Tag Archives: AD

History

Does Caligula deserve his bad rep?

Leave a comment

By hnn

Our modern idea of tyranny was born 2,000 years ago. It is with the reign of the Caligula – the third Roman emperor, assassinated in 41 AD, before he had reached the age of 30 – that all the components of mad autocracy come together for the first time.

In fact, the ancient Greek word “tyrannos” (from which our term comes) was originally a fairly neutral word for a sole ruler, good or bad.

Of course, there had been some very nasty monarchs and despots before Caligula. But, so far as we know, none of his predecessors had ever ticked all the boxes of a fully fledged tyrant, in the modern sense.

There was his (Imelda Marcos-style) passion for shoes, his megalomania, sadism and sexual perversion (including incest, it was said, with all three of his sisters), to a decidedly odd relationship with his pets. One of his bright ideas was supposed to have been to make his favourite horse a consul – the chief magistrate of Rome….

Source:
BBC News

Source URL:
http://www.bbc.co.uk/news/magazine-23455774

Date:
7-29-13

…read more

Source: FULL ARTICLE at History News Network – George Mason University

Linux

Joing Linux systems to AD and move to OU

Leave a comment

By snjksh

Hi,

We have joined Linux systems ( RHEL 6.3 ) to Windows AD ( 2008 R2 ).

System has been placed in the deafault location ‘Computers’ in AD. Then we manually move the systems to the respective OU.

Is there any option to specify OU location at the time of domain joining ?

We are using below command to join the systems.

# net ads join -U Administrator

…read more

Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Poll of sorts – on LDAP

Leave a comment

By MichaelFelt

1) Do you use LDAP on AIX? (as a client)

2) If yes, what LDAP server technology do you use:

a) IDS (or ITDS) – IBM Tivoli Directory Server
b) AD
c) openLDAP
d) other – please list.

I ask, because I am looking at openLDAP as well as IDS and am wondering if there is a clear preference I should be following.

Thanks (in advance) for your replies!

…read more

Source: FULL ARTICLE at The UNIX and Linux Forums

News, Politics, Government

Lilly And Sanofi CEOs Take Two Very Different R&D Paths In Alzheimer's Disease

Leave a comment

By John LaMattina, Contributor Alzheimer’s Disease (AD) R&D might be the most challenging therapeutic area that faces medicine today. It is known that AD is caused by the build-up of proteins into clusters that clog up nerve cells in the brain. These “plaques” break down nerve cells which, in turn, results in a decrease in the ability of these cells to function thereby leading to the familiar AD symptoms of memory loss and erosion of cognitive skills.

From: http://www.forbes.com/sites/johnlamattina/2013/04/22/lilly-and-sanofi-ceos-take-two-very-different-rd-paths-in-alzheimers-disease/

Linux

Cannot login using WINBIND in AIX 5.3

Leave a comment

By lhareigh890

I configured AIX5.3 to use kerberos and winbind so user can login and authenticate via AD. I was able to join my AIX server to domain and can execute wbinfo -u/g. However when I login, It says unknown user. I already edit /etc/secuirty/user and then method.cfg.

On the log.winbindd it says

Code:
Apr 18 15:47:28 bdougp05 daemon:err|error winbindd[213342]: [2013/04/18 15:47:28.020931, 0] lib/util_tdb.c:69(tdb_chainlock_with_timeout_internal)
Apr 18 15:47:28 bdougp05 daemon:err|error winbindd[213342]: [2013/04/18 15:47:28.020931, 0] lib/util_tdb.c:69(tdb_chainlock_with_timeout_internal)
Apr 18 15:47:28 bdougp05 daemon:err|error winbindd[213342]: tdb_chainlock_with_timeout_internal: alarm (40) timed out for key adserver.example.com in tdb /opt/pware64/var/locks/mutex.tdb
Apr 18 15:47:28 bdougp05 daemon:err|error winbindd[213342]: tdb_chainlock_with_timeout_internal: alarm (40) timed out for key adserver.example.com in tdb /opt/pware64/var/locks/mutex.tdb
Apr 18 15:47:28 bdougp05 daemon:err|error winbindd[213342]: [2013/04/18 15:47:28.021148, 0] winbindd/winbindd_cm.c:791(cm_prepare_connection)
Apr 18 15:47:28 bdougp05 daemon:err|error winbindd[213342]: [2013/04/18 15:47:28.021148, 0] winbindd/winbindd_cm.c:791(cm_prepare_connection)
Apr 18 15:47:28 bdougp05 daemon:err|error winbindd[213342]: cm_prepare_connection: mutex grab failed foradserver.example.com
Apr 18 15:47:28 bdougp05 daemon:err|error winbindd[213342]: cm_prepare_connection: mutex grab failed for adserver.example.com

