[Samba] Samba 4.10.13-1 as a domain member, AIX 7100-05-05

Rowland penny rpenny at samba.org
Wed Apr 22 08:34:13 UTC 2020 

On 21/04/2020 21:32, Bob Wyatt via samba wrote:
> In perusing Red Hat manuals for a different issue with Red Hat, this was in
> their RHEL 7 documentation:
>
>   
>
> You can run Samba as:
>
>   
>
> *	An Active Directory (AD) or NT4 domain member
> *	A standalone server
> *	An NT4 Primary Domain Controller (PDC) or Backup Domain Controller
> (BDC)
>
>   
>
> NOTE
>
> Red Hat supports these modes only in existing installations with Windows
> versions which support NT4 domains. Red Hat recommends not setting up a new
> Samba NT4 domain, because Microsoft operating systems later than Windows 7
> and Windows Server 2008 R2 do not support NT4 domains.
>
>   
>
> For my AIX setup, I have been working with a Windows Server 2016 server.
>
> If the above is true, then I can't use Samba on AIX to be a member of the
> Windows 2016 domain,
>
>   
>
> Is it true, and if so, is there an alternative to Samba/by Samba or
> different setup or configuration for newer Windows domains than NT4?
>
>   
>
> Regards,
>
>   
>
> Bob Wyatt
>
Just to clear this up, Samba should be capable of running as a Unix 
domain member against any Windows server. There are problems with NT4 
domains, mainly being that Windows stopped supporting them over 15 years 
ago.

The major problem with RHEL (and hence Centos etc) is that you cannot 
provision a Samba AD DC with the OS Samba packages, this is because RHEL 
uses MIT kerberos. You can provision an AD DC on Fedora, but, because 
this uses MIT kerberos, it is marked as experimental and should not be 
used in production.

Samba on AIX should be capable of running as a Unix domain member 
against a Windows DC, if you are setting the smb.conf correctly (and it 
looks like you are) and it doesn't work, then it may be a problem with 
the way that AIX is compiling Samba.

If it is a Samba problem, then level 10 logs, wire traces etc are going 
to be required, but in the first instance, I would be asking AIX for 
help, why does winbind refuse to run on AIX ?

Sorry I cannot be more help, but I do not have an AIX machine to test on.

Rowland

More information about the samba mailing list