Showing results for 
Search instead for 
Did you mean: 

CIFS, AD and network shares

Occasional Advisor

CIFS, AD and network shares

Hello all,


I am finding it difficult to understand exactly what I need in my situation.  I have an HP-UX 11.23 server that I would like to set up samba shares on, and have users access those shares from their Windows 7 workstations using their Active Directory credentials. 


I do not want to use AD to authenticate users locally on the HP-UX server, nor do I want any other functionality aside from using AD resources to access the local shares.  I have read through the CIFS Server Administrator's Guide, but I am having a hard time understanding what I should be configuring.


Our Active Directory environment is managed by a different team, and depending on what is required by this process, I may or may not be allowed to take this project on.


Here is a quick breakdown on what I have on my server regarding this:


# swlist | grep -i krb
  KRB5CLIENT                    D.     Kerberos V5 Client Version
  PHSS_41167                    1.0            KRB5-Client Version 1.0 Cumulative patch
# swlist | grep -i ldap
  J4269AA                       B.05.01        LDAP-UX Integration
  openldap                      2.4.22         openldap
# swlist | grep -i cifs
  B8725AA                       A.03.01.01     HP CIFS Server
# uname -r


Can someone please point me in the right direction, and maybe provide some insight into rights/permissions that the HPUX server will need in the AD environment to make this happen. 


I appreciate any help.


Thank you much,


--John Talaga

Honored Contributor

Re: CIFS, AD and network shares

We had it working on our 11.31 cluster at one time. We've stopped using it, but I did find that we still had some config files from the setup.




        default_realm = YOURDOMAIN.COM

        YOURDOMAIN.COM = {
                kdc =
                admin_server =

    kdc = FILE:/var/adm/syslog/krb5kdc.log
    admin_server = FILE:/var/adm/syslog/kadmind.log


/etc/opt/samba/smb.conf should contain the following as well as any other configs you need:


   workgroup = YOURDOMAIN


   security = ADS

   password server =, *

   encrypt passwords = yes

   wins server =

The users need accounts on the CIFS server, however, even if they are inaccessible for user login. Supposedly, there is a way to make it work without this in place, but we never figured out how and it wasn't really necessary in our environment.


Hopefully this will help get you a little closer to success.

Jeff Traigle
Occasional Advisor

Re: CIFS, AD and network shares

Thank you for the info Jeff.  This will help me move towards setting this up. 


I was going to assign points for that post, but it appears that the new forums aren't point based anymore.  I'll check into these settings and getting our environment up and running and can return to mark as a solution.





Pete Randall
Outstanding Contributor

Re: CIFS, AD and network shares



Points have gone the way of the dodo bird.  Simply click on the "kudos start".