version
	     Print version

     --help

FILES

     Uses /etc/krb5.keytab, /etc/srvtab and /usr/afs/etc/KeyFile when available and the -k option is used with an appropriate prefix.

EXAMPLES

     kimpersonate can be used in samba root preexec option or for debugging.  kimpersonate -s host/hummel.e.kth.se@E.KTH.SE -c lha@E.KTH.SE -5
     will create a Kerberos 5 ticket for lha@E.KTH.SE for the host hummel.e.kth.se if there exists a keytab entry for it in /etc/krb5.keytab.

SEE ALSO

     kinit(1), klist(1)

AUTHORS

     Love Hornquist Astrand <lha@kth.se>

BSD
								September 18, 2006							       BSD