workgroup = example
password server = adserver.example.com
realm = EXAMPLE.COM
security = ads
winbind separator = +
template shell = /bin/bash
template homedir = /home/users/%U
preferred master = no
local master = no
domain master = no
winbind separator = +
winbinduid = 1000-20000
winbindgid = 1000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap uid = 1000-20000
idmap gid = 1000-20000
encrypt passwords = true
winbind offline logon = no
idmap config EXAMPLE:default = yes
idmap config EXAMPLE:backend = tdb
idmap config EXAMPLE:range = 200000 - 50000000
log level = 10
idmap alloc backend = tdb
idmap alloc config:range = 200000 - 50000000

pls assist. thanks

From: http://www.unix.com/unix-advanced-expert-users/221459-cannot-login-using-winbind-aix-5-3-a.html

Business, Finance, Occupation & Industry

Boeing 737 Problem Extends String of Aircraft Dangers

Leave a comment

By 24/7 Wall St.

Filed under:

Boeing Co. (NYSE: BA) 737 aircraft need to go through an inspection process. That process includes about 1,000 planes, and the problem is serious, which means the aerospace company faces another black eye due to what appears to be design problems. This time, the issue is very serious. It is time for a change in management at Boeing to show the company wants to solve its manufacturing problems and regain something of its reputation.

According to the Federal Register, the FAA reported:

We are adopting a new airworthiness directive (AD) for all The Boeing Company Model 737-600, -700, -700C, -800, -900, and -900ER series airplanes. This AD was prompted by reports of an incorrect procedure used to apply the wear and corrosion protective surface coating to attach pins of the horizontal stabilizer rear spar. This AD requires inspecting to determine the part number of the attach pins of the horizontal stabilizer rear spar, and replacing certain attach pins with new, improved attach pins. We are issuing this AD to prevent premature failure of the attach pins, which could cause reduced structural integrity of the horizontal stabilizer to fuselage attachment, resulting in loss of control of the airplane.

“Loss of control” is a phrase that will cause anxiety among both carriers and passengers. Boeing’s reputation with both those groups already has been undermined by widely covered battery problems in the company’s brand new 787 Dreamliner.

Boeing has lost control of its production and quality control functions, as the problems with the two planes show. In some ways, the 737 issue is the greater of the two because so many hundreds of the planes are already in service.

The news about the 737 will place even more pressure on the Boeing board to question the tenure of chairman and CEO W. James (Jim) McNerney Jr. While Boeing’s planes cause more and more trouble to the airline industry, the company’s corporate public relations reaction has not addressed the safety issue at all. Rather, the company has focused on it position as a global “innovator” and role as a good “corporate citizen.” All the while, airlines have had to cope with the grounding of the 787, and now will need to go though the disruptions of 737 inspections, and whatever future problems that process could bring.

Boeing’s 737 problems will once again erode the flying public’s confidence in the safety of its planes.

Boeing’s core airplane manufacturing and design functions are appropriately under siege. Someone needs to take responsibility for the breakdowns. After years of being protected by his board, McNerney should be taken to task.

Filed under: 24/7 Wall St. Wire, Aerospace, Corporate Governance Tagged: BA

Read | Permalink | Email this | Linking Blogs | Comments

From: http://www.dailyfinance.com/2013/04/15/boeing-737-problem-extends-string-of-aircraft-dangers/

Linux

Can't chgrp. Error – chgrp: changing group of `<file>': Invalid argument

Leave a comment

By venmx

I found that I cannot chgrp for some reason with error:

chgrp: changing group of `’: Invalid argument

This happens on all NFS mounted disks on client machines.

We use AD (not my call) for authentication and it also provides groups.

We have a NFS server running Scientific Linux 6.3 which mounts SAN devices on FC connect. These are then exported via NFS. Clients are all CentOS 6.4.

The clients hard mounts the user’s home disk with intr,sync and various tuning options. The other disks use autofs.

