I am having the same issue. I have it on my AIX 7.2.5.4 system as well as my 7.3.1.1 system. Below are details on the AIX 7.3.1.1 system.
server1: oslevel -s
7300-01-01-2246
server1: lslpp -l | grep ssl
openssl.base 3.0.7.1000 COMMITTED Open Secure Socket Layer
server1: rpm -qa | grep samba
samba-common-4.16.8-1.ppc
samba-winbind-4.16.8-1.ppc
samba-libs-4.16.8-1.ppc
samba-winbind-krb5-locator-4.16.8-1.ppc
samba-client-4.16.8-1.ppc
samba-devel-4.16.8-1.ppc
samba-winbind-clients-4.16.8-1.ppc
samba-4.16.8-1.ppc
server1: rpm -qa | grep winb
samba-winbind-4.16.8-1.ppc
samba-winbind-krb5-locator-4.16.8-1.ppc
samba-winbind-clients-4.16.8-1.ppc
server1: rpm -qa | grep smb
libsmbclient-4.16.8-1.ppc
server1: rpm -qa | grep krb5
samba-winbind-krb5-locator-4.16.8-1.ppc
krb5-libs-1.18.5-2.ppc
server1: rpm -qa | grep ldap
openldap-2.5.12-1.ppc
server1: ls /opt/freeware/lib | grep -E "ssl/crypto"
server1: lslpp -l | grep openssl
openssl.base 3.0.7.1000 COMMITTED Open Secure Socket Layer
openssl.man.en_US 3.0.7.1000 COMMITTED Open Secure Socket Layer
openssl.base 3.0.7.1000 COMMITTED Open Secure Socket Layer
Jan 31 15:07:41 server1 daemon:err|error winbindd[15860144]: [2023/01/31 15:07:41.305371, 0] ../../source3/winbindd/winbindd_cache.c:3087(initialize_winbindd_cache)
Jan 31 15:07:41 server1 daemon:err|error winbindd[15860144]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Jan 31 15:07:41 server1 daemon:err|error winbindd[15860144]: [2023/01/31 15:07:41.310462, 0] ../../source3/winbindd/winbindd_util.c:1376(init_domain_list)
Jan 31 15:07:41 server1 daemon:err|error winbindd[15860144]: Could not fetch our SID - did we join?
Jan 31 15:07:41 server1 daemon:err|error winbindd[15860144]: [2023/01/31 15:07:41.310532, 0] ../../source3/winbindd/winbindd.c:1460(winbindd_register_handlers)
Jan 31 15:07:41 server1 daemon:err|error winbindd[15860144]: unable to initialize domain list
Any help much appreciated
Thanks
Jaqui
------------------------------
Jaqui Lynch
------------------------------
Original Message:
Sent: Mon January 16, 2023 10:50 AM
From: Ben Cowan
Subject: Update to latest AIX Toolbox Samba code (V4.16.5) breaks winbind
So even with the locator installed, this is what I'm seeing with my current samba config that joins to AD.
1) winbindd won't start.
[2023/01/16 07:22:11.067933, 5] ../../source3/lib/messages.c:718(messaging_register)
Registering messaging pointer for type 1038 - private_data=0
[2023/01/16 07:22:11.070003, 3] ../../source3/winbindd/winbindd_util.c:293(add_trusted_domain)
add_trusted_domain: Added domain [BUILTIN] [(NULL)] [S-1-5-32]
[2023/01/16 07:22:11.070107, 3] ../../source3/winbindd/winbindd_util.c:293(add_trusted_domain)
add_trusted_domain: Added domain [LEOPARD] [(NULL)] [S-1-5-21-2275589638-3178371853-1380871141]
[2023/01/16 07:22:11.070147, 0] ../../source3/winbindd/winbindd_util.c:1376(init_domain_list)
Could not fetch our SID - did we join?
[2023/01/16 07:22:11.070202, 0] ../../source3/winbindd/winbindd.c:1460(winbindd_register_handlers)
unable to initialize domain list
2) If I edit smb.conf and change security = ADS to security = user, then I can start winbindd successfully
3) The join still fails because security = user does not allow joining to Active Directory, however, if i edit
smb.conf again and change security = user back to security = ADS, then the join works. Note, the -k
option is deprecated, and needs to be replaced w/ --use-kerberos=required.
4) This is all well and good until a reboot or restart of winbindd occurs and it won't start up again?
So, I think we still have a problem.
------------------------------
Ben Cowan
Original Message:
Sent: Fri January 13, 2023 02:43 AM
From: Ayappan P
Subject: Update to latest AIX Toolbox Samba code (V4.16.5) breaks winbind
Thanks for reporting it.
Toolbox Samba prior to 4.16.5 version is built with bundled heimdal kerberos. Now in 4.16.5 version , it is build against Toolbox krb5-libs (MIT Keberos) rpm. So the samba-winbind-krb5-locator is required now.
