Hello all,

Recently the Microsoft Security Updates to domain controllers had broken our installation of Samba version 4.16.8 from the AIX Toolbox, starting yesterday. I have replicated the problem on a lab server and attempted to update to Samba version 4.21.7, which is the latest one available in the AIX Toolbox, however it is experiencing the problem described here reported in 4.21.2:
https://community.ibm.com/community/user/discussion/samba-4212-1-update-broke-samba-authentication

The workaround described in this thread did not work for me. I have also looked into other workarounds, but the most promising one (use an nss backend instead of ad) does not work on AIX, as nss is Linux only.

Any assistance at all would be greatly appreciated!

Here is the error message, AD should be reporting a UID of 1431, which is what the server also has for my local user account. Before all of this updating it worked with no change in the configuration:
[2025/09/03 10:02:03.110920, 0] ../../source3/auth/auth_util.c:1954(check_account)
check_account: Failed to find local account with UID 300000 for SID S-1-5-21-1141342763-1778295836-3201674781-399852 (dom_user[DOMAIN\useraccount])

We will check on this., 
Btw, the workaround worked for some users. Can you re-check the usermap script with proper domain added in it ? 

------------------------------
Ayappan P

Original Message:
Sent: Wed September 03, 2025 01:00 PM
From: Henry Szablicki
Subject: Toolbox Provided SAMBA not working after update

Hello all,

Recently the Microsoft Security Updates to domain controllers had broken our installation of Samba version 4.16.8 from the AIX Toolbox, starting yesterday. I have replicated the problem on a lab server and attempted to update to Samba version 4.21.7, which is the latest one available in the AIX Toolbox, however it is experiencing the problem described here reported in 4.21.2:
https://community.ibm.com/community/user/discussion/samba-4212-1-update-broke-samba-authentication

The workaround described in this thread did not work for me. I have also looked into other workarounds, but the most promising one (use an nss backend instead of ad) does not work on AIX, as nss is Linux only.

Any assistance at all would be greatly appreciated!

Here is the error message, AD should be reporting a UID of 1431, which is what the server also has for my local user account. Before all of this updating it worked with no change in the configuration:
[2025/09/03 10:02:03.110920, 0] ../../source3/auth/auth_util.c:1954(check_account)
check_account: Failed to find local account with UID 300000 for SID S-1-5-21-1141342763-1778295836-3201674781-399852 (dom_user[DOMAIN\useraccount])

------------------------------
Henry Szablicki
------------------------------

We will check on this., 
Btw, the workaround worked for some users. Can you re-check the usermap script with proper domain added in it ? 

Hello all,

Recently the Microsoft Security Updates to domain controllers had broken our installation of Samba version 4.16.8 from the AIX Toolbox, starting yesterday. I have replicated the problem on a lab server and attempted to update to Samba version 4.21.7, which is the latest one available in the AIX Toolbox, however it is experiencing the problem described here reported in 4.21.2:
https://community.ibm.com/community/user/discussion/samba-4212-1-update-broke-samba-authentication

The workaround described in this thread did not work for me. I have also looked into other workarounds, but the most promising one (use an nss backend instead of ad) does not work on AIX, as nss is Linux only.

Any assistance at all would be greatly appreciated!

Here is the error message, AD should be reporting a UID of 1431, which is what the server also has for my local user account. Before all of this updating it worked with no change in the configuration:
[2025/09/03 10:02:03.110920, 0] ../../source3/auth/auth_util.c:1954(check_account)
check_account: Failed to find local account with UID 300000 for SID S-1-5-21-1141342763-1778295836-3201674781-399852 (dom_user[DOMAIN\useraccount])

Are there any updates on this? I have switched all of the users to using local samba accounts in the meanwhile. There are 30 users and they do not know how to use ssh so I will have to rotate their passwords for them.

Please let me know if there is anything more I can provide.

Thanks!

We will check on this., 
Btw, the workaround worked for some users. Can you re-check the usermap script with proper domain added in it ? 

Hello all,

Recently the Microsoft Security Updates to domain controllers had broken our installation of Samba version 4.16.8 from the AIX Toolbox, starting yesterday. I have replicated the problem on a lab server and attempted to update to Samba version 4.21.7, which is the latest one available in the AIX Toolbox, however it is experiencing the problem described here reported in 4.21.2:
https://community.ibm.com/community/user/discussion/samba-4212-1-update-broke-samba-authentication

The workaround described in this thread did not work for me. I have also looked into other workarounds, but the most promising one (use an nss backend instead of ad) does not work on AIX, as nss is Linux only.

Any assistance at all would be greatly appreciated!

Here is the error message, AD should be reporting a UID of 1431, which is what the server also has for my local user account. Before all of this updating it worked with no change in the configuration:
[2025/09/03 10:02:03.110920, 0] ../../source3/auth/auth_util.c:1954(check_account)
check_account: Failed to find local account with UID 300000 for SID S-1-5-21-1141342763-1778295836-3201674781-399852 (dom_user[DOMAIN\useraccount])