AD is configured so that each user has a matching UID and GID, essentially making them the exclusive member of their own group. Not useful for sharing files unless you don’t mind making all your files accessibly by world, o+.

We need groups so that we can add members who are then able to chgrp what ever files they’d like to share with members of the same group. All seems pretty straight forward so far.

I used to run OpenLDAP with Kerberos to do all this, I had LDAP manage autofs and groups. Everything worked perfectly.

But now I cannot chgrp.

The permissions of the exported directories on the NFS server are:
drwx–x–x root root /san/home
drwxrwxrwx root root /san/otherdisks

But under home each user directory is owned by the user:
drwx–x–x user1 user1 /san/home/user1

NOTE: “other” means machines within same organization using same AD but built by other departments, “this” means the machines I built.

In the following scenarios it fails:

1. As AD user on “this” client machine on own home on “this” NFS server.
2. As AD user on “this” client machine on automounted disk on “this” NFS server.
3. As root on “this” client machine on automounted disk on “this” NFS server.

In the following scenarios it works:

1. As AD user on “this” client on local partitions where permissions allow.
2. As AD user logged in directly on “this” NFS server on any partition where permissions allow, including on SAN disks.
3. As root on “this” file server on any partition.
4. As AD user on “other” clients on export from “this” NFS server.
5. As AD user on “other” clients on export from “other” NFS server.
6. As AD user on “this” client on export from “other” NFS server.

This issue shows itself when I extract TAR files whilst on client machines to NFS exported shares as AD user or root, can’t chgrp!

I can do everything else, I can create, delete, even do newgrp and change my default group then create new files belonging to me with GID of new group. But still can’t chgrp

From: http://www.unix.com/red-hat/221091-cant-chgrp-error-chgrp-changing-group-file-invalid-argument.html

Do it yourself

How to Eat Like a Martial Arts Master and Increase Your Willpower

Leave a comment

Deep in the crevasses of the Songshan mountain range, an Indian dhyana master established the first Shaolin Monastery in 477 AD, seeking to spread the relatively new teachings of Buddha at the time. This monastery then bred the Shaolin monks, who are now popular for their incredible feats with Chinese martial arts, particularly with Shaolin Kung Fu.

Since then, Chinese dynasties have been both built and destroyed, but the lives of the monks have persevered through both progress and persecution.

Modern Shaolin monks are popular and known throughout the world, which is evident from their… more

From: http://self-help.wonderhowto.com/how-to/eat-like-martial-arts-master-and-increase-your-willpower-0144967/

History

Scotland’s St Oran’s Cross to be restored

Leave a comment

By hnn

One of the most important symbols of medieval Scotland, St Oran’s Cross, will be re-erected for the first time in centuries, as part of the celebrations of the 1450th anniversary of the established of a monastery on Iona in Scotland.

St Oran’s Cross dates back to the eighth century and is the world’s first Celtic High Cross. It was chiselled out of schist stone blocks quarried from the Ross of Mull, close to Iona, weighs more than a tonne and stands nearly four-and-a-half metres tall.

The cross may have been commissioned by a King, possibly Óengus son of Fergus king of the Picts, following his conquest of the area around AD 741. It was created by the finest carvers in Scotland. Historians speculate that it could be an imitation in stone of the Golgotha jewelled cross, erected at Jerusalem by the Roman Emperor Theodosius in AD 417. It may have been coloured in red and gold to replicate jewels, in imitation of timber or metal prototypes….

Source:
Medievalists.net

Source URL:
http://www.medievalists.net/2013/03/26/scotlands-st-orans-cross-to-be-restored/

Date:
3-26-13

…read more

Source: FULL ARTICLE at History News Network – George Mason University

Business, Finance, Occupation & Industry

Navidea Biopharmaceuticals Announces Enrollment of First Subject in Phase 2b Trial of NAV4694 in Sub

Leave a comment

By Business Wirevia The Motley Fool

Filed under:

Navidea Biopharmaceuticals Announces Enrollment of First Subject in Phase 2b Trial of NAV4694 in Subjects with Mild Cognitive Impairment (MCI)


– Study to evaluate NAV4694 in monitoring progression of MCI to Alzheimer’s Disease –

DUBLIN, Ohio–(BUSINESS WIRE)– Navidea Biopharmaceuticals, Inc. (NYSE MKT: NAVB), a biopharmaceutical company focused on precision diagnostic radiopharmaceuticals, today announced that enrollment has commenced in its Phase 2b, open-label, safety and efficacy positron emission tomography (PET) imaging study of [18F]NAV4694 for detection of cerebral β-amyloid plaque in subjects diagnosed with Mild Cognitive Impairment (MCI). The study is designed to investigate whether NAV4694 positron emission tomography (PET) scan findings have the ability to distinguish subjects with MCI who progress to Alzheimer’s disease (AD) from those who do not. Enrollment is currently planned at approximately five sites throughout the U.S. The first patient has been enrolled by the Alzheimer’s Disease Center at Quincy Medical Center in Quincy, MA.

