HPE Community
Operating System - HP-UX
1837897 Members
3446 Online
110123 Solutions
New Discussion

active directory integration / samba

 
Trever Furnish
Regular Advisor

‎08-08-2002 07:40 AM

‎08-08-2002 07:40 AM

active directory integration / samba

I have the uncomfortable feeling that this is a faq (and one with a negative answer as well), but...

Is there a simple way to allow HPUX 11.11 to use Active Directory for user authentication? ...to allow samba to provide shares to AD users?

I should probably also point out that when I say "active directory" I mean without any of the NT backwards compatibility stuff.
Hockey PUX?
0 Kudos
Reply
3 REPLIES 3
Stanley Merkx
Advisor

‎08-09-2002 12:08 AM

‎08-09-2002 12:08 AM

Re: active directory integration / samba

Take a look on software.hp.com (J4269AA).

You'll also need the Microsoft Services For Unix product, this will do the schema extensions in AD for you.

Stanley.
0 Kudos
Reply
Eric Bursley
Advisor

‎08-09-2002 06:14 AM

‎08-09-2002 06:14 AM

Re: active directory integration / samba

With Samba 2.2 or higher you can use winbindd to allow your hp-ux server to authenicate w/PAM from a Windows domain. So you will need to have your Win2k PDC Emulator on the same subnet as your HP-UX server.
You can also (through the wizardary of LDAP), authenicate using Active directory.
SFU on Windows will not provide much help except if you want to mount NFS shares on a Windows platform from HP-UX.
0 Kudos
Reply
Trever Furnish
Regular Advisor

‎08-09-2002 06:42 AM

‎08-09-2002 06:42 AM

Re: active directory integration / samba

Thanks, guys, but I think I wasn't specific enough. I'll preface this by saying that although I've started to look at the ldap-ux product (thanks), it'll take me a while to work through the docs, so if this question is answered there, don't think I'm just too lazy to read the manual - working on it. :-)

More specificly, I'm wondering if the ldap-ux product supports connecting to a fully-encrypted active directory network. Ie one that will not talk to a client without encryption.

I did note in one section of one of the ldap-ux documents that it claimed passwords were sent "in the clear and susceptible to snooping", and that HP is "working on secure LDAP authentication". That doesn't sound like it works yet.

For comparison, I also have a linux system set up with openldap and the kerberos clients and libraries set up, but when I configure the clients to use kinit against the AD or to do an ldapsearch against it, I get debugging output saying a suitable encryption method couldn't be negotiated. Cyrus-sasl and Cyrus-gss are also installed there.

I'm hoping for better luck with an HP product. As far as I know samba 2.2 only does lanmanager stuff, not kerberos. I thought the kerberos stuff was going to be part of samba 3.0...???
Hockey PUX?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.