HPE Community
Operating System - HP-UX
1833776 Members
2241 Online
110063 Solutions
New Discussion

Cifsclient and AD shared DFS

 
SOLVED
Go to solution
R de Vries
Occasional Advisor

‎05-22-2008 02:07 AM

‎05-22-2008 02:07 AM

Cifsclient and AD shared DFS

Hello,

I would like to use a AD hosted DFS Namespace with our HPUX boxes. I already installed cifsclient A.02.02.02 Unfortunatly it is not possible to mount a AD hosted share.

A server share is working perfect. So from my point of view this feature is not realy ready in this release.

Could somebody help me if there is a solution for this?

Best regards
Richard
0 Kudos
Reply
16 REPLIES 16
Steven E. Protter
Exalted Contributor

‎05-22-2008 02:43 AM

‎05-22-2008 02:43 AM

Re: Cifsclient and AD shared DFS

Shalom,

DFS is a microsoft feature, not part of Samba/CIFS. As far as I know its not supported at all. You could replicate the functionality with Serviceguard and CIFS/9000

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
R de Vries
Occasional Advisor

‎05-22-2008 03:15 AM

‎05-22-2008 03:15 AM

Re: Cifsclient and AD shared DFS

Hi Steven,

maybe my thread is not clear enough. I will try to explain.

We are using HPUX as normal Unix Clients and we are using Windows Clients. We are hosting a DFS Namespace in our Active Directory.

What we want is that our Unix Workstations are using the same DFS Namespace like the windows Clients.

We are using the cifsclient to connect from the Unix workstation to a Windows Server with a normal share. This is working fine. Also hosting a DFS Namespace on a local Windows server is working fine.

The only thing is that the cifsclient A.02.02.02 is not working with Windows Domain hosted Namespaces.
So the cifsclient is supporting Windows based DFS but it seems to be that this client is having problems with Active Direcoty hosted DFS Namespaces.

Does somebody a solution for this or could help me?
0 Kudos
Reply
TTr
Honored Contributor

‎05-22-2008 04:21 AM

‎05-22-2008 04:21 AM

Re: Cifsclient and AD shared DFS

Richard,

If you haven't yet, take a look at this

http://docs.hp.com/en/B8724-90079/B8724-90079.pdf
0 Kudos
Reply
R de Vries
Occasional Advisor

‎05-22-2008 05:00 AM

‎05-22-2008 05:00 AM

Re: Cifsclient and AD shared DFS

Hi TTr,

thanks for your replay but i already read the documentation, and there is nothing about Active Directory hosted Shares or DFS Namespace.

Richard
0 Kudos
Reply
eric roseme
Respected Contributor

‎05-23-2008 07:34 AM

‎05-23-2008 07:34 AM

Re: Cifsclient and AD shared DFS

Hi Richard,

I just created a DFS Root on a W2003R2 server, and placed a shared directory from the W2003R2 server under the root, and a shared directory from a HP CIFS Server A.02.03.02 server under the root. I then used HP CIFS Client A.02.02.01 to do a cifslogin, then a cifsmount to the DFS Root. It all worked fine - I can navigate and access files in the W2003 share, or the HP CIFS Server share. I used a standalone root - not a domain root. Here's what I did:

cifslogin //w2003R2-DC/DFSRoot -U eric -P password
cifsmount //w2003R2-DC/DFSRoot /DFSRoot

Eric
0 Kudos
Reply
R de Vries
Occasional Advisor

‎05-27-2008 11:49 PM

‎05-27-2008 11:49 PM

Re: Cifsclient and AD shared DFS

Hi,

thats exactly what i did. Standalone namespace is ok, but Active directory based namespace is not ok!
0 Kudos
Reply
eric roseme
Respected Contributor

‎05-29-2008 07:27 AM

‎05-29-2008 07:27 AM

Re: Cifsclient and AD shared DFS

Okay. I'll re-try with the AD DFS. But I cannot do it until Monday. Just so you know, HP CIFS Server does not support most of the features that you get with AD DFS. I did a presentation about this at HPWorld in 2004, (not that I expect you would have access to that) and as far as I know, our funtionality for DFS support has not changed.

Can you tell me what it is in AD DFS that you need over standalone?

Thanks,

Eric
0 Kudos
Reply
eric roseme
Respected Contributor

‎05-29-2008 02:26 PM

‎05-29-2008 02:26 PM

Re: Cifsclient and AD shared DFS

Hi Richard,

I was able to configure a Domain DFS root and mount it with the CIFS client. I also published the DFS root in the AD. This is on W2003R2.

Can you tell me what your symptoms are?

Thanks,

Eric
0 Kudos
Reply
R de Vries
Occasional Advisor

‎05-29-2008 10:45 PM

‎05-29-2008 10:45 PM

Re: Cifsclient and AD shared DFS

Hello Eric,

many thanks for helping me.