------------------------------
Ayappan P
Original Message:
Sent: Thu January 12, 2023 09:02 AM
From: Mark Skinner
Subject: Update to latest AIX Toolbox Samba code (V4.16.5) breaks winbind
I see other administrators having similar Samba-related problems so I just wanted to share my success I had back in November. The solution to the problem I was having after updating to V4.16.5-1 code was suggested by Ayappan to another Samba administrator experiencing a similar problem, and that was to install the "samba-winbind-krb5-locator-4.16.5-1.aix7.1.ppc.rpm" RPM, which I had never needed before. I don't know why this additional RPM is required to successfully mount Samba fileshares, but it worked for me. The Samba RPMs installed on the working V4.16.5-1 servers are:
samba-libs-4.16.5-1.ppc
samba-winbind-4.16.5-1.ppc
samba-client-4.16.5-1.ppc
samba-winbind-krb5-locator-4.16.5-1.ppc
samba-devel-4.16.5-1.ppc
samba-winbind-clients-4.16.5-1.ppc
samba-common-4.16.5-1.ppc
samba-4.16.5-1.ppc
------------------------------
Mark Skinner
Original Message:
Sent: Fri November 11, 2022 02:28 AM
From: Ayappan P
Subject: Update to latest AIX Toolbox Samba code (V4.16.5) breaks winbind
Please share the below outputs.
"rpm -qa"
ls /opt/freeware/lib | grep -E "ssl/crypto"
lslpp -l | grep openssl
------------------------------
Ayappan P
Original Message:
Sent: Thu November 10, 2022 01:25 PM
From: Mark Skinner
Subject: Update to latest AIX Toolbox Samba code (V4.16.5) breaks winbind
The server already shows those RPMs to be at the requested levels -
[sentest4] /home/root # rpm -qa | grep -E "krb5|openldap"
openldap-2.4.58-4.ppc
krb5-libs-1.18.5-2.ppc
Any further suggestions greatly appreciated, thanks -
Original Message:
Sent: 11/10/2022 1:47:00 AM
From: Ayappan P
Subject: RE: Update to latest AIX Toolbox Samba code (V4.16.5) breaks winbind
Please update krb5-libs & openldap rpms to 1.18.5-2 & 2.4.58-4 version respectively.
------------------------------
Ayappan P
Original Message:
Sent: Wed November 09, 2022 11:34 AM
From: Mark Skinner
Subject: Update to latest AIX Toolbox Samba code (V4.16.5) breaks winbind
On our test Samba server running AIX 7200-05-04-2220 code I upgraded the Samba code from V4.14.4 to the latest available (V4.16.5) but had to revert back because mapping network drives was no longer possible. The Samba client log was posting errors such as:
Auth: [SMB2,(NULL)] user [workgroup]\[smbadmin] at [Tue, 08 Nov 2022 15:47:21.964918 EST] with [NTLMv2] status [NT_STATUS_CONNECTION_DISCONNECTED] workstation [2UA6422BXX] remote
host [ipv4:10.12.3.53:57617] mapped to [workgroup]\[smbadmin]. local host [ipv4:10.2.3.88:445]
[2022/11/08 15:47:22.016529, 2] ../../source3/auth/auth.c:348(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [smbadmin] -> [smbadmin] FAILED with error NT_STATUS_CONNECTION_DISCONNECTED, authoritative=1
[2022/11/08 15:47:22.016678, 2] ../../auth/auth_log.c:665(log_authentication_event_human_readable)
Auth: [SMB2,(NULL)] user [workgroup]\[smbadmin] at [Tue, 08 Nov 2022 15:47:22.016640 EST] with [NTLMv2] status [NT_STATUS_CONNECTION_DISCONNECTED] workstation [2UA6422BXX] remote
host [ipv4:10.12.3.53:57618] mapped to [workgroup]\[smbadmin]. local host [ipv4:10.2.3.88:445]
[2022/11/08 15:47:22.065590, 2] ../../source3/auth/auth.c:348(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [smbadmin] -> [smbadmin] FAILED with error NT_STATUS_CONNECTION_DISCONNECTED, authoritative=1
On the AIX server the operating system error log filled with repetitive windbindd error messages:
LABEL: CORE_DUMP
IDENTIFIER: A924A5FC
Date/Time: Wed Nov 9 10:55:36 EST 2022
Sequence Number: 24138
Machine Id: 00FB16F94C00
Node Id: sentest4
Class: S
Type: PERM
WPAR: Global
Resource Name: SYSPROC
Description
SOFTWARE PROGRAM ABNORMALLY TERMINATED
Probable Causes
SOFTWARE PROGRAM
User Causes
USER GENERATED SIGNAL
Recommended Actions
CORRECT THEN RETRY
Failure Causes
SOFTWARE PROGRAM
Recommended Actions
RERUN THE APPLICATION PROGRAM
IF PROBLEM PERSISTS THEN DO THE FOLLOWING
CONTACT APPROPRIATE SERVICE REPRESENTATIVE
Detail Data
SIGNAL NUMBER
4
USER'S PROCESS ID:
10551634
FILE SYSTEM SERIAL NUMBER
1
INODE NUMBER
2
CORE FILE NAME
//core
PROGRAM NAME
winbindd
STACK EXECUTION DISABLED
0
COME FROM ADDRESS REGISTER
krb5int_d 1E8
PROCESSOR ID
hw_fru_id: 0
hw_cpu_id: 2
ADDITIONAL INFORMATION
??
??
Unable to generate symptom string.
Running the "net ads testjoin" command results in:
Illegal instruction(coredump)
Reverting back to the previously installed Samba V4.14.4 code and all is well again, all such errors disappear...
Is anyone successfully using the Samba V4.16.5 code? Is there any known problems with it? It is not working for me.
Thank you --
------------------------------
Mark Skinner
------------------------------