“We are pleased to participate in this important clinical study of NAV4694 aimed at evaluating a patient population in whom dementia is just emerging and for whom it is believed the best prospects for therapeutic intervention will exist,” said Dr. Anil K. Nair, MD, Chief of Neurology and Head of the Alzheimer’s Disease Center at Quincy Medical Center in Quincy, MA. “Clinical trial results to date indicate that NAV4694 shows favorable sensitivity and specificity in detecting β-amyloid while exhibiting low white-matter uptake for clearer images that may assist in differential diagnoses associated with MCI. If AD could be diagnosed at an earlier stage, before clinical dementia has fully developed, the potential for successful intervention with current and future treatments could be improved considerably.”

“As the dementia field moves to earlier evaluation and treatment of cognitive impairment, it is of increasing importance to have diagnostic agents that can accurately detect the underlying cause. To our knowledge this is the first prospective, multi-center study to evaluate a radiopharmaceutical β-amyloid agent solely in subjects with MCI, an area of extreme importance as Alzheimer’s disease is expected to impact as many as 14 million Americans by 2050,” commented Cornelia Reininger, MD, PhD, Navidea’s Senior Vice President and Chief Medical Officer. “The outcome of this trial may enable accurate differentiation of MCI subjects who are at risk of developing Alzheimer’s disease from those who are not before the disease has reached more advanced stages that can impair activities of daily living. Our ultimate goal is …read more
Source: FULL ARTICLE at DailyFinance

Linux

Multiple pconsole processes spawning indefinetly

Leave a comment

By Janpol

Good night everyone, I’ve been trying to make AD authentication work with RBAC and I think I messed my test LPAR up.

I’ve manually modified the /etc/security/user.roles file, adding a role to one of my AD users (who is not defined locally) and then runned setkst. It worked fine, but now I found that there is an issue with pconsole (IBM Systems Director Console). It keeps spawning processes until it fills up the memory, the only solution I’ve found so far is to disable the pconsole services. A ps -ef looks like this, any ideas on what to do or where to look? I’ve already tried manually editing the /etc/security/user.roles file and running setkst again, but it doesn’t fix the problem :confused:.

Code:
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 15:25:27 - 0:00 /etc/init
root 1966284 1 0 15:25:47 - 0:00 /usr/sbin/syncd 60
root 2097370 4194460 0 15:25:59 - 0:00 /usr/sbin/syslogd -R
root 2162832 1 0 15:26:03 - 0:00 [cimserve]
root 2228402 4194460 0 15:25:55 - 0:00 /opt/freeware/cimom/pegasus/bin/cimssys platform_agent
root 2293998 4194460 0 15:26:46 - 0:00 /usr/sbin/rsct/bin/rmcd -a IBM.LPCommands -r
root 2359428 1 0 15:25:55 - 0:00 ./slp_srvreg -D
root 2424966 1 0 15:25:59 - 0:00 /usr/sbin/secldapclntd
root 2490448 1 0 15:25:36 - 0:00 /usr/ccs/bin/shlap64
root 2621578 1 0 15:25:48 - 0:00 /usr/lib/errdemon
pconsole 2818228 4587562 0 15:39:30 - 0:00 /bin/ksh /pconsole/lwi/bin/lwistart_src.sh
pconsole 2949254 51577914 0 15:39:34 - 0:00 /bin/ksh /pconsole/lwi/bin/lwistart_src.sh
pconsole 3014836 3277016 0 15:39:28 - 0:00 /bin/ksh /pconsole/lwi/bin/lwistart_src.sh
pconsole 3080256 7012436 0 15:26:57 ...read more
Source: FULL ARTICLE at The UNIX and Linux Forums
Linux

RBAC and LDAP users (AD)

Leave a comment

By Janpol

Hello everyone, I am having trouble with something, and I can’t find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users.

So far so good, but now, we want to implement RBAC on AIX so we can grant privileged access to certain users (like DBAs or Sysadmins) without using su or having everyone using the root account. The problem that I have, is that when I want to assing a role to a user on a server the chuser command fails, since it cannot find the user (it’s on AD, and not defined locally). I use the following command to assign the role:

Code:
chuser roles=test_role test_user

Is there a way for me to tell the chuser command to get the user information from AD? Or can I define manually the roles for each user? (maybe in the /etc/security/user.roles file?).

If that doesn’t work I’m going to try defining groups in AD with the same GID as local groups, and handling everything via the sudoers file, but I would like to hear from your experiences.

Best Regards,

Juan

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

The new ownCloud 5 features!

Leave a comment

Yesterday I blogged about the ownCloud 5 release in general and I promised to blog today about all the features that are new and improved in ownCloud 5

New design
In ownCloud 5, the main navigation was redesigned to clearly differentiate it from the in-app navigations. This also allows the app more room and thus a better focus on the content of your ownCloud directories. Settings and Log-out menus were combined into a user menu on the top right, which also shows the currently logged in user and makes it more intuitive to use. The settings are further simplified and app-specific settings are moved from personal settings into the relevant apps. To help people get their data synchronized, there is a new first run page linking the desktop & mobile apps as well as documentation how to sync contacts and calendars. This information is also displayed in the personal settings – and makes getting started with ownCloud much easier for a user.

Essentially, the new design helps to concentrate more on the content and makes it easier to navigate and setup the Desktop and Mobile syncing clients.

New Antivirus App
The new antivirus system scans uploaded files for viruses. The admin can choose if infected files should be deleted automatically and/or logged/reported in the log file.

New Files Undelete feature
Now users can undelete a file that was accidentally deleted through the web interface. Simply select the files in the files undelete section and they are returned to where they were deleted, with versions maintained.

New REST APIs
A new Open Collaboration Services (OCS)-based REST API is added to access and control ownCloud remotely. The newly released OCS 1.7 spec is supported. Main feature is a new capabilities API for closer communication with the Desktop and Mobile clients. It is now very easy for ownCloud apps to provide an REST API so more API features will be added in the future.

Display names
In the interface and share dialog, display names are shown instead of the login names. The display names are easier to understand for users and can be changed by the admin. The admin can configure the display names and they can be changed by the users themselves. The display names can also be fetched from an LDAP or AD server for bigger installations. This makes it much easier to work with ownCloud, as users are identified separately from their system-generated IDs

New search engine
A new Lucene-based full text search engine app is added. People can use the search to not only find files by name but also by content. Scanning is done in the background to ensure a responsive user experience for the users.

New photo gallery
ownCloud 5 contains an improved and rewritten photo gallery. It has an improved and streamlined user interface with a slideshow feature. Photo galleries can also be shared with others.

New documentation system
There is completely new user, admin and …read more
Source: FULL ARTICLE at Planet KDE

Linux

Configure Solaris to accept Active Directory user logins

Leave a comment

By BG_JrAdmin

Is it possible to configure a Solaris server to authenticate users against an Active Directory server when logging in via ssh?

I’ve seen some docs out there, I’ve followed their instructions, but it does not work. And I’m beginning to wonder if it is possible or even supported by Oracle. The dics I saw seemed to be making the solaris server be an AD client to access shares but i want to get ssh logins working.

Has anyone successfully done this?

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Business, Finance, Occupation & Industry

Merck and Luminex Corporation Enter Agreement to Develop Companion Diagnostic to Support Investigati

Leave a comment

By Business Wirevia The Motley Fool

Filed under:

Merck and Luminex Corporation Enter Agreement to Develop Companion Diagnostic to Support Investigational BACE inhibitor Clinical Development Program for Alzheimer’s Disease

Collaboration to Support Patient Selection for the Clinical Development of MK-8931, Merck’s Lead Investigational Medicine for Alzheimer’s Disease

WHITEHOUSE STATION, N.J. & AUSTIN, Texas–(BUSINESS WIRE)– Merck (NYS: MRK) , known as MSD outside the United States and Canada, and Luminex Corporation (NAS: LMNX) have signed a collaboration and license agreement to develop a companion diagnostic device that will be evaluated to help screen patients for recruitment into Merck’s clinical development program for MK-8931, a novel oral beta amyloid precursor protein site cleaving enzyme (BACE) inhibitor and Merck’s lead investigational candidate for Alzheimer’s disease (AD). Financial terms were not disclosed.

