[Samba] Samba 4.10.6-1 Configuration on AIX

Rowland penny rpenny at samba.org
Wed Feb 5 21:11:27 UTC 2020


On 05/02/2020 20:00, Bob Wyatt wrote:
> Thanks to you and Louis for your guidance.
> I really apologize for my lack of knowledge of AD and Samba; and I appreciate your patience and willingness to help.
> And I apologize for not trimming the reply - don't know how much to retain...
>
> The referenced document seems to be leveraging domain services that we're not using.
> We are only using AD user authentication to access shares on AIX.
> No single sign-on, no user administration/manipulation anywhere, no printer sharing.
>
> Kerberos shouldn’t be required, which one might think also means the imap settings shouldn’t be required.

Perhaps you should tell Microsoft that ;-)

> Although they may eventually embrace NTP, is it not configured today; without Kerberos, it isn’t required.
> We're not wanting to save any user credentials necessary in AIX to acquire access to the shares in AIX.
No, sorry, but your client needs to have the same time as the DC (+/- 5 
mins), so if you haven't installed an NTP client, I suggest you do.
>
> Testing DNS, everything is good until the "set type=SRV" _ldap_... test; it fails.
> Kerberos is not installed on AIX.
Then install the AIX versions of the kerberos client packages, but do 
not install a kerberos server (kdc), that is on your DC.
>
> The server name (hostname) was changed from the old FQDN to the new FQDN, and the /etc/hosts file was updated.
> The security was changed from domain to ADS.
>
> Testparm still reports the imap errors (see below).

That is because you still haven't got the correct 'idmap config' lines.

Do you have, or want to have rfc2307 attributes in AD, if so, read this:

https://wiki.samba.org/index.php/Idmap_config_ad

If haven't any rfc2307 attributes and do not want to add them, see here:

https://wiki.samba.org/index.php/Idmap_config_rid





More information about the samba mailing list