[Samba] AIX and SAMBA shares

Howard Coles hcoles at dollargeneral.com
Wed Nov 6 19:09:41 UTC 2024


I’m trying to join the domain enough to share folders from an AIX 7.2 (fully patched) server.  Right now SAMBA 4.18 is what is installed, and when I run the net ads join command it just hangs.

Any help with that would be appreciated.  Some details below:

When I run “net ads join createcomputer="Servers/Unix Servers" -U svc-accountOU at domain.net<mailto:svc-accountOU at domain.net> -d 8”  I see a constant loop of:

ads_get_kvno: Searching for account HOSTNAME$
ads_get_kvno: Using: CN=HOSTNAME,OU=UXServers,OU=Servers,DC=domain,DC=net
ads_get_kvno: Looked Up KVNO of: 9
../../lib/krb5_wrap/krb5_samba.c:1692: Will try to delete old keytab entries
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal: restrictedkrbhost/hostname.domain.net at DOMAIN.NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET>(kvno 1) - trying to remove it.
../../lib/krb5_wrap/krb5_samba.c:1788: removed old entry for principal: restrictedkrbhost/hostname.domain.net at DOMAIN.NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET> (kvno 1).
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal: restrictedkrbhost/hostname.domain.net at DOMAIN.NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET>(kvno 1) - trying to remove it.
../../lib/krb5_wrap/krb5_samba.c:1788: removed old entry for principal: restrictedkrbhost/hostname.domain.net at DOMAIN.NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET> (kvno 1).
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal: restrictedkrbhost/hostname.domain.net at DOMAIN.NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET>(kvno 1) - trying to remove it.

Host is AIX 7.2 TL5 SP8

Anyone seen this before?

yes, I ran “net ads leave -U svc-accountOU at domain.net<mailto:svc-accountOU at domain.net>” and it reports
Password for [svc-accountOU at domain.net<mailto:svc-accountOU at domain.net>]:
kerberos_kinit_password svc-accountOU at DOMAIN.NET<mailto:svc-UNIXAdminsOU at DOLGEN.NET> failed: Cannot contact any KDC for requested realm
Deleted account for 'GVLAC231' in realm 'DOMAIN.NET'


The krb5.conf file looks the same as boxes that are working fine with Samba 4.10.6-1  but we’re trying to upgrade to keep up to date.  I don’t want to revert back to 4.10 if I can avoid it.  I need Python3.9 if I can get it to work.


--
See Ya’
Howard Coles Jr.
Principle Platform Engineer
Phone: 615-855-5348

John 3:16!



More information about the samba mailing list