cancel
Showing results for 
Search instead for 
Did you mean: 

CIFS, AD and network shares

JohnTal
Occasional Advisor

CIFS, AD and network shares

Hello all,

 

I am finding it difficult to understand exactly what I need in my situation.  I have an HP-UX 11.23 server that I would like to set up samba shares on, and have users access those shares from their Windows 7 workstations using their Active Directory credentials. 

 

I do not want to use AD to authenticate users locally on the HP-UX server, nor do I want any other functionality aside from using AD resources to access the local shares.  I have read through the CIFS Server Administrator's Guide, but I am having a hard time understanding what I should be configuring.

 

Our Active Directory environment is managed by a different team, and depending on what is required by this process, I may or may not be allowed to take this project on.

 

Here is a quick breakdown on what I have on my server regarding this:

 

# swlist | grep -i krb
  KRB5CLIENT                    D.1.6.2.09     Kerberos V5 Client Version 1.6.2.09
  PHSS_41167                    1.0            KRB5-Client Version 1.0 Cumulative patch
# swlist | grep -i ldap
  J4269AA                       B.05.01        LDAP-UX Integration
  openldap                      2.4.22         openldap
# swlist | grep -i cifs
  B8725AA                       A.03.01.01     HP CIFS Server
#
# uname -r
B.11.23

 

Can someone please point me in the right direction, and maybe provide some insight into rights/permissions that the HPUX server will need in the AD environment to make this happen. 

 

I appreciate any help.

 

Thank you much,

 

--John Talaga

3 REPLIES
Jeff_Traigle
Honored Contributor

Re: CIFS, AD and network shares

We had it working on our 11.31 cluster at one time. We've stopped using it, but I did find that we still had some config files from the setup.

 

/etc/krb5.conf:

 

[libdefaults]
        default_realm = YOURDOMAIN.COM

[realms]
        YOURDOMAIN.COM = {
                kdc = yourdomain.com
                admin_server = yourdomain.com
        }

[logging]
    kdc = FILE:/var/adm/syslog/krb5kdc.log
    admin_server = FILE:/var/adm/syslog/kadmind.log
    default = SYSLOG:NOTICE:DAEMON

 

/etc/opt/samba/smb.conf should contain the following as well as any other configs you need:

 

   workgroup = YOURDOMAIN

   realm = YOURDOMAIN.COM

   security = ADS

   password server = adsserver.yourdomain.com, *

   encrypt passwords = yes

   wins server = adsserver.yourdomain.com

The users need accounts on the CIFS server, however, even if they are inaccessible for user login. Supposedly, there is a way to make it work without this in place, but we never figured out how and it wasn't really necessary in our environment.

 

Hopefully this will help get you a little closer to success.

--
Jeff Traigle
JohnTal
Occasional Advisor

Re: CIFS, AD and network shares

Thank you for the info Jeff.  This will help me move towards setting this up. 

 

I was going to assign points for that post, but it appears that the new forums aren't point based anymore.  I'll check into these settings and getting our environment up and running and can return to mark as a solution.

 

Thanks!

 

--John

Pete Randall
Outstanding Contributor

Re: CIFS, AD and network shares

John,

 

Points have gone the way of the dodo bird.  Simply click on the "kudos start".


Pete