[Samba] AIX 7.1 Samba 3.6.23 Windows 2003 Server AD
Thomas Schulz
schulz at adi.com
Mon Feb 16 08:14:52 MST 2015
> My apologies for being too new to this whole process...
>
> Server was AIX 5.3/Samba 2.2.7, authenticating only against the AD. No
> single sign-on, kerberos, or LDAP to my knowledge; smbd processes never
> load kerberos or LDAP libraries. Upgraded to AIX 7.1/Samba 3.3.12, which
> didn't go smoothly; customer is upgrading to Windows Server 2012 AD in a
> couple of months, so upgraded again to Samba 3.6.23 (IBM's version).
>
> User security works fine as a temporary work-around.
>
> Server security seems to fail to find the AD server. So it looks like I
> need to remove the server from the AD, then rejoin. Everything I read,
> though, says I need Kerberos and LDAP, but we still only want to
> authenticate the users against the current Windows Server 2003 AD. We
> don't want single sign-on integration - when a share is mounted (no
> printers involved), the credentials for the user should be checked
> against AD, and that's all we want from the AD today.
>
> Does rejoining the AD sound like the right approach? Or do I really need
> Kerberos and LDAP? Any additional or alternate suggestions or ideas?
> This is a fast deep-dive for me, so please excuse my noobieness.
At some point in going from an early Samba to the later 3.* series
I found that I had to rejoin the domain. I did not have to remove the
machine from the domain first, I just joined again.
Also, I found it necessary to specify 'password server = ourserver'
dispite the fact that the documentation says that this is not necessary
with 'security = domain'. I think that this has something to do with
our AD server being a Windows 2000 machine.
I have not done anything with kerberos or LDAP or any thing special.
Tom Schulz
Applied Dynamics Intl.
schulz at adi.com
More information about the samba
mailing list