AIX Open Source

 View Only
Expand all | Collapse all

Update SAMBA from 4.14.4. to 4.14.10 problem with WINBIND

  • 1.  Update SAMBA from 4.14.4. to 4.14.10 problem with WINBIND

    Posted Wed February 02, 2022 04:33 AM
    since we did the SAMBA update  from 4.14.4. to  4.14.10 we have problem with WINBIN.
    Before WINBIN was not running, but when WINBIND is running, I can not connect to the SAMBA share. Same happened when WINBIND is not running.

    I add WINBIND to /etc/methods.cfg

    NIS:
            program = /usr/lib/security/NIS
            program_64 = /usr/lib/security/NIS_64


    DCE:
            program = /usr/lib/security/DCE

    KRB5:
            program = /usr/lib/security/KRB5
            options = authonly,tgt_verify=no,is_kadmind_compat=no
            program_64 = /usr/lib/security/KRB5_64

    KRB5files:
            options = db=BUILTIN,auth=KRB5

    WINBIND:
            program = /usr/lib/security/WINBIND



    I add the symlink to /usr/lib/security/

    # ll /usr/lib/security/WINBIND
    lrwxrwxrwx    1 root     system           28 Feb 01 08:47 /usr/lib/security/WINBIND -> /opt/freeware/lib/WINBIND.so
    WINBIND -> /opt/freeware/lib/WINBIND.so

    # ls -l /opt/freeware/lib/WINBIND.so
    -rwxr-xr-x    1 root     system        28153 Dec 20 16:03 /opt/freeware/lib/WINBIND.so



    We have configured in /etc/security/user Kerberos to login to the LPAR with AD password

    SYSTEM = "KRB5"




    vi /etc/smb.conf

    [global]
            unix charset = ISO-8859-1
            workgroup = DOMAIN-GROUP
            realm = MYDOMAIN
            server string = Samba Server
            security = ADS
            netbios name = aix010buhwpar
            dedicated keytab file = /etc/krb5/krb5.keytab
            kerberos method = dedicated keytab
            log level = 4
            log file = /var/log/samba/log.%m
            max log size = 500
            unix extensions = No
            load printers = No
            idmap config * : backend = tdb
            create mask = 0664
            directory mask = 0777
            hide dot files = No
            map archive = No
            mangled names = No
            interfaces = en0 10.20.31.166/24
            host msdfs = no

    Kerberos is working

    # klist -k -e /etc/krb5/krb5.keytab
    Keytab name: FILE:/etc/krb5/krb5.keytab
    KVNO Principal
    ---- --------------------------------------------------------------------------


    when I try to connect I get a logon windows, before I cut connect automatically




    and I get this error:


    [2022/02/01 09:44:20.150388,  4] ../../source3/smbd/sec_ctx.c:446(pop_sec_ctx)
      pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2022/02/01 09:44:20.214992,  3] ../../source3/auth/auth_util.c:1902(check_account)
      Failed to find authenticated user MYDOMAIN\myuser via getpwnam(), denying access.
    [2022/02/01 09:44:20.215104,  3] ../../source3/smbd/smb2_server.c:3874(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../../source3/smbd/smb2_sesssetup.
    c:146
    [2022/02/01 09:44:20.216379,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
      setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2022/02/01 09:44:20.216475,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
      setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2022/02/01 09:44:20.216523,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
      setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2022/02/01 09:44:20.216569,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
      setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2022/02/01 09:44:20.216619,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
      setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
    [2022/02/01 09:44:20.218503,  3] ../../source3/smbd/server_exit.c:240(exit_server_common)
      Server exit (NT_STATUS_CONNECTION_RESET)


    ------------------------------
    Wolfgang Tress
    AIX, Storage,SAN und Backup Admin
    Dürr IT Service GmbH
    Schopfloch
    +49 7443133121
    ------------------------------


  • 2.  RE: Update SAMBA from 4.14.4. to 4.14.10 problem with WINBIND

    Posted Wed February 02, 2022 08:24 AM

    Looks like it's more of a configuration issue. 
    Just having WINBIND entry in /etc/methods.cfg is not going to enable it. 
    You need to set /etc/security/user SYSTEM attribute to use "compat or WINBIND". 

    If you are using KRB5 for that , then there is no need to use winbindd at all. 



    ------------------------------
    Ayappan P
    ------------------------------



  • 3.  RE: Update SAMBA from 4.14.4. to 4.14.10 problem with WINBIND