[Samba] Samba 3.0.22 on AIX Authenticating to AD 2003

Steven Johnson sjohnson at creditorsinterchange.com
Wed Jul 19 13:51:55 GMT 2006

I have been trying to get Samba 3.0.22 to authenticate to our Active
Directory 2k3 environment for about 3 weeks now. I have gotten to a
point where google searches are no longer helpful. We have an IBM 9133
server on AIX 5.3. I had to use the binaries because the sources failed
the make install. We are using IBM's version of Kerberos Network
Authentication Service because the MIT version failed the make with a
variety of compiler errors. I have installed and compiled OpenLDAP using
openldap-stable-20060606.tgz. When I attempt to join the server to the
domain I get 


# /opt/Samba/3.0.22/bin/net ads join

root's password:

[2006/07/19 09:46:39, 0] libads/kerberos.c:ads_kinit_password(164)

  kerberos_kinit_password root at CREDITORSINTERCHANGE.LOCAL failed: Cannot

 network address for KDC in requested realm

[2006/07/19 09:46:39, 0] utils/net_ads.c:ads_startup(191)

  ads_connect: Cannot resolve network address for KDC in requested realm


here is a copy of my smb.conf


# Creditors Interchange LLC Samba 3.0.22 Configuration File smb.conf

# This file is the sole property of Creditors Interchange LLC.
Permission to

# use; redistribute, copy, or modify this file is strictly prohibited

# prior consent from the management or officers of Creditors Interchange

# /opt/Samba/3.0.22/lib/smb.conf

# Global options needed to communicate Samba to Windows 2003 Active


        netbios name = CICUBS2

        password server = creditors1.creditorsinterchange.local

        unix password sync = yes

        workgroup = CREDITORSINTERCHANGE

        os level = 20

        encrypt passwords = yes

        security = ads


        dns proxy = yes




# Winbind configuration: mapping  ADS users to Unix uid's and gid's

# the enumeration of users and groups.

# Winbind seperator is the character that seperates user and group names

# the domain name.


#       winbind seperator = +

        idmap gid = 10000-20000

        idmap uid = 10000-20000

        winbind enum users=yes

        winbind enum groups=yes




# define user and group shares here.

# Example

# comment = A description of the share such as Public data directory

# read only = yes or no

# path = /path to shared directory or file

# user = @"domain name+user group to be given access"



PS... I almost forgot to mention I ama networking guy with little unix
experience which I am sure is the reason I cant get this to work.




Steven Johnson

LAN/WAN Analyst

Creditors interchange

sjohnson at Creditorsinterchange.com



More information about the samba mailing list