[Samba] [EXTERNAL] Re: SAMBA 4.14.4 now prompts for userid and password after AIX 7.1 to 7.2 Upgrade

Philip Cunio phil.cunio at inmar.com
Tue Dec 6 22:46:35 UTC 2022

I apologize for the miscommunication and incomplete information.
This is the situation.

AIX system #1 was running AIX 7.1 with SAMBA 14.10.6. The AIX O/S of that
system was upgraded to AIX 7.2. The SAMBA version has not changed
(14.10.6). SAMBA continued to function as expected.
AIX system #2 was running AIX 7.1 with SAMBA 14.14.4. The AIX O/S of that
system was upgraded to AIX 7.2. The SAMBA version has not changed
(14.14.4). SAMBA now requests credentials when an attempt is made to map a
drive. The following error in the log for the device requesting the drive

 [2022/11/28 16:48:30.181656,
failed with [ Miscellaneous failure (see text):Failed to find cifs/
xxxx at YYYYY.COM(kvno 4) in keytab

The version of SAMBA is not changed when upgrading the AIX O/S.

Both systems are stand alone SAMBA servers functioning to provide the
ability for Windows Client devices to map drives to the AIX system.

I will review the links provided in the other posts to see if they apply to
my situation.

Complete smb.conf for System #1 and #2
        workgroup = ZZZ
        realm = YYYYY.COM
        interfaces =
        netbios name = xxxx
        security = ADS
        log file = /var/samba/log/log.%m
        log level = 3  passdb:5  auth:5
        wins server = corp-zzz-dc2.yyyyy.com <http://corp-inm-dc2.inmar.com>
        password server = corp-zzz-dc2.yyyyy.com
        socket address =
        server min protocol = SMB2
        server signing = mandatory
        create mask = 0666
        follow symlinks = yes
        unix extensions = no

        comment = flat files
        path = /data/unload/flat_files
        read only = No
        wide links = Yes

        comment = Informix group upload
        path = /data/unload/infmx_grp
        read only = No

On Mon, Dec 5, 2022 at 1:56 PM Vaughan, Robert J via samba <
samba at lists.samba.org> wrote:

> > I knew you were going to say that, but I am running a Solaris 11 domain
> member from OS package Samba that reports version 4.13.8 without winbind
> with several hundred users right now
> >
> > And same experience on Red Hat 7 and 8 (reported versions a bit
> different but newer than 4.8)
> >
> > It complains about no winbind in the logs but yet it works
> >
> >> If you read here (under the heading 'Samba 4.8.0'):
> >>
> https://urldefense.com/v3/__https://wiki.samba.org/index.php/Samba_4.8_Features_added/changed__;!!BlOwZnr7TA!mkqAC6zlQT_E3OrhCnUwT30X3XjIAN3rbBFCSsu2pq0rzs5I28WxWMn8wL1xrYqwekJfQHCMPRzNgDCb$
> <https://urldefense.com/v3/__https://wiki.samba.org/index.php/Samba_4.8_Features_added/changed__;!!BlOwZnr7TA!mkqAC6zlQT_E3OrhCnUwT30X3XjIAN3rbBFCSsu2pq0rzs5I28WxWMn8wL1xrYqwekJfQHCMPRzNgDCb$>
> >> It states:
> >> Domain member setups require winbindd
> >> Setups with "security = domain" or "security = ads" require a running
> >> 'winbindd' now. The fallback that smbd directly contacts domain
> >> controllers is gone.
> >> So, unless I have understood it wrong, if you are running Samba as a
> >> Unix domain member, from version 4.8.0 you must run winbind.
> >> The only way around this that I can think of, is that Samba has been
> >> patched to allow smbd to work in the old way, where it could contact
> the
> >> domain controller directly.
> >> The other possibility is that you are not actually running a Unix
> domain
> >> member, you are running a standalone server.
> I can only imagine that the OS vendors did the patch you suggest. In fact
> when I had a ticket open with Oracle about it they did seem to suggest they
> had done something to keep the fallback working for a while, but could no
> longer do that
> Thanks,
> Robert Vaughan
> ----------------------------------------------------------------------
> This is an e-mail from General Dynamics Land Systems. It is for the
> intended recipient only and may contain confidential and privileged
> information. No one else may read, print, store, copy, forward or act in
> reliance on it or its attachments. If you are not the intended recipient,
> please return this message to the sender and delete the message and any
> attachments from your computer. Your cooperation is appreciated.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
> <https://lists.samba.org/mailman/options/samba>




*Inmar Confidentiality 
Note*:  This e-mail and any attachments are confidential and intended to be 
viewed and used solely by the intended recipient.  If you are not the 
intended recipient, be aware that any disclosure, dissemination, 
distribution, copying or use of this e-mail or any attachment is 
prohibited.  If you received this e-mail in error, please notify us 
immediately by returning it to the sender and delete this copy and all 
attachments from your system and destroy any printed copies.  Thank you for 
your cooperation.


*Notice of Protected Rights*:  The removal of any 
copyright, trademark, or proprietary legend contained in this e-mail or any 
attachment is prohibited without the express, written permission of Inmar, 
Inc.  Furthermore, the intended recipient must maintain all copyright 
notices, trademarks, and proprietary legends within this e-mail and any 
attachments in their original form and location if the e-mail or any 
attachments are reproduced, printed or distributed.



More information about the samba mailing list