How to find WWN(World Wide Name) of a fibre-channel in IBM AIX

To find the WWN (world wide name) of a fibre-channel in IBM AIX use the command below:

# lscfg -vp -l fcs0 | grep “Network Address”

Output:

Network Address…………. 10000000C980DBE8

Where 10000000C980DBE8 is world wide name.

Another way to find WWN is using the command:

# fcstat fcs0 | grep “World Wide Port Name”

Output:

World Wide Port Name: 0x10000000C980DBE8

Where 0x10000000C980DBE8 is world wide name.

How to install SSH in AIX

Goal:

Install OpenSSH in AIX 7.1.

Download

First, you will need to download the OpenSSL and OpenSSH packages from this location:

https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Installation

Create a directory called install into the directory /tmp:

#mkdir /tmp/install

Copy the files to directory /tmp/install.

Uncompress the files OpenSSH_6.0.0.6200.tar.Z and openssl-1.0.1.512.tar.Z.

#uncompress OpenSSH_6.0.0.6200.tar.Z
#tar -xvf OpenSSH_6.0.0.6200.tar
#uncompress openssl-1.0.1.512.tar.Z
#tar -xvf openssl-1.0.1.512.tar

Now install the openssl package:

#installp -ac -Y -d /tmp/install/openssl-1.0.1.512/ openssl.base openssl.man.en_US

Then install the openssh package:

#installp -ac -Y -d /tmp/install/OpenSSH_6.0.0.6200/ openssh.base openssh.man.en_US

You can check the started daemon with the lssrc command:

#lssrc -s sshd
Subsystem         Group            PID          Status
sshd             ssh              3277032      active

If the daemon is not started, you can start with the startsrc command:

#startsrc -s sshd

Enjoy!!!

How to authenticate against the Active Directory by using Winbind

This article describes how to join an Red Hat in an Active Directory domain and to authenticate the user with AD.

Environment

Red Hat Enterprise Linux Server release 6.3
Windows Server 2008 R2

Install

You need to install the following packages:

# yum install samba-client  samba-winbind samba-winbind-clients

Configure

Open the /etc/samba/smb.conf file and modify as below:

[global]
workgroup = DOMAIN
realm = REALM.LOCAL
log level = 2
syslog = 0
server string = Linux File Server
security = ads
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
printing = cups
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = true
winbind separator = +
idmap uid = 1000000-2000000
idmap gid = 1000000-2000000
template shell = /bin/bash

Now, join to domain:

# net ads join -U Administrator

Start winbind and enable it on boot.

# service winbind start
# chkconfig winbind on

Verify the system can talk to AD with the commands:

Checks whether the trust secret via RPC calls succeeded.

# wbinfo -t

Lists all domain users.

# wbinfo -u

Lists all domain groups.

# wbinfo -g

Now let’s go configure the NSS and PAM.

# authconfig –enablewinbind –enablewinbindauth –smbsecurity=ads –smbrealm=<realm> –smbworkgroup=<workgroup> –smbidmaprange=1000000-2000000 –winbindtemplateshell=/bin/bash –enablewinbindusedefaultdomain –winbindseparator=+ –enablemkhomedir –updateall

Where:

enablewinbind: enable winbind for user information by default.
enablewinbindauth: enable winbind for authentication by default.
smbsecurity: security mode to use for samba and winbind.
smbrealm: default realm for samba and winbind when security=ads.
smbworkgroup: Classic (pre Windows 2003 Server) name of domain.
smbidmaprange: configures winbind to assume that users with no domain in their user names are domain users.
winbindtemplateshell: the shell which winbind-created users will have as their login shell.
enablewinbindusedefaultdomain: configures winbind to assume that users with no domain in their user names are domain users.
winbindseparator: the character which will be used to separate the domain and user part of winbind-created user names if winbindusedefaultdomain is not enabled.
enablemkhomedir: create home directories for users on their first login.
updateall: update all configuration files.

Follow some commands to test the configuration:

# getent passwd <user>
# id <user>
# getent group <domain group>

Done! Your linux system is authenticating against on Active Directory.