[Samba] Help with 4.15.6 and AIX 7.1
Albert Chin
samba at mlists.thewrittenword.com
Mon Apr 4 19:45:54 UTC 2022
I've built 4.15.6 on AIX 7.1 and have it mostly working. I've been
following
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
as a recipe to set up the Samba server as a domain member.
We set up a Windows 2016 server as an AD controller and joined the
Samba server to it:
# samba-tool domain join corp.thewrittenword.com MEMBER \
-U administrator
# samba-tool dns add ging.corp.thewrittenword.com \
corp.thewrittenword.com gin A 10.191.57.119 -U administrator
Our /etc/krb5.conf looks like:
[libdefaults]
default_realm = CORP.THEWRITTENWORD.COM
dns_lookup_realm = false
dns_lookup_kdc = true
And our smb.conf looks like:
[global]
dedicated keytab file = /etc/krb5.tab
disable spoolss = Yes
interfaces = 10.191.57.119/24
log file = /var/opt/TWWfsw/samba4156/log/log.%m
log level = 10
netbios name = GIN
realm = CORP.THEWRITTENWORD.COM
security = ADS
server role = member server
timestamp logs = Yes
username map = /etc/opt/TWWfsw/samba4156/user.map
workgroup = CORP
idmap config * : backend = autorid
idmap config * : range = 10000-9999999
[tww]
browseable = No
comment = /opt/tww
path = /opt/tww
read only = No
valid users = "@CORP\Domain Users"
And our /etc/methods.cfg was updated with:
WINBIND:
program = /usr/lib/security/WINBIND
where /usr/lib/security/WINBIND is a link to WINBIND.so.
Testing this with wbinfo:
# wbinfo -p
Ping to winbindd succeeded
# wbinfo -n tuser
S-1-5-21-2866285624-3107755260-1414945603-1115 SID_USER (1)
# wbinfo -u
CORP\administrator
CORP\guest
CORP\defaultaccount
CORP\krbtgt
CORP\china
CORP\tuser
Testing with smbclient shows:
$ smbclient '\\gin\tww' -U tuser
Password for [CORP\tuser]:
Try "help" to get a list of possible commands.
smb: \> get COMSpam_1.05.src.tgz
NT_STATUS_ACCESS_DENIED opening remote file \COMSpam_1.05.src.tgz
I've tried this against 4.15.6 from a Fedora 35 server and the "get"
works ok. Ditto against a custom build of 4.15.6 on Solaris 11.4/Intel.
I've also tried earlier versions of Samba on AIX 7.1 such as 4.12.15,
4.13.7, and 4.14.12. All perform the "get" correctly. Seems an issue
only with 4.15.6 on AIX.
The only thing I see of interest in log.10.191.57.113 is:
[2022/04/01 15:18:05.456146, 0] ../../source3/smbd/fd_handle.c:93(fsp_get_io_fd)
fsp_get_io_fd: fsp [COMSpam_1.05.src.tgz] is a path referencing fsp
I also see the following in log.winbindd-idmap:
[2022/04/01 15:20:15.542063, 1] ../../source3/winbindd/idmap_autorid_tdb.c:348(idmap_autorid_getrange_int)
Failed to read database record for key 'S-1-18': NT_STATUS_NOT_FOUND
Any ideas?
--
albert chin (china at thewrittenword.com)
More information about the samba
mailing list