- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Latest HP CIFS Server, problems with interdomain t...
Operating System - HP-UX
1752574
Members
4616
Online
108788
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-06-2009 10:54 AM
12-06-2009 10:54 AM
Latest HP CIFS Server, problems with interdomain trusts with Windows 2008 R2 DC´s
Hello All,
I´ve still a problem with the latest HP-CIFS implementation (3.0.30 based HP CIFS Server A.02.04.01) with interdomain trusts authentication.
Current Sitauation:
HP-UX11.31 HP CIFS Server A.02.04.01 + latest Kerberos. Joined to domain "A" which has already Win2008 R2 DC´s. Domain "A" has a trust to Domain "B".
Authentication from users in domain "A" to this CIFS-Server works well.
Authentication from users in domain "B" to this CIFS-Server over the trust are not working anymore.
Error Message:
[2009/12/06 19:29:42, 0] auth/auth_domain.c:domain_client_validate(256)
domain_client_validate: unable to validate password for user xxx in domain "B" to Domain controller DC.W2K8R2.DOM. Error was NT_STATUS_INVALID_PARAMETER.
[2009/12/06 19:30:03, 0] rpc_client/cli_pipe.c:cli_pipe_verify_schannel(354)
cli_pipe_verify_schannel: auth_len 56.
Looks for me like samba bug "* BUG 6697: Fix interdomain trusts with Windows 2008 R2 DCs.
"
Any clue how we can resolve this in the current HP-UX CIFS version ?
For me there is one workaround to set in the smb.conf the "password server = name of last W2K3 Server in Domain A" then it works, but very slow cause the latest Windows 2003 DC in Domain A is only reachable over a WAN link.
And also the server will get replaced soon.
My current config Files:
kr5.conf
[libdefaults]
default_realm = W2K8R2.DOM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
#default_keytab_name = "WRFILE:/etc/krb5.keytab"
ccache_type = 2
[realms]
W2K8R2.DOM = {
kdc = dc.w2k8r2.dom:88
admin_server = dc.w2k8r2.dom
default_domain = dc.w2k8r2.dom
}
[domain_realm]
.w2k8r2.dom = W2K8R2.DOM
w2k8r2.dom = W2K8R2.DOM
smb.conf
[global]
workgroup = W2K8R2
realm = W2K8R2.DOM
server string = Samba Server
security = ADS
password server = dc.w2k8r2.dom
use kerberos keytab = Yes
load printers = No
domain master = No
disk quotas = Yes
delete readonly = Yes
allow trusted domains = yes
thanks for help
Erich
I´ve still a problem with the latest HP-CIFS implementation (3.0.30 based HP CIFS Server A.02.04.01) with interdomain trusts authentication.
Current Sitauation:
HP-UX11.31 HP CIFS Server A.02.04.01 + latest Kerberos. Joined to domain "A" which has already Win2008 R2 DC´s. Domain "A" has a trust to Domain "B".
Authentication from users in domain "A" to this CIFS-Server works well.
Authentication from users in domain "B" to this CIFS-Server over the trust are not working anymore.
Error Message:
[2009/12/06 19:29:42, 0] auth/auth_domain.c:domain_client_validate(256)
domain_client_validate: unable to validate password for user xxx in domain "B" to Domain controller DC.W2K8R2.DOM. Error was NT_STATUS_INVALID_PARAMETER.
[2009/12/06 19:30:03, 0] rpc_client/cli_pipe.c:cli_pipe_verify_schannel(354)
cli_pipe_verify_schannel: auth_len 56.
Looks for me like samba bug "* BUG 6697: Fix interdomain trusts with Windows 2008 R2 DCs.
"
Any clue how we can resolve this in the current HP-UX CIFS version ?
For me there is one workaround to set in the smb.conf the "password server = name of last W2K3 Server in Domain A" then it works, but very slow cause the latest Windows 2003 DC in Domain A is only reachable over a WAN link.
