[Samba] net ads join on AIX 5.2 - Mission Impossible ?

2005-08-11 Thread samba 
Hi all,
is it possible at all to get Samba 3 on AIX 5.2 to join a Win 2003 Domain 
natively ? All the precompiled versions do not have AD Support and having AIX 
krb5 installed (let alone using --with-ads)is enough to make a compile run fail 
- both 3.0.14 and 3.0.20rc2. Might Heimdal solve this ? Has ANYONE got a 
working installation ?
Solving this would make quite a difference to my current life, so any advice 
would be appreciated. 
TIA  regards 
Dan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] net ads join on AIX 5.2 - Mission Impossible ?

2005-08-11 Thread Doug VanLeuven 

[EMAIL PROTECTED] wrote:

Hi all,
is it possible at all to get Samba 3 on AIX 5.2 to join a Win 2003

 Domain natively ? All the precompiled versions do not have AD Support
 and having AIX krb5 installed (let alone using --with-ads)is enough

to make a compile run fail - both 3.0.14 and 3.0.20rc2. Might Heimdal
solve this ? Has ANYONE got a working installation ?
Solving this would make quite a difference to my current life,
so any advice would be appreciated. 


Yeah.  Been there.  Done that.  AIX 5.2, samba 3.0.14
I went the route of installing the linux affinity toolkit.
Used gcc to compile.  Use at least gcc 3.x
http://aixpdslib.seas.ucla.edu/index.html has a good gcc.

Compiled and installed openldap to /usr/local/openldap
just to link against samba.
Compiled and installed Kerberos to /usr/local using rpm
so if IBM ever got the development files up to speed it
would be easy to uninstall  switch back.  At the time, last
year, IBM Kerberos didn't support rc4-hmac either.

In configure use CPFLAGS, CPPFLAGS,  LDFLAGS to insure
the paths picked the homebrew versions.
I had a special account to log in where LIBPATH and PATH
would pickup the homebrew and linux affinity directories
before the system ones.

When I was done, not only did samba work in ADS = security mode,
but I could use the kerberos utilities natively with the
MS AD as the key distribution center.

I had to turn off sendfile because, although the test machine
worked fine, the production machine ran out of file handles
about 3 hours into the workday.  Couldn't even reboot cleanly.
Total lockup.  That was several months ago, maybe rc20 fixes that.
I wouldn't know.  Never figured how to simulate the load
on the development machine.

I set winbind trusted domains only = yes because I had NIS
and an identical user name correspondence between windows and
unix.  Used idmap_ad before it was rolled into the distribution
for winbindd resolution.  Didn't test other modes.

Regards, Doug
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba