[Samba] Help with 4.15.6 and AIX 7.1

Albert Chin samba at mlists.thewrittenword.com
Mon Apr 4 19:45:54 UTC 2022 

I've built 4.15.6 on AIX 7.1 and have it mostly working. I've been
following
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
as a recipe to set up the Samba server as a domain member.

We set up a Windows 2016 server as an AD controller and joined the
Samba server to it:
  # samba-tool domain join corp.thewrittenword.com MEMBER \
    -U administrator
  # samba-tool dns add ging.corp.thewrittenword.com \
    corp.thewrittenword.com gin A 10.191.57.119 -U administrator

Our /etc/krb5.conf looks like:
  [libdefaults]
      default_realm = CORP.THEWRITTENWORD.COM
      dns_lookup_realm = false
      dns_lookup_kdc = true

And our smb.conf looks like:
  [global]
      dedicated keytab file = /etc/krb5.tab
      disable spoolss = Yes
      interfaces = 10.191.57.119/24
      log file = /var/opt/TWWfsw/samba4156/log/log.%m
      log level = 10
      netbios name = GIN
      realm = CORP.THEWRITTENWORD.COM
      security = ADS
      server role = member server
      timestamp logs = Yes
      username map = /etc/opt/TWWfsw/samba4156/user.map
      workgroup = CORP
      idmap config * : backend = autorid
      idmap config * : range = 10000-9999999

  [tww]
      browseable = No
      comment = /opt/tww
      path = /opt/tww
      read only = No
      valid users = "@CORP\Domain Users"

And our /etc/methods.cfg was updated with:
  WINBIND:
          program = /usr/lib/security/WINBIND
where /usr/lib/security/WINBIND is a link to WINBIND.so.

Testing this with wbinfo:
  # wbinfo -p
  Ping to winbindd succeeded
  # wbinfo -n tuser
  S-1-5-21-2866285624-3107755260-1414945603-1115 SID_USER (1)
  # wbinfo -u
  CORP\administrator
  CORP\guest
  CORP\defaultaccount
  CORP\krbtgt
  CORP\china
  CORP\tuser

Testing with smbclient shows:
  $ smbclient '\\gin\tww' -U tuser
  Password for [CORP\tuser]:
  Try "help" to get a list of possible commands.
  smb: \> get COMSpam_1.05.src.tgz
  NT_STATUS_ACCESS_DENIED opening remote file \COMSpam_1.05.src.tgz

I've tried this against 4.15.6 from a Fedora 35 server and the "get"
works ok. Ditto against a custom build of 4.15.6 on Solaris 11.4/Intel.

I've also tried earlier versions of Samba on AIX 7.1 such as 4.12.15,
4.13.7, and 4.14.12. All perform the "get" correctly. Seems an issue
only with 4.15.6 on AIX.

The only thing I see of interest in log.10.191.57.113 is:
  [2022/04/01 15:18:05.456146,  0] ../../source3/smbd/fd_handle.c:93(fsp_get_io_fd)
    fsp_get_io_fd: fsp [COMSpam_1.05.src.tgz] is a path referencing fsp

I also see the following in log.winbindd-idmap:
  [2022/04/01 15:20:15.542063,  1] ../../source3/winbindd/idmap_autorid_tdb.c:348(idmap_autorid_getrange_int)
    Failed to read database record for key 'S-1-18': NT_STATUS_NOT_FOUND

Any ideas?

-- 
albert chin (china at thewrittenword.com)

More information about the samba mailing list