And also the server will get replaced soon.
My current config Files:
kr5.conf
[libdefaults]
default_realm = W2K8R2.DOM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
#default_keytab_name = "WRFILE:/etc/krb5.keytab"
ccache_type = 2
[realms]
W2K8R2.DOM = {
kdc = dc.w2k8r2.dom:88
admin_server = dc.w2k8r2.dom
default_domain = dc.w2k8r2.dom
}
[domain_realm]
.w2k8r2.dom = W2K8R2.DOM
w2k8r2.dom = W2K8R2.DOM
smb.conf
[global]
workgroup = W2K8R2
realm = W2K8R2.DOM
server string = Samba Server
security = ADS
password server = dc.w2k8r2.dom
use kerberos keytab = Yes
load printers = No
domain master = No
disk quotas = Yes
delete readonly = Yes
allow trusted domains = yes
thanks for help
Erich
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2009 03:42 PM
12-09-2009 03:42 PM
Re: Latest HP CIFS Server, problems with interdomain trusts with Windows 2008 R2 DC´s
Hi Erich,
Looks like you ran into a real bug, as you correctly indentified. I have entered an HP problem report for your case: QXCR1000995813. Just so you know, HP CIFS Server does not offcially support W2008R2 yet.
Your best tactic for a factory fix is to open a Response Center call and reference this QUIX, and then escalate the issue in an official capacity. As part of the call they could investigate potential workarounds (are you using winbind? It is not shown in your smb.conf).
FYI - you do not need the WRFILE in krb5.conf anymore. As of A.02.04 it is not needed. I have that documented in my whitepaper at: http://docs.hp.com/en/16322/CIFSUnifiedLoginV2.pdf. I need to revise the Kerberos whitepaper for that and other reasons, but have not finished it yet.
Eric Roseme
Looks like you ran into a real bug, as you correctly indentified. I have entered an HP problem report for your case: QXCR1000995813. Just so you know, HP CIFS Server does not offcially support W2008R2 yet.
Your best tactic for a factory fix is to open a Response Center call and reference this QUIX, and then escalate the issue in an official capacity. As part of the call they could investigate potential workarounds (are you using winbind? It is not shown in your smb.conf).
FYI - you do not need the WRFILE in krb5.conf anymore. As of A.02.04 it is not needed. I have that documented in my whitepaper at: http://docs.hp.com/en/16322/CIFSUnifiedLoginV2.pdf. I need to revise the Kerberos whitepaper for that and other reasons, but have not finished it yet.
Eric Roseme
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2010 12:13 PM
04-15-2010 12:13 PM
Re: Latest HP CIFS Server, problems with interdomain trusts with Windows 2008 R2 DC´s
You indicate a trust between domain "A" and domain "B".
Are you referring to the implicit trust between domains in the same forest, or, domains in different forests connected with a cross-forest trust?
If what I'm asking is unclear, domains in a single forest typically, but not always, share a common root namespace, e.g., a.company1.com and b.company1.com. With a cross-forest trust, you might have A.company1.com and B.company2.com.
Are you referring to the implicit trust between domains in the same forest, or, domains in different forests connected with a cross-forest trust?
If what I'm asking is unclear, domains in a single forest typically, but not always, share a common root namespace, e.g., a.company1.com and b.company1.com. With a cross-forest trust, you might have A.company1.com and B.company2.com.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2010 04:23 AM
04-16-2010 04:23 AM
Re: Latest HP CIFS Server, problems with interdomain trusts with Windows 2008 R2 DC´s
Hello John,
It´s an cross forest trust.
Both domains are in different forests:
like:
Win2008R2 Domain is eg. A.company1.com
and Win2003 domain is eg. B.company2.com
br.
Erich
It´s an cross forest trust.
Both domains are in different forests:
like:
Win2008R2 Domain is eg. A.company1.com
and Win2003 domain is eg. B.company2.com
br.
Erich
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP