HPE Community
Operating System - HP-UX
1754021 Members
7598 Online
108811 Solutions
New Discussion юеВ

Re: Windows shares

 
Jamie B.
Occasional Contributor

тАО06-29-2010 11:44 AM

тАО06-29-2010 11:44 AM

Windows shares

After wrecking a system in my last attempt, maybe I should just try asking...

What I have:
HP-UX 11.31

What I need to do:
Get a shared folder on the HP-UX machine which can be accessed by active directory users.

For example, I want to join the existing domain MYDOMAIN.LOCAL and have user MYDOMAIN\myuser access a share on the HP-UX box.

I'm having a terrible time just figuring out what software I need to accomplish this.

I'm not afraid of going out and finding the installation procedures and documentation on my own (much) but I'm not even sure what I need in what order.
0 Kudos
Reply
8 REPLIES 8
Jeff_Traigle
Honored Contributor

тАО06-29-2010 11:48 AM

тАО06-29-2010 11:48 AM

Re: Windows shares

You need CIFS Server:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B8725AA
--
Jeff Traigle
0 Kudos
Reply
singh sanjeev
Trusted Contributor

тАО06-29-2010 11:57 AM

тАО06-29-2010 11:57 AM

Re: Windows shares

Yes CIFS/SAMBA can help you to export the unix File system on window system .for more info read doc refer by jeff
Sanjeev Singh
0 Kudos
Reply
Andy Bustamante
Honored Contributor

тАО06-29-2010 01:59 PM

тАО06-29-2010 01:59 PM

Re: Windows shares

As pointed out CIFS Server. Download the latest kit.

Before configuring Samba, set up Kerberos, http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?lang=en&cc=us&taskId=101&prodClassId=10008&contentType=SupportManual&docIndexId=64255&prodTypeId=18964&prodSeriesId=4164646 for details. This is part of HP-UX for your version so it's already installed.

Run /opt/samba/bin/samba_setup to configure and join your domain. Some of open source Samba docs make setup more complicated.

Use /etc/opt/samba/username.map to map domain users to HP-UX users.



If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
0 Kudos
Reply
Jamie B.
Occasional Contributor

тАО06-30-2010 12:10 PM

тАО06-30-2010 12:10 PM

Re: Windows shares

Here's what I now have:

Kerberos V5 Client Version 1.3.5.03
CIFS-Server version A.02.04.01

Let me know if there's something wrong with this. I was reading about compatibility problems in earlier versions?


I'm confused on Kerberos setup. We have a Windows 2003 Active Directory DC. Do I need to be running a "KDC Server"? Do I need to mess with pam.conf?

I'm finding the instructions to be....less than intuitive. Do I need a "KDC Server"?


I notice samba_setup will create a krb5.conf for me, but I'm getting errors.

I run samba_setup and specify:
No wins server (we don't use WINS)
No LDAP
role = ADS_member_server
Server name = IDM-200
Realm = IDM-RK.LOCAL
DC = IDM-RK-DC.IDM-RK.LOCAL (and this pings fine so DNS understands it)

I end up with the following output:
-----
Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.

An error occurred in the join command!

Net ads join returned the following:

Using short domain name -- IDM-RK
Deleted account for 'IDM-200' in realm 'IDM-RK.LOCAL'
Failed to join domain: Type or value exists

Verify that your realm and ADS domain controller are specified correctly in your configuration files and that your administrator and password are correct.
-----

I am quite certain that IDM-RK-DC.IDM-RK.LOCAL is our Active Directory DC and that the username and password are correct (we have joined plenty of Windows machines to it).
0 Kudos
Reply
Andy Bustamante
Honored Contributor

тАО06-30-2010 03:21 PM

тАО06-30-2010 03:21 PM

Re: Windows shares

If you upgrade to CIFS 02.03.05 you'll be ready for Windows Server 2008 domains plus you get a few bug fixes. No reboot required, painless update.

I configured krb5.conf manually. You need fully qualified names here. No changes are required for pam.conf (yes it's in the Samba doc, but you don't need it).




If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
0 Kudos
Reply
Andy Bustamante
Honored Contributor

тАО06-30-2010 04:00 PM

тАО06-30-2010 04:00 PM

Re: Windows shares

My bad, you already have a updated CIFS server installed. You're Win 2008 server ready already.

If you don't have time to do it right, when will you have time to do it over? Reach me at first_name + "." + last_name at sysmanager net
0 Kudos
Reply
Jamie B.
Occasional Contributor

тАО07-01-2010 06:04 AM

тАО07-01-2010 06:04 AM

Re: Windows shares

I suspect it's Kerberos that's giving me trouble (see previous error messages when trying to join the domain as an ADS member).

What's this keytab file (from the "Configuration Guide for Kerberos Client Products on HP-UX", pg 87)?

Is that something that exists on the Windows Active Directory server and needs to be copied over, or something I create or something I don't need?
0 Kudos
Reply
Jamie B.
Occasional Contributor

тАО07-01-2010 12:09 PM

тАО07-01-2010 12:09 PM

Re: Windows shares

/wrists

I finally got it working. The real roadblock turned out to be something that I didn't see in any manual anywhere.

In my /etc/hosts file, I had this in there, which is what it came with:

127.0.0.1 localhost loopback

What I needed was this:

127.0.0.1 IDM-200.IDM-RK.LOCAL IDM-200


After that I had no trouble with "net ads join -U" and now it's all up and running.

---

One side question: when creating shares for particular users, what's the format for ADS usernames?

e.g.
valid users = jimbo@IDM-RK didn't work -- neither did just "jimbo" where jimbo is an Active Directory user.

I can access a public share (public = yes) by logging in as jimbo@IDM-RK (and the files get jimbo's security) but it balks at his own private share.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.