HPE Community
Operating System - HP-UX
1834660 Members
2488 Online
110069 Solutions
New Discussion

Kerberos on HP9000 11i container validating SAMBA shares to a Win2003 PDC

 
malc_p
Occasional Advisor

‎07-14-2015 02:19 AM

‎07-14-2015 02:19 AM

Kerberos on HP9000 11i container validating SAMBA shares to a Win2003 PDC

Morning all

Just another dumb question to some I guess, but I need all the help I can get!

 

We're running  an old legacy green-screen system using HP9000 HPUX 11i containers on an Integrity host (the system was originally standalone but was bought up and we migrated it to containers a couple of years back). We have several SAMBA shares on the containers which users connect to by mapping them as shared drives on their Windows desktops; SAMBA is a piece of cake to set up and administer new shares in this manner and I have no problem with that.

However, the auditors have just torn us a new one because everyone on the company Windows network can access the shares if they happen across them (at present, SAMBA is set to "security = share", and the shared folders are "guest ok = yes"), and we have sensitive financial data.

 

So, I'm tasked to make them accessible as Windows shares only to certain users.

 

We can't use NFS shares or CIFS as they are unsupported on containers, so it would appear that the only way to do this is by implementing Kerberos and setting SAMBA to "security = domain". The company's network uses a primary domain controller which runs Kerberos so I've been told to validate users with this. (Not 'asked'; 'told').
I have a copy of the HP "Confiiguration guide for Kerberos Client Products on HP-UX" but look, I'm just a DBA, not a network - and certainly not a security - specialist, but I'm all they have here who knows anything at all about HP-UX due to the minimal team they took on when they bought up this system. So, I'm flying blind and honestly, my head is swimming with all the new acronyms and terminology (KDC, PAM, GSS-API, 'tickets' and so on).
In simple terms, SAMBA shared drives have to be accessible on the Windows network as mapped network drives to certain users, verified by their windows ID as they won't necessarily have HPUX logons - e.g. actuaries, managers etc.

Can someone please let me know what I'm going to need to configure, or point me to a tutorial or some worked examples?

Sorry to be vague but this is way beyond my comfort zone!

Thanks all

Malc

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.