[Samba] net ads join on AIX 5.2 - Mission Impossible ?
Doug VanLeuven
roamdad at sonic.net
Fri Aug 12 01:33:06 GMT 2005
samba at lonx.net wrote:
> Hi all,
> is it possible at all to get Samba 3 on AIX 5.2 to join a Win 2003
> Domain natively ? All the precompiled versions do not have AD Support
> and having AIX krb5 installed (let alone using --with-ads)is enough
> to make a compile run fail - both 3.0.14 and 3.0.20rc2. Might Heimdal
> solve this ? Has ANYONE got a working installation ?
> Solving this would make quite a difference to my current life,
> so any advice would be appreciated.
Yeah. Been there. Done that. AIX 5.2, samba 3.0.14
I went the route of installing the linux affinity toolkit.
Used gcc to compile. Use at least gcc 3.x
http://aixpdslib.seas.ucla.edu/index.html has a good gcc.
Compiled and installed openldap to /usr/local/openldap
just to link against samba.
Compiled and installed Kerberos to /usr/local using rpm
so if IBM ever got the development files up to speed it
would be easy to uninstall & switch back. At the time, last
year, IBM Kerberos didn't support rc4-hmac either.
In configure use CPFLAGS, CPPFLAGS, & LDFLAGS to insure
the paths picked the homebrew versions.
I had a special account to log in where LIBPATH and PATH
would pickup the homebrew and linux affinity directories
before the system ones.
When I was done, not only did samba work in "ADS = security" mode,
but I could use the kerberos utilities natively with the
MS AD as the key distribution center.
I had to turn off sendfile because, although the test machine
worked fine, the production machine ran out of file handles
about 3 hours into the workday. Couldn't even reboot cleanly.
Total lockup. That was several months ago, maybe rc20 fixes that.
I wouldn't know. Never figured how to simulate the load
on the development machine.
I set "winbind trusted domains only = yes" because I had NIS
and an identical user name correspondence between windows and
unix. Used idmap_ad before it was rolled into the distribution
for winbindd resolution. Didn't test other modes.
Regards, Doug
More information about the samba
mailing list