[Samba] AIX and SAMBA shares
Howard Coles
hcoles at dollargeneral.com
Wed Nov 6 19:09:41 UTC 2024
I’m trying to join the domain enough to share folders from an AIX 7.2 (fully patched) server. Right now SAMBA 4.18 is what is installed, and when I run the net ads join command it just hangs.
Any help with that would be appreciated. Some details below:
When I run “net ads join createcomputer="Servers/Unix Servers" -U svc-accountOU at domain.net<mailto:svc-accountOU at domain.net> -d 8” I see a constant loop of:
ads_get_kvno: Searching for account HOSTNAME$
ads_get_kvno: Using: CN=HOSTNAME,OU=UXServers,OU=Servers,DC=domain,DC=net
ads_get_kvno: Looked Up KVNO of: 9
../../lib/krb5_wrap/krb5_samba.c:1692: Will try to delete old keytab entries
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal: restrictedkrbhost/hostname.domain.net at DOMAIN.NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET>(kvno 1) - trying to remove it.
../../lib/krb5_wrap/krb5_samba.c:1788: removed old entry for principal: restrictedkrbhost/hostname.domain.net at DOMAIN.NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET> (kvno 1).
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal: restrictedkrbhost/hostname.domain.net at DOMAIN.NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET>(kvno 1) - trying to remove it.
../../lib/krb5_wrap/krb5_samba.c:1788: removed old entry for principal: restrictedkrbhost/hostname.domain.net at DOMAIN.NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET> (kvno 1).
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal: restrictedkrbhost/hostname.domain.net at DOMAIN.NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET>(kvno 1) - trying to remove it.
Host is AIX 7.2 TL5 SP8
Anyone seen this before?
yes, I ran “net ads leave -U svc-accountOU at domain.net<mailto:svc-accountOU at domain.net>” and it reports
Password for [svc-accountOU at domain.net<mailto:svc-accountOU at domain.net>]:
kerberos_kinit_password svc-accountOU at DOMAIN.NET<mailto:svc-UNIXAdminsOU at DOLGEN.NET> failed: Cannot contact any KDC for requested realm
Deleted account for 'GVLAC231' in realm 'DOMAIN.NET'
The krb5.conf file looks the same as boxes that are working fine with Samba 4.10.6-1 but we’re trying to upgrade to keep up to date. I don’t want to revert back to 4.10 if I can avoid it. I need Python3.9 if I can get it to work.
--
See Ya’
Howard Coles Jr.
Principle Platform Engineer
Phone: 615-855-5348
John 3:16!
More information about the samba
mailing list