I have next configuration :
- AIX 5.3 (5300-11-03-1013)
- pWare.SAMBA 3.5.8.1
- OpenSSH 5.2.0
- OpenSSL 0.9.8
Now, to be more clearly I'll explain what I need indeed.
My task is set up integration AIX server to Active Directory 2008 with Samba (Winbind) for chrooted SSH connections.
It means our developers should login into AIX server by own AD acounts with SFTP and upload/download files on it.
Chroot environment is recommended for it.
Ok, lets look at my krb5.conf
and smb.conf
Then create dirs ...
After that we set option for create home dirs automaticaly
Now we should edit /etc/security/user config file for authentificate new users in our system with Winbind
Eventually we join our server in AD and trying to login on it with ssh from other station (PC, or server)
Well. It works. But what should I do for chroot AD users ?
In /etc/ssh/sshd_config option:
ChrootDirectory /home/FILEBASE/TST/%u
Doesn't work. Any idea ?
- AIX 5.3 (5300-11-03-1013)
- pWare.SAMBA 3.5.8.1
- OpenSSH 5.2.0
- OpenSSL 0.9.8
Now, to be more clearly I'll explain what I need indeed.
My task is set up integration AIX server to Active Directory 2008 with Samba (Winbind) for chrooted SSH connections.
It means our developers should login into AIX server by own AD acounts with SFTP and upload/download files on it.
Chroot environment is recommended for it.
Ok, lets look at my krb5.conf
Code:
[root@wb53tst /]$ cat /etc/krb5/krb5.conf
[libdefaults]
default_realm = TST.TST
default_keytab_name = FILE:/etc/krb5/krb5.keytab
default_tkt_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts des-cbc-md5 des-cbc-crc aes128-cts
default_tgs_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts des-cbc-md5 des-cbc-crc aes128-cts
[realms]
TST.TST = {
kdc = dc1.tst.com:88
admin_server = dc1.tst.com:749
default_domain = tst.com
}
[domain_realm]
.tst.com = TST.COM
dc1.tst.com = TST.COM
[logging]
kdc = FILE:/var/krb5/log/krb5kdc.log
admin_server = FILE:/var/krb5/log/kadmin.log
kadmin_local = FILE:/var/krb5/log/kadmin_local.log
default = FILE:/var/krb5/log/krb5lib.logCode:
[root@wb53tst /]$ cat /opt/pware/lib/smb.conf
[global]
workgroup = TST
netbios name = wb53tst
security = ads
passdb backend = tdbsam
realm = TST.COM
password server = dc1.tst.com
load printers = yes
cups options = raw
winbind uid = 10000-65534
winbind gid = 10000-65534
winbind use default domain = yes
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 60
winbind uid = 10000-65534
winbind gid = 10000-65534
winbind use default domain = yes
winbind separator = +
template homedir = /home/FILEBASE/TST/%U
template shell = /bin/bash
winbind offline logon = no
[homes]
comment = Home Directories
browseable = no
writable = yesCode:
[root@wb53tst /]$ mkdir -p /home/FILEBASE/TSTCode:
[root@wb53tst /]$ vi /etc/security/login.cfg
...
mkhomeatlogin = trueCode:
default:
...
SYSTEM = "WINBIND OR compat"
registry = WINBIND
...Code:
[root@wb53tst /]$ net ads join -U aixadmin
Password:
[root@wb53tst /]$ wbinfo -u | grep a.fox
a.fox
[root@wb53tst /]$ lsuser -r WINBIND a.fox
a.fox id=10000 pgrp=domain users home=/home/FILEBASE/TST/a.fox shell=/bin/bash gecos= login=true su=true rlogin=true daemon=true admin=false sugroups=ALL
admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=WINBIND SYSTEM=WINBIND OR compat logintimes= loginretries=0
pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=0
pwdchecks= dictionlist= fsize=2097151 cpu=-1 data=524288 stack=524288 core=2097151 rss=524288 nofiles=-1 time_last_login=1352112067
time_last_unsuccessful_login=1352111337 tty_last_login=ssh tty_last_unsuccessful_login=ssh host_last_login=iosx.tst.com host_last_unsuccessful_login=iosx.tst.com
unsuccessful_login_count=0 roles= pgid=10000 SID=S-1-5-21-1451182435-1389936362-2546935155-38411Code:
$ ssh -l a.fox wb53tst.tst.com
Password:
[a.fox@wb53tst ~]$ pwd
/home/FILEBASE/TST/a.foxIn /etc/ssh/sshd_config option:
ChrootDirectory /home/FILEBASE/TST/%u
Doesn't work. Any idea ?