HPE Community
Operating System - OpenVMS
1753822 Members
9802 Online
108805 Solutions
New Discussion юеВ

Re: CIFS on OpenVMS IA64.

 
The Brit
Honored Contributor

тАО12-01-2009 07:01 AM

тАО12-01-2009 07:01 AM

Re: CIFS on OpenVMS IA64.

Paul,

....
More importantly, it no longer modifies the security applied by OpenVMS to new objects (almost to a fault). Be sure to read the ps009 release notes (you have been warned :O)
....

I assume that the warning relates to the sentence above, regarding OpenVMS Security settings.

(or is there something else??)

Dave
0 Kudos
Robert Atkinson
Respected Contributor

тАО12-01-2009 07:12 AM

тАО12-01-2009 07:12 AM

Re: CIFS on OpenVMS IA64.

Just spotted the fix in the release notes (attached) :-

"If a file is being overwritten from DOS prompt, it leads to file corruption"


Dave, I'm guessing the reference to reading the release notes is because the way CIFS handles security has been completely rewritten in PS009.

From HP - "You better read them carefully because much has changed regarding security settings".

Rob.
0 Kudos
The Brit
Honored Contributor

тАО12-01-2009 07:19 AM

тАО12-01-2009 07:19 AM

Re: CIFS on OpenVMS IA64.

Thanks Rob,
I already downloaded the Patch Kit and Release Notes. I read through the release notes, and my comment was due to the fact that nothing else really jumped out at me.

Having said that, I am not sufficiently comfortable with this AD/DC/etc (basically, Windows) stuff, to be able to say that I would immediatly recognise potential problems.

Dave
0 Kudos
Robert Atkinson
Respected Contributor

тАО12-01-2009 07:29 AM

тАО12-01-2009 07:29 AM

Re: CIFS on OpenVMS IA64.

To be honest, I'm still struggling to get my head round how to set it up so that security is managed from the Windows side rather than the VMS side - something A/S did completely transparently.

There's a whole step to do with UID's and GID's and mapping over to SID's, that are all required in the default configuration, but aren't documented all that well.

If someone would like to write a brief document on the whys and wherefores of these mappings, I'm sure that would help us all out. I've discussed it with HP, but I still can't get my head round it.

Rob.
0 Kudos
Willem Grooters
Honored Contributor

тАО12-01-2009 11:03 AM

тАО12-01-2009 11:03 AM

Re: CIFS on OpenVMS IA64.

Rob,

I can only agree on that matter.
If you're not familair with the Windows or Unix way of doing things (:D the wrong way ? :D ) it's hard to get things running properly.
What do I need to set up, and how? What are the steps in creating a domain controller, and what has to be done to get a nachine inside the domain? I gave up here, since it simply is too much work.
CIFS would be really useful if there were scripts you coul run to:
* create a domain
* Add systems to a domain
* Add users to a domain
* create a single-sign-on to acces these shares...

Now I need to know Windows system administration as well, and be an Unix/Linux admin as well. Just to get the thing running....
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Willem Grooters
Honored Contributor

тАО12-01-2009 11:04 AM

тАО12-01-2009 11:04 AM

Re: CIFS on OpenVMS IA64.

Scipts - I mean DCL procedures, of course.
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
The Brit
Honored Contributor

тАО12-02-2009 05:54 AM

тАО12-02-2009 05:54 AM

Re: CIFS on OpenVMS IA64.

OK, here's what I have,

I have a windows PDC controlling DOM1

I have a second Server (Alpha DS10, OpenVMS 8.3) running Advanced Server and controlling domain DOM2

There is mutual trust between DOM1 and DOM2.

Now along comes the new server

BL860c blade, (IA64, OpenVMS 8.3-1H1) running CIFS 1.1-E1 (including PS009). It needs to join the DOM2 domain as a member server.

I have added this host to the Alpha ADV Server (DOM2) using;

$ ADMIN ADD COMPUTER /ROLE=SERVER

The SMB.CONF file on the new blade server looks like,

[global]
server string = Samba %v running on %h (OpenVMS)
netbios name = %h
security = domain
passdb backend = tdbsam
domain master = no
domain logons = no
guest account = SAMBA$GUEST
log file = /samba$root/var/log_%h.%m
create mode = 0755
host msdf = no

[homes]
comment = Home Directories
browseable = no
read only = no
create mode = 0750

[dave]
comment = Dave's Testing Directory
path = /users/dave
guest ok = yes
read only = no

OK! Here is the question!

I want the CIFS server to join the DOM2 domain, and to do this I intend to execute the

$ NET RPC JOIN

command.

Will the new server automatically join DOM2 because its biosname has only been added to DOM2, or,

Do I need to specify the correct domain by using the

work group = DOM2

parameter in the [global] section of the SMB.CONF file ??

Dave.

0 Kudos
Paul Nunez
Respected Contributor

тАО12-02-2009 06:06 AM

тАО12-02-2009 06:06 AM

Re: CIFS on OpenVMS IA64.

Hi Dave,

You have to specify:

workgroup = dom2

(note: no space in "workgroup") in the [global] section. The default workgroup name is LANGROUP.

Regards,

Paul
0 Kudos
The Brit
Honored Contributor

тАО12-02-2009 06:27 AM

тАО12-02-2009 06:27 AM

Re: CIFS on OpenVMS IA64.

Thanks for the reply Paul,

The documentation is pretty lacking in this area. In the section on "Adding an HP CIFS Server to a Domain", there is no mention of this requirement. The only hint was that both of the examples (on p45 and p46) included this parameter (workgroup) with a comment "# Domain Name"

Thanks for your help. I'll let you know how it goes.

Dave
0 Kudos
Robert Atkinson
Respected Contributor

тАО12-02-2009 06:51 AM

тАО12-02-2009 06:51 AM

Re: CIFS on OpenVMS IA64.

Dave, here's the start of my SMB.CONF :-

[global]
workgroup = UK
server string = Samba %v running on %h (OpenVMS)
security = DOMAIN
username map = /samba$root/lib/username.map
log level = 1
log file = /samba$root/var/log_%h.%m
max log size = 1000000
load printers = No
os level = 65
preferred master = No
local master = No
domain master = No
wins server = 10.110.17.12
admin users = cifsadmin
# create mask = 0755
# include = samba$root:[lib]smb.conf_%h
idmap uid = 10000-10000
idmap gid = 15000-20000



Take special note of the 'max log size', 'security', 'preferred master', 'local master', 'domain master', 'wins servers', 'idmap uid' and 'idmap gid' fields.

The documentation isn't completely clear, but you will _probably_ need all of these fields for a basic configuration.

You don't need to pre-add the member server to you DOM2 domain, as the JOIN will do all that for you :-

$ net rpc join --user=administrator --server=myserver
Password:
Joined domain UKVISTA.

Rob.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.