I have next configuration :
- AIX 5.3 (5300-11-03-1013)
- pWare.SAMBA 3.5.8.1
- OpenSSH 5.2.0
- OpenSSL 0.9.8
Now, to be more clearly I'll explain what I need indeed.
My task is set up integration AIX server to Active Directory 2008 with Samba (Winbind) for chrooted SSH connections.
It means our developers should login into AIX server by own AD acounts with SFTP and upload/download files on it.
Chroot environment is recommended for it.
Ok, lets look at my krb5.conf
and smb.conf
Then create dirs ...
After that we set option for create home dirs automaticaly
Now we should edit /etc/security/user config file for authentificate new users in our system with Winbind
Eventually we join our server in AD and trying to login on it with ssh from other station (PC, or server)
Well. It works. But what should I do for chroot AD users ?
In /etc/ssh/sshd_config option:
ChrootDirectory /home/FILEBASE/TST/%u
Doesn't work. Any idea ?
You said you want the "developers should login into AIX server by own AD acounts with SFTP and upload/download files on it." You shouldn't need the ssh commandline connection for that. I haven't tried this with sftp yet, but guessing from setting up standard ftp servers you chroot the ftpd at start time and it sets the connections to a "virtual root directory", much like a web server is doing this: the web address "http://www.server.com" is hardly the real root directory but some directory designated to be the "virtual root" for the purposes of the web server.
I have a task to set up AIX integration with Active Directory with SAMBA.
Users should login on SFTP with own AD accounts and download/upload something to own home directories. I've already setup authentification AIX with WINBIND and I can see AD-users, groups, and even can login to the server via SSH with AD account. But I have no idea why I can't do the same with SFTP. Local users (type: compat) login successfull, but AD users don't. Exactly SFTP, because SSH connection on 22 port works perfect for AD accounts. Maybe I need edit PAM config ?
---------- Post updated at 01:37 AM ---------- Previous update was at 01:30 AM ----------
And I want to add few words.
It's just task. I know that SAMBA, WINBIND, PAM is not perfect solution. Sure Kerberos + LDAP will be more better and easy. But I need done this test only with that.
Moderator's Comments:
edit by bakunin: you do not need to open two threads for one problem - one is perfectly fine. Threads merged.
Hi all,
I have installed samba 3.6.22 on AIX 7.1 and join a windows AD with success.
All seem to work fine, I have configured smb.conf, methods.cfg, kerberos, user .... the following command work fine wbinfo -u, wbinfo -g, wbinfo -i, wbinfo -s, wbinfo -S, lsuser, id...
The unique... (20 Replies)
I have installed following packages from perzl
samba-winbind-clients-3.6.22-1
samba-client-3.6.22-1
samba-domainjoin-gui-3.6.22-1
samba-winbind-devel-3.6.22-1
samba-3.6.22-1
samba-common-3.6.22-1
samba-winbind-krb5-locator-3.6.22-1
samba-doc-3.6.22-1
samba-swat-3.6.22-1... (7 Replies)
I have joined an AIX 7.1 into a 2012 AD domain sucesfully.
I can get ouput from wbinfo -u but when I try to access a share I get the following error :
check_ntlm_password: Authentication for user -> FAILED with
error NT_STATUS_NO_SUCH_USER
I have found that I'm missing... (0 Replies)
I configured AIX5.3 to use kerberos and winbind so user can login and authenticate via AD. I was able to join my AIX server to domain and can execute wbinfo -u/g. However when I login, It says unknown user. I already edit /etc/secuirty/user and then method.cfg.
On the log.winbindd it says
... (0 Replies)
Hello,
I have a weird issue, I have RHEL 5.7 running with openssh5.2 where sftpgroup OS group is chroot. I see the difference difference in timestamp on files, when I login via ssh and SFTP, I see four hour difference, is something missing in my configuration.
#pwd... (8 Replies)
Hi
I need a specific user to be able to sftp to a server and get files from a specific location. The location is not the users home dir, i don't want the user to be able to view anything else apart from the files in that area.
e.g ftp file are is - /logging/phplogs
e.g user home is... (1 Reply)
Hello,
I have sftp server with chroot for a group and username is on a Linux host, I have created a few subdirectories under sftpuser home directories with 775. Then using a Samba I shared this user home directory to another linux client.
On the Linux client, I have jboss user to access... (2 Replies)
The campus system that I use has switched to using winbind. In the old days, I was able to specify tcsh as my shell with the usual entry in /etc/passwd. But I'm told winbind doesn't have user specific entries, and now my ssh login defaults to a bash shell. Can anybody advise how I can... (2 Replies)
Hi,
I have a set up a linux box connected to windows active directory using winbind. Everything is up and running fine. Now i wish to auto create a local account whenever a new user logs in. I have tried every possible way using the smb.conf to no avail.
Any help would be appreciated. (1 Reply)