[Samba] Samba on AIX with security = ads - does it actually work?
Rowland penny
rpenny at samba.org
Wed May 26 08:25:29 UTC 2021
On 26/05/2021 01:11, Ben Huntsman via samba wrote:
> I take it there are not many AIX users here. I have continued to dig on this and I discovered this:
>
> https://www.ibm.com/support/pages/apar/IJ29552
>
> That APAR from IBM covers a bug that prevents some LAM modules from working. And indeed, installing it improved the situation for winbind on AIX. With that ifix (or with upgrading to AIX 7100-05-08), I can now log into the AIX system via ssh or telnet using AD username/passwords that aren't defined on the system! That's a huge step in the right direction! And also an indicator that Samba on AIX may be broken due to AIX bugs.
>
> Unfortunately, there is still the problem that if a user isn't defined on AIX, it can't connect to \\<aix host name>, despite the fact that the log clearly shows that it successfully authenticates the user, but then the session bombs out:
>
> # smbclient //testhost/share1 -U MY\\testuser
> Enter MY\testuser's password: <correct password>
> session setup failed: NT_STATUS_UNSUCCESSFUL
> # smbclient //testhost/share1 -U MY\\testuser
> Enter MY\testuser's password: <purposefully-typed incorrect password>
> session setup failed: NT_STATUS_LOGON_FAILURE
>
> I'm pretty sure it all comes down to this:
>
> May 25 17:05:55 testhost daemon:err|error smbd[5308666]: [2021/05/25 17:05:55.001540, 0] ../../source3/lib/system_smbd.c:226(getgroups_unix_user)
> May 25 17:05:55 testhost daemon:err|error smbd[5308666]: get_user_groups: failed to get the unix group list
>
> Somehow, even though winbind can clearly get information about the groups via lsgroup, wbinfo -g, etc, when a user browses to \\<aix host name>, it fails to return the list of groups and then our SMB session fails to get established.
>
> Has anyone seen this, or know more about it, or if it's resolved in newer Samba builds?
>
> Thank you very much to all who have replied so far! Your help is greatly appreciated!
>
> -Ben
>
From everything you have posted, I am fairly convinced that you have an
AIX problem and not a Samba problem. I can assure you that Samba works
on Linux, it just doesn't seem to work on AIX.
Rowland
More information about the samba
mailing list