1833031 Members
2454 Online
110049 Solutions
New Discussion

CIFS and ADS

 
SOLVED
Go to solution
Sundar_7
Honored Contributor

CIFS and ADS

Folks, I am in an urgent need to upgrade my CIFS software to a version that works with W2k ADS. Currently my CIFS server (A.01.09.04 Samba version 2.2.5) is a member of a NT4.0 domain that is scheduled to be phased out soon.

1) As of now, I understand there is no "supported" version of CIFS from HP that has support for ADS. Am I correct ?

2) If my W2K ADS PDC has been configured in the multi-mode (to support both NTLM and Kerberos), can I just join the domain and continue to use the current CIFS version I have ? - Can smbpasswd be used to join a W2K domain too ? - Has anyone tried this before successfully ?

Any useful replies will be appreciated with bunnies ;)

TIA

Sundar
Learn What to do ,How to do and more importantly When to do ?
7 REPLIES 7
Dave Olker
Neighborhood Moderator

Re: CIFS and ADS

My buddy and colleague Eric Roseme presents CIFS topics at HP World each year, and his presentations always talk about how CIFS can integrate with Active Directory.

He is delivering another paper at this year's convention. Here is the abstract:

3112 HP CIFS Server with Samba 3.0 and Windows Server 2003

Speakers: eric rosemeâ Hewlett-Packard

Benefit 1: Learn about the latest Samba 3.0 features for HP CIFS Server and how they apply to Windows 2003 integration.

Benefit 2: Learn best practices for maximizing Active Directory interoperability with Samba 3.0.

Benefit 3: Preview the R&D road map for HP CIFS Server and help influence future functionality for your enterprise.

Abstract: HP CIFS Server provides Windows integration and client connectivity to HP-UX server platforms and is currently based upon Samba 2.2. HP CIFS Server will soon migrate to the Samba 3.0 base, which adds important and complex new features, functionality and operations.

This presentation will provide details about what to expect when migrating from CIFS Server 2.2 to CIFS Server 3.0 with its enhanced integration for Windows 2000 and 2003 Active Directory. The technology, features and configuration details covered will include Kerberos authentication and configuration, LDAP user database design and setup for Samba, Active Directory integration enhancements, new NET command-line interface, enhanced Windows user and group mapping and more. In addition, you'll learn about HP-UX-specific performance enhancements and tuning tips for Samba 3.0. Be prepared for a smooth HP CIFS Server 3.0 migration or installation--learn about it here first.

-------------------------------

As you can see from the abstract, he spends a lot of time talking about Active Directory integration. Even though this is a Samba 3.0-based version of CIFS, I know his previous talks about our current CIFS offering also integrate with ADS.

You might be able to find his previous HP World presentations posted on the Interex repository site or on one of the CDs given out at HP World events.

Regards,

Da


I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Sundar_7
Honored Contributor

Re: CIFS and ADS

SEP - The current version of CIFS supports
LDAP but doesnt have support for ADS.

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B8725-90062/B8725-90062_top.html&con=/hpux/onlinedocs/B8725-90062/00/00/11-con.html&toc=/hpux/onlinedocs/B8725-90062/00/00/11-toc.html&searchterms=Active%7cDirectory%7cCIFS&queryid=20040802-194612

In the above document it is mentioned "The HP CIFS Server does not support the Microsoft Active Directory Services (ADS) configurations."



Learn What to do ,How to do and more importantly When to do ?
Jeff_Traigle
Honored Contributor

Re: CIFS and ADS

Correct... Current production CIFS cannot integrate into a native AD environment. Samba v3.0.X will, but it's still in development for CIFS. There was another thread in the past day or two that gave a link to HP's info on the technical review for the new version.

If your W2K environment is in mixed-mode (or multi-mode... whatever they call it), meaning it has WINS enabled, then you can successfully join the domain with smbpasswd with CIFS. We do it in my current environment. You just have to create the computer account on the WIndows side as a pre-Windows 2k client.
--
Jeff Traigle
Sundar_7
Honored Contributor

Re: CIFS and ADS

Hi Jeff,

Apparently my windows 2K domain server is running in multi-mode.

I created the machine account in the PDC and was able to join the domain using smbpasswd command.

But when I browse the machines from :My network places" I dont see my CIFS server listed there ? -

Learn What to do ,How to do and more importantly When to do ?
Jeff_Traigle
Honored Contributor

Re: CIFS and ADS

It can take up to 45 minutes for it to show up in the list even when everything is configured correctly. Just depends on Windows propogating it everywhere it needs to.

Other things to be aware of... are there Windows systems on the same subnet as your CIFS box? If not (or none that are configured to become a local master browser), you must configure the CIFS system as a local master browser in smb.conf. That was a gotcha they had in my current environment. (Don't configure it to be domain master browser though... that will cause major problems since it will be conflicting with your Win2k server for that role.)
--
Jeff Traigle
eric roseme
Respected Contributor
Solution

Re: CIFS and ADS

I'd like to clear up a few things:

1. The current version of HP CIFS Server is 2.2j, A.01.11.02, based upon Samba 2.2.10.
2. 2.2j can join a W2000/W2003 domain in mixed or native modes. The only restriction is that you cannot disable NetBIOS. Many users go to native mode to run MS DDNS exclusively and then disable NetBIOS. CIFS/Samba requires NetBIOS.
3. Many users mistake the Samba 3.0 feature "security = ads" with actual ADS integration. "security = ads" allows Samba Kerberos authentication and LDAP read/write to the AD. The 2.2j "security = domain" uses NTLM authentication and uses MSRPC read/write to the AD (3.0 also can use "security = domain"). Both provide the end result of domain authentication and AD read/write.
4. You can test CIFS based upon Samba 3.0.2 by downloading the Technology Preview Release at: http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=CIFSTP3. The Technology Preview will be updated to 3.0.5 during the week of 8/23-27.
5. As Dave Olker mentioned above, you can read a white paper that identifies the differences between mixed mode and native mode, and how those differences affect CIFS/Samba, at: http://www.docs.hp.com/hpux/onlinedocs/4502/CIFS_W2000_Interop.pdf
6. If your CIFS server is still not browseable, you can also try: "remote announce = domaincontroller", assuming your DC is also a domain master browser.

Eric