- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: CIFS-A.02.03.04 (SAMBA 3.1) issue in HP-UX 11....
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-28-2010 11:26 AM
тАО01-28-2010 11:26 AM
I have configured samba 3.1 as domain member in HP-UX 11.31, I have used following steps:
1)copied the kerberos sample file:
# cp /usr/contrib/krb5/sample/krb5.conf.sample /etc/krb5.conf
2)Configured /etc/krb5.conf:
-----------------------------------------------
#vi /etc/krb5.conf
[libdefaults]
default_realm = ABC.XYZ.COM
default_tkt_enctypes = DES-CBC-CRC
default_tgs_enctypes = DES-CBC-CRC
ccache_type = 2
[realms]
ABC.XYZ.COM = {
kdc = emdlagdc67.abc.xyz.com:88
admin_server = emdlagdc67.abc.xyz.com
}
[domain_realm]
.abc.xyz.com = ABC.XYZ.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
-----------------------------------------------
3) Kerberos Client Authentication:
---------------------------------------------
#/usr/bin/kinit Administrator@ABC.XYZ.COM
Password for Administrator@ABC.XYZ.COM:
-------------------------------------------
Here I have entered the administrator's password, it is working fine.
4)Configured /etc/opt/samba/smb.conf:
----------------------------------------------
# vi /etc/opt/samba/smb.conf
[global]
workgroup = EMDNA
realm = EMDNA.EMDIESELS.COM
preferred master = no
domain master = no
local master = yes
server string = emdlagas71
netbios name = emdlagas71
security = ADS
password server = emdlagdc67.emdna.emdiesels.com emdlondc02.emdna.emdiesels.com
encrypt passwords = yes
winbind separator = /
idmap uid = 10000-20000
idmap gid = 10000-20000
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
-----------------------------------------------
5)Testing samba configuration file:
----------------------------------------------
# /opt/samba/bin/testparm
Load smb config files from /etc/opt/samba/smb.conf
Processing section "[homes]"
Processing section "[tmp]"
Loaded services file OK.
Processing comments in /etc/opt/samba/smb.conf
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
-----------------------------------------------
6)samba has been started.
7)Integrating with ADS
----------------------------------------------
# /opt/samba/bin/net ads join -U administrator
administrator's password:
Using short domain name -- EMDNA
Joined 'EMDLAGHPV01' to realm 'EMDNA.EMDIESELS.COM'
-----------------------------------------------
8)Viewing if it is integrated successfully:
----------------------------------------------
# /opt/samba/bin/net ads info
LDAP server: 143.242.67.117
LDAP server name: emdlagdc67
Realm: EMDNA.EMDIESELS.COM
Bind Path: dc=EMDNA,dc=EMDIESELS,dc=COM
LDAP port: 389
Server time: Thu, 15 Oct 2009 13:10:06 CDT
KDC server: 143.242.67.117
Server time offset: -221
----------------------------------------------
Actually my purpose is "all the domain (ABC.XYZ.COM) users should access the files and directories availabil in samba server", for that we have created the users of domain (ABC.XYZ.COM) in samba servers also, so if the users are having permission, they can connect and access samba share by using domain username and password, so the users are not required to enter the username and password while open / access the shares.
I am succeded in this, so that it is not asking username and password since alread I have logged in using domain credential.
But It is only allowing others permission.
For example, we take one user's (ze4egi) home directory:
# ll -d /home/ze4egi
drwxr-xr-x 3 ze4egi tcs 8192 Jul 28 2009 /home/ze4egi
The user id "ze4egi" is being created in domain (ABC.XYZ.COM) and samba server.
And the users home directories are shared through samba, so I am able to open the "//sambaserver/home/ze4egi" with out giving the password from windows client if I have logged in by ze4gi (domain user id).
And as mentioned above, ze4egi has read, write and execute access to //sambaserver/home/ze4egi
But I am not able to write (create / edit) the files or directories with in //sambaserver/home/ze4egi by the domain user "ze4egi".
Actullay it is taking only the others permission of the directory and file. In above mentioned home directory "/home/ze4egi" , others permission is read and execute only.
So that I am able to only read the files or directories with in //sambaserver/home/ze4egi by the domain user "ze4egi".
How to resolve this.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-29-2010 02:59 AM
тАО01-29-2010 02:59 AM
Re: CIFS-A.02.03.04 (SAMBA 3.1) issue in HP-UX 11.31
Could any of you help me to solve this issue?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2010 02:24 PM
тАО02-03-2010 02:24 PM
Solutionidmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%U
template shell = /usr/bin/sh
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
idmap backend = rid:EMDNA=10000-20000
Winbind is kind of tricky. What you eventually want is to do an "id ze4egi" and get a UID mapping of 10001 or something like that (in your 10000-20000 range).
Even better would be to not use winbind and instead use Unified Login. That will give you a more permanent and predictable Windows user config on your HP-UX box. The whitepaper here shows you how to set it up:
http://docs.hp.com/en/16322/CIFSUnifiedLoginV2.pdf
Good job on getting this far, anyway. You almost have it!
Eric Roseme
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2010 11:07 AM
тАО02-11-2010 11:07 AM
Re: CIFS-A.02.03.04 (SAMBA 3.1) issue in HP-UX 11.31
Then will it cause any issues to the samba server already integrated with in domain, they are configured before configuring "Unified Login"?
Since we have already integrated samba server with domain (ADS).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2010 12:35 PM
тАО02-11-2010 12:35 PM
Re: CIFS-A.02.03.04 (SAMBA 3.1) issue in HP-UX 11.31
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2010 12:39 PM
тАО02-11-2010 12:39 PM
Re: CIFS-A.02.03.04 (SAMBA 3.1) issue in HP-UX 11.31
You need to check the patch state of the windows 2003 systems. If they are release 1 it will not work. If its SP2 or later, there still may be needed patches.
net join or net join ads must be run and you need a Windows Server Administrator password to join the domain.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-08-2010 11:27 AM
тАО03-08-2010 11:27 AM
Re: CIFS-A.02.03.04 (SAMBA 3.1) issue in HP-UX 11.31
Now the issue has been resolved.
I have done following steps.
I have created the entry "username map" in /etc/samba/smb.conf
1)# more /etc/samba/smb.conf
username map = /etc/samba/username.map
2)more /etc/samba/username.map
john = ABC/john
Now the domain (ABC) user (john) is able to access the samba share with his own privileges.
Now the issue has been resolved.
thanks a lot.