AIX Open Source

 View Only
  • 1.  SSSD on AIX

    Posted Wed June 01, 2022 07:00 AM


    Im working on connecting AIX to AD domain.
    Its required a lot of work to configure user / group account in doman (like gid uid etc).
    On Linux we can use SSSD with reduce configuration in domain.

    Is there any plan to port SSSD to AIX ?

    Best regards,


    Adam Waściński

  • 2.  RE: SSSD on AIX

    Posted Wed June 01, 2022 07:10 AM
    We actually tried porting SSSD (1.16.X) to AIX sometime back. It didn't materialise as significant changes are required in the SSSD code to suit AIX security mechanism. 
    Additionally, the latest version 2.X has more linux specific stuffs. So there is no plan to port SSSD to AIX.

    Ayappan P

  • 3.  RE: SSSD on AIX

    Posted Thu June 02, 2022 01:17 AM


    I still see #ibmersposts on social media how AIX is user friendly and automation and then I read stuff like that. To integrate with LDAP. we have to add uids and gids manually to AD and managing the uniqueness of these values #ItsBetterManually. Redhat which IBM owns could provide a solution such as SSSD. IBM cannot afford to build a similar solution for its flagship operating system.


    Kamil Pytliński

    Kamil Pytliński

  • 4.  RE: SSSD on AIX

    Posted Thu June 02, 2022 10:43 AM
    Instead of sssd, which is a completely Linux-focussed software, you can easily use Samba's Winbind. We just yesterday had a talk about integrating AIX with Winbind at the SambaXP conference. With SAMBA+, you can also get commercial grade support, if you want that.

    SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
    phone: +49-551-370000-0, fax: +49-551-370000-9
    AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen

  • 5.  RE: SSSD on AIX

    Posted Fri June 03, 2022 01:28 AM
    Thanks for the hint, I will check this solution.

    Kamil Pytliński

  • 6.  RE: SSSD on AIX

    Posted Wed June 08, 2022 03:06 PM
    Kamil, Adam,
    as you well know AIX need some information for user authentication/authorization like UID/GID/home directory, default shell. If you decide to fully based on AD then there is not other option - you have to provide this information to AD. It's probably time consuming but it is done once and can be automated. I'm not Linux guy and don't know how sssd exactly works but I'm pretty sure Linux requires the same type of information.  If you prefer to keep the necessary information somewhere else e.g. local system that it's perfectly fine to use AD only for authentication without need to set UID/GID on AD level. For that you need to set up Kerberos.
    There are lot of implementation types like LDAP only, Kerberos only, LDAP+Kerberos. You can use AD directly you can sync it with other LDAP server. Depends what you want to achievem how you want to manage user and restrict host access or what type of features you need e.g Single Sign On or maybe auth. based on Kerberos tickets ?

    Jakub Pacowski