[Samba] AIX 7.1 Samba 3.6.23 Windows 2003 Server AD

Bob Wyatt bwyatt_sub at comcast.net
Fri Feb 13 15:17:17 MST 2015

My apologies for being too new to this whole process...

Server was AIX 5.3/Samba 2.2.7, authenticating only against the AD. No 
single sign-on, kerberos, or LDAP to my knowledge; smbd processes never 
load kerberos or LDAP libraries. Upgraded to AIX 7.1/Samba 3.3.12, which 
didn't go smoothly; customer is upgrading to Windows Server 2012 AD in a 
couple of months, so upgraded again to Samba 3.6.23 (IBM's version).

User security works fine as a temporary work-around.

Server security seems to fail to find the AD server. So it looks like I 
need to remove the server from the AD, then rejoin. Everything I read, 
though, says I need Kerberos and LDAP, but we still only want to 
authenticate the users against the current Windows Server 2003 AD. We 
don't want single sign-on integration - when a share is mounted (no 
printers involved), the credentials for the user should be checked 
against AD, and that's all we want from the AD today.

Does rejoining the AD sound like the right approach? Or do I really need 
Kerberos and LDAP? Any additional or alternate suggestions or ideas? 
This is a fast deep-dive for me, so please excuse my noobieness.

More information about the samba mailing list