In my case the cifsclient can not enter a directory entry from the AD hosted DFS tree. I can mount it but i can not enter it.

Could you describe your client config? Kerberos or not etc?

Best regards
Richard
0 Kudos
Reply
eric roseme
Respected Contributor

‎06-03-2008 01:41 PM

‎06-03-2008 01:41 PM

Solution

Re: Cifsclient and AD shared DFS

Attached is my cifs client config file.

I configured my DFS root with a local link on the W2003R2 DC, and a link to an HP CIFS Server. Both worked fine. I thought that I had duplicated your problem at one time, but it was a config error on the DFS root. I named the root the same name as the local link, and gave it the path to the local link too. When I did this, I would mount the DFS root with the CIFS client and then the mount directory would disappear! No kidding - it was off the root directory and then it was just gone! When I did the cifsumount, it came back. Very strange. But then I set up the DFS root correctly and everything was fine.

Since standalone works, I would focus more on the DFS root side, as opposed to the client.

Eric
Reply
R de Vries
Occasional Advisor

‎06-03-2008 10:38 PM

‎06-03-2008 10:38 PM

Re: Cifsclient and AD shared DFS

Hello Eric,

i found out that the cifsclient is working with AD hosted DFS Trees but it seems to that it is only working with ntlm authentication. I chanced my cifsclient configurtion back to ntlm authentication and everything is working well.
So the problem seems to be on the authentication side. Could you also check this with your config?

Best regards
richard
0 Kudos
Reply
eric roseme
Respected Contributor

‎06-04-2008 06:42 AM

‎06-04-2008 06:42 AM

Re: Cifsclient and AD shared DFS

Okay - I'll try to duplicate with krb5. Can you give me your kerberos version? swlist -l product | grep -i krb. And OS version too - just v1/v2/v3.

Eric
Reply
eric roseme
Respected Contributor

‎06-04-2008 12:41 PM

‎06-04-2008 12:41 PM

Re: Cifsclient and AD shared DFS

Hi Richard,

I can successfully cifslogin with krb5 and cifsmount a domain DFS root and a standalone DFS root. However, it took awhile. It turns out that I needed to add share permissions to the linked shared directory. For instance, my DFS root was DFSRoot, and my W2003R2 linked directory was data. I had to right click data and go to "sharing", and set permissions there (as opposed to "security"). Until then, I thought it was a bug. Once I added the permissions, everything worked okay.

However, you may have pointed out another bug. I was also linking to a CIFS/Samba share under the root, and the cifsclient cannot navigate to that link. Looking at Wireshark, we have a problem in the principal name from the Ticket Granting Service. SO *that* looks like a bug. I need to try the cifsclient from a non CIFS Server system too.

This is on 11iv1, krb5 libraries 1.3.5.06.

Eric

(you can always look at my profile and email me directly, if you want to)
Reply
R de Vries
Occasional Advisor

‎06-04-2008 10:31 PM

‎06-04-2008 10:31 PM

Re: Cifsclient and AD shared DFS

Hi Eric,

thanks for your crosscheck with kerberos. I do have the same kerberos version installed (1.3.5.06).
I am unsing also HP-UX v1

many Thanks
Richard
0 Kudos
Reply
R de Vries
Occasional Advisor

‎06-04-2008 11:13 PM

‎06-04-2008 11:13 PM

Re: Cifsclient and AD shared DFS

Hi Eric,

i checked my config again, it is working at the moment with our test domain. But for the production enviroment whe have to put our MS DFS server in a kind of resource domain. Between the "resource domain" and our "normal Domain" there is a trust in both ways, so for windows no problem. But on HP i still can not enter the resource domain based DFS tree mount point directory.

For example i just the following commands:
cifsmount //resource/resource-tree /mnt/resource-tree

after this a do a cifslogin //resource/ -U username. The system will ask for a passwort.
After this i did a check with cifslist. Everything is looking good. The mount and the login are ok.

If i want to enter /mnt/resource-tree i recieve the following line:
ksh: /mnt/resource-tree: bad directory

I also checked the userrights on the DFS share. It is readable for oll the "Normal domain" users!

I am running out of ideas at the moment, maybe it is just a small thing but can not see it at the moment! So if you want to contact me please have a look at my profile! I can not see your email in your profile.

Many thanks for your support
Richard.
0 Kudos
Reply
eric roseme
Respected Contributor

‎06-05-2008 11:41 AM

‎06-05-2008 11:41 AM

Re: Cifsclient and AD shared DFS

Hi Richard,

The trust relationship is the problem, I think. I'll set up a domain trust and run some Wireshark traces and try to see what is happening. But this very well may require a support call. You can email me directly about it - just put all of the dots in the correct places and you'll have my email address.

Eric Roseme
Hewlett-Packard (hp.com)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.