[Samba] AIX and SAMBA shares

Howard Coles hcoles at dollargeneral.com
Wed Nov 6 19:39:00 UTC 2024


After further updates this is what I see when I  run the join command from below:

tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 2
dbwrap_lock_order_lock: check lock order 1 for /var/lib/samba/private/secrets.tdb
lock order:  1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none> 4:<none>
dbwrap_lock_order_unlock: release lock order 1 for /var/lib/samba/private/secrets.tdb
tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 2
dbwrap_lock_order_lock: check lock order 1 for /var/lib/samba/private/secrets.tdb
lock order:  1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none> 4:<none>
dbwrap_lock_order_unlock: release lock order 1 for /var/lib/samba/private/secrets.tdb
smb_krb5_open_keytab: resolving: FILE:/etc/krb5.keytab
ads_get_kvno: Searching for account GVLAC231$
ads_get_kvno: Using: CN=HOSTNAME,OU=UX Servers,OU=Servers,DC=domain,DC=net
ads_get_kvno: Looked Up KVNO of: 12
../../lib/krb5_wrap/krb5_samba.c:1692: Will try to delete old keytab entries
Illegal instruction(coredump)

Krb5.conf file:
[libdefaults]
default_realm = DOMAIN.NET
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[domain_realm]
.dolgen.net = DOMAIN.NET
dolgen.net = DOMAIN.NET

Also the kinit command using the service account  svc-accountOU at domain.net results in:

Password for svc-accountOU at domain.net
Done!
New ticket is stored in cache file /root/krb5cc_root

--
See Ya’
Howard Coles

From: Howard Coles <hcoles at dollargeneral.com>
Date: Wednesday, November 6, 2024 at 1:09 PM
To: samba at lists.samba.org <samba at lists.samba.org>
Subject: AIX and SAMBA shares
I’m trying to join the domain enough to share folders from an AIX 7.2 (fully patched) server.  Right now SAMBA 4.18 is what is installed, and when I run the net ads join command it just hangs.

Any help with that would be appreciated.  Some details below:

When I run “net ads join createcomputer="Servers/Unix Servers" -U svc-accountOU at domain.net -d 8”  I see a constant loop of:

ads_get_kvno: Searching for account HOSTNAME$
ads_get_kvno: Using: CN=HOSTNAME,OU=UXServers,OU=Servers,DC=domain,DC=net
ads_get_kvno: Looked Up KVNO of: 9
../../lib/krb5_wrap/krb5_samba.c:1692: Will try to delete old keytab entries
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal: retrictedkrbhost/hostname.domain.net at DOMAIN.NET (kvno 1) - trying to remove it.
../../lib/krb5_wrap/krb5_samba.c:1788: removed old entry for principal: retrictedkrbhost/hostname.domain.net at DOMAIN.NET (kvno 1).
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal retrictedkrbhost/hostname.domain.net at DOMAIN.NET (kvno 1) - trying to remove it.
../../lib/krb5_wrap/krb5_samba.c:1788: removed old entry for principal:  retrictedkrbhost/hostname.domain.net at DOMAIN.NET NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET> (kvno 1).
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal retrictedkrbhost/hostname.domain.net at DOMAIN.NET (kvno 1) - trying to remove it.

Host is AIX 7.2 TL5 SP8

Anyone seen this before?

yes, I ran “net ads leave -U svc-accountOU at domain.net” and it reports
Password for [svc-accountOU at domain.net]:
kerberos_kinit_password svc-accountOU at DOMAIN.NET failed: Cannot contact any KDC for requested realm
Deleted account for 'GVLAC231' in realm 'DOMAIN.NET'


The krb5.conf file looks the same as boxes that are working fine with Samba 4.10.6-1  but we’re trying to upgrade to keep up to date.  I don’t want to revert back to 4.10 if I can avoid it.  I need Python3.9 if I can get it to work.


--
See Ya’
Howard Coles Jr.
Principle Platform Engineer
Phone: 615-855-5348

John 3:16!



More information about the samba mailing list