Hi All, can I ask you for some advice? My setup is: - updated RHEL7 as IPA server (UX.EXAMPLE.COM) in trust with Active Directory 2008R2 domain (EXAMPLE.COM) - AIX 7 as IPA client
I'm using compat tree for connecting AIX as client. A lot of things work correctly: # /usr/krb5/bin/kinit leszek Password for [email protected]: # /usr/krb5/bin/klist Ticket cache: FILE:/var/krb5/security/creds/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 02/12/15 15:46:23 02/13/15 01:46:31 krbtgt/[email protected] Renew until 02/13/15 01:46:23 # lsldap -a passwd [email protected] dn: [email protected],cn=users,cn=compat,dc=ux,dc=example,dc=com objectClass: posixAccount objectClass: extensibleObject objectClass: top gecos: ad_user cn: ad_user uidNumber: 1036620735 gidNumber: 1036620735 homeDirectory: /home/example.com/ad_user ipaNTSecurityIdentifier: S-1-5-21-XXXXXXXX-XXXXX-XXXXXX uid: [email protected] # id [email protected] uid=1036620735([email protected]) gid=1036620735([email protected]) groups=1036620733([email protected]) Here I found the first problem: # su - [email protected] 3004-614 Unable to change directory to "". You are in "/home/guest" instead. $ id uid=1036620735([email protected]) gid=1036620735([email protected]) groups=1036620733([email protected]) The "3004-614 Unable to change directory to ""." appears after I added to /etc/methods.cfg: KRB5A: program = /usr/lib/security/KRB5A program_64 = /usr/lib/security/KRB5A_64 options = authonly LDAP: program = /usr/lib/security/LDAP program_64 =/usr/lib/security/LDAP64 Without these lines there is no error "about change to home directory", su from root works smoothly and entered the user to the homedirectory. But now I can't ssh to the system, because I have no correct registry. ----- I made another test: if I can log in by just IPA user, ex. admin. There is no such problem: # id admin uid=30000(admin) gid=30000(admins) # su - admin -bash-3.2$ pwd /export/home/admin -bash-3.2$ id uid=30000(admin) gid=30000(admins) # ssh admin@localhost admin@localhost's password: ******************************************************************************* * * * * * Welcome to AIX Version 7.1! * * * * * * Please see the README file in /usr/lpp/bos for information pertinent to * * this release of the AIX Operating System. * * * * * ******************************************************************************* -bash-3.2$ id uid=30000(admin) gid=30000(admins) Any idea what is wrong? I have already changed the AIX max_logname from 8 to 40 characters. Maybe the "@" character in login name is a problem? Thank you in advance. -- /lm
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
