After further updates this is what I see when I run the join command from
below:
tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 2
dbwrap_lock_order_lock: check lock order 1 for
/var/lib/samba/private/secrets.tdb
lock order: 1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none>
4:<none>
dbwrap_lock_order_unlock: release lock order 1 for
/var/lib/samba/private/secrets.tdb
tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 2
dbwrap_lock_order_lock: check lock order 1 for
/var/lib/samba/private/secrets.tdb
lock order: 1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none>
4:<none>
dbwrap_lock_order_unlock: release lock order 1 for
/var/lib/samba/private/secrets.tdb
smb_krb5_open_keytab: resolving: FILE:/etc/krb5.keytab
ads_get_kvno: Searching for account GVLAC231$
ads_get_kvno: Using: CN=HOSTNAME,OU=UX Servers,OU=Servers,DC=domain,DC=net
ads_get_kvno: Looked Up KVNO of: 12
../../lib/krb5_wrap/krb5_samba.c:1692: Will try to delete old keytab entries
Illegal instruction(coredump)
Krb5.conf file:
[libdefaults]
default_realm = DOMAIN.NET
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[domain_realm]
.dolgen.net = DOMAIN.NET
dolgen.net = DOMAIN.NET
Also the kinit command using the service account svc-accountOU at domain.net
results in:
Password for svc-accountOU at domain.net
Done!
New ticket is stored in cache file /root/krb5cc_root
--
See Ya?
Howard Coles
From: Howard Coles <hcoles at dollargeneral.com>
Date: Wednesday, November 6, 2024 at 1:09?PM
To: samba at lists.samba.org <samba at lists.samba.org>
Subject: AIX and SAMBA shares
I?m trying to join the domain enough to share folders from an AIX 7.2 (fully
patched) server. Right now SAMBA 4.18 is what is installed, and when I run the
net ads join command it just hangs.
Any help with that would be appreciated. Some details below:
When I run ?net ads join createcomputer="Servers/Unix Servers" -U
svc-accountOU at domain.net -d 8? I see a constant loop of:
ads_get_kvno: Searching for account HOSTNAME$
ads_get_kvno: Using: CN=HOSTNAME,OU=UXServers,OU=Servers,DC=domain,DC=net
ads_get_kvno: Looked Up KVNO of: 9
../../lib/krb5_wrap/krb5_samba.c:1692: Will try to delete old keytab entries
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal:
retrictedkrbhost/hostname.domain.net at DOMAIN.NET (kvno 1) - trying to remove
it.
../../lib/krb5_wrap/krb5_samba.c:1788: removed old entry for principal:
retrictedkrbhost/hostname.domain.net at DOMAIN.NET (kvno 1).
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal
retrictedkrbhost/hostname.domain.net at DOMAIN.NET (kvno 1) - trying to remove
it.
../../lib/krb5_wrap/krb5_samba.c:1788: removed old entry for principal:
retrictedkrbhost/hostname.domain.net at DOMAIN.NET
NET<mailto:restrictedkrbhost/gvlac231.dolgen.net at DOLGEN.NET> (kvno 1).
../../lib/krb5_wrap/krb5_samba.c:1771: Found old entry for principal
retrictedkrbhost/hostname.domain.net at DOMAIN.NET (kvno 1) - trying to remove
it.
Host is AIX 7.2 TL5 SP8
Anyone seen this before?
yes, I ran ?net ads leave -U svc-accountOU at domain.net? and it reports
Password for [svc-accountOU at domain.net]:
kerberos_kinit_password svc-accountOU at DOMAIN.NET failed: Cannot contact any
KDC for requested realm
Deleted account for 'GVLAC231' in realm 'DOMAIN.NET'
The krb5.conf file looks the same as boxes that are working fine with Samba
4.10.6-1 but we?re trying to upgrade to keep up to date. I don?t want to
revert back to 4.10 if I can avoid it. I need Python3.9 if I can get it to
work.
--
See Ya?
Howard Coles Jr.
Principle Platform Engineer
Phone: 615-855-5348
John 3:16!