“Evaluation of biomarkers that may provide an indicator of disease onset and enable earlier diagnosis is an important goal toward facilitating early intervention and potentially improving the treatment of Alzheimer’s disease,” said Darryle D. Schoepp, Ph.D., senior vice president, head of Neuroscience and Ophthalmology at Merck Research Laboratories. “We look forward to working with Luminex to advance our ongoing clinical development program for MK-8931.”

Luminex will be responsible for development, regulatory submission and commercialization of the candidate companion diagnostic device, which will employ Luminex’s xMAP® Technology to measure concentrations of two candidate biomarkers (Aβ42 and t-tau) in cerebrospinal fluid (CSF) samples from patients with mild cognitive impairment (MCI). The candidate device will be evaluated as a means to identify subjects with MCI who have a higher risk of developing AD to support patient selection for Merck’s therapeutic BACE inhibitor clinical program.

“This collaboration has the potential to deliver a novel companion diagnostic to identify patients at increased risk of developing Alzheimer’s disease,” added Patrick J. Balthrop, president and CEO of Luminex. “We are pleased to leverage our technologies and development capabilities and look forward to expanding our activity into the companion diagnostic segment of personalized medicine.”

The accumulation of beta amyloid in the brain is a key pathological characteristic related to AD. Recent clinical evidence supports the hypothesis that the measurement of the investigational biomarkers Aβ42 and t-tau in CSF may be useful in identifying patients at greater risk of developing AD. Currently, AD is diagnosed by clinical examination (i.e., medical history; physical, neurological, psychiatric and neuropsychological exams; and Magnetic Resonance Imaging [MRI] or Computed Tomography [CT] scan). An AD diagnosis can only be …read more
Source: FULL ARTICLE at DailyFinance

History

Sealing Norse Greenlanders’ fate?

Leave a comment

By hnn

The mystery of what happened to Greenland’s Norse population is one step closer to being solved, as new evidence suggests that the colony did not die out because its inhabitants were unable to adapt to their new environment.

The first Viking settlers arrived in c.AD 1000, and over time their population swelled to around 3,000 people. By the 15th century, however, they had vanished, with no explanation provided by contemporary written sources. This disappearance has long been debated by archaeologists, with some suggesting that the farming communities were defeated by climate change, which made it difficult to cultivate cereal crops for bread and beer, and limited wild plant resources….

Source:
World Archaeology

Source URL:
http://www.world-archaeology.com/news/sealing-norse-greenlanders-fate/

Date:
1-25-13

Source: FULL ARTICLE at History News Network – George Mason University

Business, Finance, Occupation & Industry

Alaris Royalty Corporation Goes Ex-Dividend Soon

Leave a comment

By DividendChannel.com On 1/29/13, Alaris Royalty Corporation (Toronto: AD) will trade ex-dividend, for its monthly dividend of $0.105, payable on 2/15/13. As a percentage of AD‘s recent stock price of $25.75, this dividend works out to approximately 0.41%.
Click here to find out which 9 other Canadian stocks going ex-dividend you should know about, at DividendChannel.com »
Source: FULL ARTICLE at Forbes Markets

Linux

Trouble with Kerberos/LDAP and AIX 6.1

Leave a comment

By jgeiger

The KRB5ALDAP compound load module is giving me fits. Everything looks like it should be working, but no.

Goal: Integrate AIX host with Active Directory using a KRB5ALDAP compound load module so that users can be created in AD and used in AIX, with unix attributes (registry values) being pulled from AD. Eliminate the need to manage user accounts on a per-server basis.

Issue: User attributes are visible with lsuser and returned with ldapsearch. Kerberos authentication shows successful at the domain controller, but a “permission denied” or “invalid login or password” message is displayed. Files can be chown-ed to the user accounts, but SU fails.

I attached a doc with the pertinent configs and troubleshooting steps. Since making that doc, I have also chased the enctype (switched to solely RC4) and the KVNO (tried 2, 3, 4). But no love.

Any help would be greatly appreciated.

Source: FULL ARTICLE at The UNIX and Linux Forums