HPE Community
Operating System - HP-UX
1832154 Members
6597 Online
110038 Solutions
New Discussion

Re: cifs / samba configuration for ux 11.0

 
SOLVED
Go to solution
Randy Hagedorn
Regular Advisor

‎09-03-2004 08:02 AM

‎09-03-2004 08:02 AM

cifs / samba configuration for ux 11.0

Hi all,
I would like to use Samba/Server on HP-UX 11.0 with CIFS on Windows to allow access of Unix files and printers from Windows clients.

I have been running samba_setup on our HP system, only to have it error out when it attempts to join the domain.

Configuring HP CIFS Server, uxtest, as a domain_member_server
in XYZ with domain level authentication.
This may take a moment...

Attempting to join the domain XYZ ...


An error occurred, here is the output of the smbpasswd command:

Unable to join domain ABC.
change_trust_account_password: unable to read the machine account password for domain ABC.



Make sure the HP CIFS Server netbios name was added to the
domain and that the domain and Primary Domain Controller names were
entered correctly.


Would you like to try again?

_________________________________________
Does anyone have any pointers as to troubleshooting this?

Thanks,
Randy
0 Kudos
Reply
5 REPLIES 5
Sundar_7
Honored Contributor

‎09-03-2004 08:11 AM

‎09-03-2004 08:11 AM

Re: cifs / samba configuration for ux 11.0

Randy,

In the PDC of the windows domain your CIFS server is member of (Workgroup option in smb.conf), you need to create a machine account and it should match the NETBIOS name of the CIFS server running in UX box.

If you select the server level security, you dont have to join the domain.

Create the account for the CIFS server in the Primary Domain Controller and give it a try again.

-- Sundar.

Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
eric roseme
Respected Contributor

‎09-07-2004 03:54 AM

‎09-07-2004 03:54 AM

Solution

Re: cifs / samba configuration for ux 11.0

Hi Randy,

You can see an example of how to add the computer (machine name - netbios name) to the ADS in my whitepaper at:

http://www.docs.hp.com/hpux/onlinedocs/4502/CIFS_W2000_Interop.pdf

on page 27.

Use the name from your smb.conf "netbios name =" parameter. Do not fully qualify it, either in smb.conf or when you try to add it to the domain.

Alternatively, on 3.0, you can do a "net rpc oldjoin -U administrator%password" and you do not need Domain Controller access, although it's not always easy to get ahold of that password.

Eric Roseme
Reply
Sundar_7
Honored Contributor

‎09-07-2004 05:52 AM

‎09-07-2004 05:52 AM

Re: cifs / samba configuration for ux 11.0

There is only a slight advantage in going for the domain level authentication instead of server-level security.

1) With server level security, your CIFS server keeps a connection open with the Password server for the entire period during which the client connection is active. This might saturate the number of connections your PDC can handle at a time if there are too many Samba users connecting to your CIFS server.

2) With domain level security, you dont have to bother explicitly listing the password servers. You can mention "*" in the Password servers list, CIFS server will automatically make some RPC calls and find out the password server for the domain.

Other than, server and domain level security is oblivous to the user community.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎09-07-2004 06:31 AM

‎09-07-2004 06:31 AM

Re: cifs / samba configuration for ux 11.0

Check out:

http://docs.hp.com/hpux/onlinedocs/B8725-90061/B8725-90061.html

I use SECURITY=SERVER, just found it less of a hassle then DOMAIN.
I also make use of username.map.


Another good source of documentation is online with CIFS with SWAT:

http://yourserver:901

Click on help.

Rgds...Geoff


Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
eric roseme
Respected Contributor

‎09-07-2004 10:09 AM

‎09-07-2004 10:09 AM

Re: cifs / samba configuration for ux 11.0

In "The Official Samba-3", section 3.3.5 (page 36 in my copy) you can read a list of reasons not to use "security = server". In addition to these, it is probable that the Samba team will discontinue "server" in an upcoming version.

Eric
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.