AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

 View Only

  • 1.  Samba 4.16.5 (net ads join)

    Posted Sun January 01, 2023 10:24 AM
    We've been using the samba client to join to Active Directory for several years now, but after upgrading samba-client from 4.14.14 to 4.16.5, the join command we had been using has been deprecated.  The -k [--kerberos] option has been removed and has been replaced with a couple other options (--use-kerberos=required/desired or --use-krb5-ccache=/tmp/krb5cc_0).  The first option always generates a prompt for password, which is not what I want because we use an Ansible role to perform the join(s).  Beside that I get errors when I try to enter the password manually.  The second option of creating a credentials cache and using it, would be sweet, but I can't get it to work...

    Note- The actual domain name is NOT AD.NEVADA.EDU.  The following command examples use fictitious values and are just to convey the format and syntax.

    Previous command that worked under version 4.14.14 looked like this: 

    # /opt/freeware/bin/net ads join dnshostname=hostname.nevada.edu createcomputer="Servers/AIX"  createupn=host/hostname@AD.NEVADA.EDU -k -U aix-joiner%password

    When I try the new credentials cache option below, I always get this error message:

    # /opt/freeware/bin/net ads join dnshostname=hostname.nevada.edu createcomputer="Servers/AIX" createupn=hostname@AD.NEVADA.EDU --use-krb5-ccache=/var/krb5/security/creds/krb5cc_0 -U aix-joiner

    Failed to join domain: failed to lookup DC info for domain 'AD.NEVADA.EDU' over rpc: An invalid parameter was passed to a service or function.

    I find the error a bit misleading because if I add the debug option (-d10) the trace output indicates to me that the DC info for the domain is fully available, so I'm not sure what's going on.

    I will keep playing with it, but wanted to see if anyone else has crossed this bridge, and found a solution or workaround?

    Thanks, Ben Cowan
    PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and responses, unless otherwise made confidential by law, may be subject to the Nevada Public Records laws and may be disclosed to the public upon request.


  • 2.  RE: Samba 4.16.5 (net ads join)

    Posted Tue January 03, 2023 10:13 AM
    This looks like it may be a duplicate of:

    "after Update SAMBA to 4.16.5-1 winbindd Problem"

    I will just follow the progress on that, and downgrade back to 4.14.


    ------------------------------
    Ben Cowan
    ------------------------------

    Original Message