[Samba] Samba 4.10.6-1 Configuration on AIX

Bob Wyatt bwyatt_sub at comcast.net
Wed Feb 5 20:00:40 UTC 2020


Thanks to you and Louis for your guidance.
I really apologize for my lack of knowledge of AD and Samba; and I appreciate your patience and willingness to help.
And I apologize for not trimming the reply - don't know how much to retain...

The referenced document seems to be leveraging domain services that we're not using.
We are only using AD user authentication to access shares on AIX.
No single sign-on, no user administration/manipulation anywhere, no printer sharing.

Kerberos shouldn’t be required, which one might think also means the imap settings shouldn’t be required.
Although they may eventually embrace NTP, is it not configured today; without Kerberos, it isn’t required.
We're not wanting to save any user credentials necessary in AIX to acquire access to the shares in AIX.

Testing DNS, everything is good until the "set type=SRV" _ldap_... test; it fails.
Kerberos is not installed on AIX.

The server name (hostname) was changed from the old FQDN to the new FQDN, and the /etc/hosts file was updated.
The security was changed from domain to ADS.

Testparm still reports the imap errors (see below).

# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
idmap range not specified for domain '*'
ERROR: Invalid idmap range for domain *!

Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

# Global parameters
[global]
        deadtime = 15
        interfaces = lo eth0 172.21.10.2/255.255.0.0
        load printers = No
        local master = No
        log file = /var/log/samba/log.%m
        max log size = 50
        realm = BOOST.COM
        security = ADS
        server string = Samba Server Version %v
        workgroup = BOOST
        idmap config domain : unix_nss_info = no
        idmap config * : backend = tdb
        case sensitive = Yes
        cups options = raw
        hide dot files = No

-----Original Message-----
From: Rowland penny <rpenny at samba.org> 
Sent: Wednesday, February 5, 2020 4:36 AM
To: samba at lists.samba.org
Subject: Re: [Samba] Samba 4.10.6-1 Configuration on AIX

On 05/02/2020 00:25, Bob Wyatt via samba wrote:
> The below Globals section is reporting some testparm failures that don't
> make sense to me.
>
> Perhaps someone could shine a light for me?
>
>   
>
> This is a new installation - from 3.6.23 to 4.10.6-1.
>
> Necessitated by a Windows Server 2016 DC being installed.
>
>
> The following is the Global section.service of the config file as written:
>
> [global]
>       workgroup = boost
>       realm = boost.com
>       server string = Samba Server Version %v
>       interfaces = lo eth0 172.21.10.2/255.255.0.0
>       case sensitive = Yes
>       hide dot files = No
>       log file = /var/log/samba/log.%m
>       max log size = 50
>       security = domain
Wrong security, it should be 'ADS' against an AD domain
>       passdb backend = tdbsam
>       encrypt passwords = yes
>       deadtime = 15
>       local master = no
>       load printers = no
>       cups options = raw
>
> I haven't found what needs to be done to resolve the idmap error(s).

Try reading our documentation:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

>
>   
>
> At the time this was run, this server has not been added to the domain, and
> samba won't start on the server.
You need to fix your smb.conf, join the machine to the domain and start, 
smbd and winbind, you can also optionally start nmbd.
> The log file reports:
>
> # more log.smbd
>
> [2020/02/04 16:54:58.777558,  0] ../../source3/smbd/server.c:1788(main)
>    smbd version 4.10.6 started.
>    Copyright Andrew Tridgell and the Samba Team 1992-2019
> [2020/02/04 16:54:59.158430,  0]
> ../../source3/auth/auth_util.c:1386(make_new_session_info_guest)
>    create_local_token failed: NT_STATUS_NO_MEMORY
> [2020/02/04 16:54:59.166165,  0] ../../source3/smbd/server.c:2047(main)
>    ERROR: failed to setup guest info.

The above is because your smb.conf 'idmap config' lines are not set 
correctly.







More information about the samba mailing list