Bob Wyatt
2020-Apr-21 20:32 UTC
[Samba] Samba 4.10.13-1 as a domain member, AIX 7100-05-05
In perusing Red Hat manuals for a different issue with Red Hat, this was in their RHEL 7 documentation: You can run Samba as: * An Active Directory (AD) or NT4 domain member * A standalone server * An NT4 Primary Domain Controller (PDC) or Backup Domain Controller (BDC) NOTE Red Hat supports these modes only in existing installations with Windows versions which support NT4 domains. Red Hat recommends not setting up a new Samba NT4 domain, because Microsoft operating systems later than Windows 7 and Windows Server 2008 R2 do not support NT4 domains. For my AIX setup, I have been working with a Windows Server 2016 server. If the above is true, then I can't use Samba on AIX to be a member of the Windows 2016 domain, Is it true, and if so, is there an alternative to Samba/by Samba or different setup or configuration for newer Windows domains than NT4? Regards, Bob Wyatt
Rowland penny
2020-Apr-22 08:34 UTC
[Samba] Samba 4.10.13-1 as a domain member, AIX 7100-05-05
On 21/04/2020 21:32, Bob Wyatt via samba wrote:> In perusing Red Hat manuals for a different issue with Red Hat, this was in > their RHEL 7 documentation: > > > > You can run Samba as: > > > > * An Active Directory (AD) or NT4 domain member > * A standalone server > * An NT4 Primary Domain Controller (PDC) or Backup Domain Controller > (BDC) > > > > NOTE > > Red Hat supports these modes only in existing installations with Windows > versions which support NT4 domains. Red Hat recommends not setting up a new > Samba NT4 domain, because Microsoft operating systems later than Windows 7 > and Windows Server 2008 R2 do not support NT4 domains. > > > > For my AIX setup, I have been working with a Windows Server 2016 server. > > If the above is true, then I can't use Samba on AIX to be a member of the > Windows 2016 domain, > > > > Is it true, and if so, is there an alternative to Samba/by Samba or > different setup or configuration for newer Windows domains than NT4? > > > > Regards, > > > > Bob Wyatt >Just to clear this up, Samba should be capable of running as a Unix domain member against any Windows server. There are problems with NT4 domains, mainly being that Windows stopped supporting them over 15 years ago. The major problem with RHEL (and hence Centos etc) is that you cannot provision a Samba AD DC with the OS Samba packages, this is because RHEL uses MIT kerberos. You can provision an AD DC on Fedora, but, because this uses MIT kerberos, it is marked as experimental and should not be used in production. Samba on AIX should be capable of running as a Unix domain member against a Windows DC, if you are setting the smb.conf correctly (and it looks like you are) and it doesn't work, then it may be a problem with the way that AIX is compiling Samba. If it is a Samba problem, then level 10 logs, wire traces etc are going to be required, but in the first instance, I would be asking AIX for help, why does winbind refuse to run on AIX ? Sorry I cannot be more help, but I do not have an AIX machine to test on. Rowland