HPE Community
Operating System - HP-UX
1843980 Members
1877 Online
110226 Solutions
New Discussion

Re: New samba question.

 
Jeffrey F. Goldsmith
Super Advisor

‎09-24-2004 08:34 AM

‎09-24-2004 08:34 AM

New samba question.

I just got samba 3.0.5 installed on my HP-UX 11.i server. Now comes the real question.
What do I need to do to get this version of samba to work with my Windows 2003 domain?
We are in the middle of converting from a Win2k/NT domain to a Win2003 domain but it has been a slow process. Currently we have some users on the new 2003 domain testing but the rest are still in the 2k domain.
I have two HP-UX servers. One has samba 2.2.8a and the other has samba 3.0.5 and I want to connect this server with my 2003 domain.

Any ideas what I need to do to make this happen?

Thanks.
0 Kudos
Reply
6 REPLIES 6
Sundar_7
Honored Contributor

‎09-24-2004 08:58 AM

‎09-24-2004 08:58 AM

Re: New samba question.

Samba 3.0.5 has got a new security level called ADS and a "net" command that resembles the net command you have with M$ systems.

# vi /etc/opt/samba/smb.conf
security=ADS
password server= *
netbios name = netbiosname
workgroup = windows2003domainname
#

If you set the security level to server, you would not need to configure Kerberos client or join the domain.

If you set the Security level to ADS, you also need to configure the Kerberos Client.

First ensure you have Kerberos Client/Support product installed in the system

# swlist -l product | egrep -i "krb|kerb"

# vi /etc/krb5.conf
[libdefaults]
default_realm =
[realms]
YOUR-ADS-REALM = {
kdc =
}
#

Just copying this configuration didnt work for me. You need to execute

# /opt/dce/bin/krb_config

with necessary arguments

Test the ability to get the tokens from the KDC using the kinit command

# kinit

Now join the domain

# net ads join -U
password:
#

# startsmb
# stopsmb

# vi /etc/rc.config.d/samba
RUN_SAMBA=1
#

Try connecting as users.

Also read the "Step-by-step guide to configure Kerberos Client on HP-UX" from the knowledge base.

Hope this helps.
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-24-2004 09:43 AM

‎09-24-2004 09:43 AM

Re: New samba question.

If you don't want to use KRB5 you'll need to get a hotfix for windows to allow it to use earlier versions of Kerebos for authentication.

The active directory structure is supposedly similar.

Links:
http://windows.ittoolbox.com/documents/document.asp?i=1893

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=654157

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/

http://www.eweek.com/article2/0,1759,1490483,00.asp

I know its unlikely but you could eliminate Windows altogether if you don't need Exchange.

I'm short of time (waiting in line now) so I didn't have time to deeply review my docs.

My search:
http://www.google.com/search?hl=en&ie=UTF-8&q=active+directory+Samba+configuration+Windows+2003&btnG=Google+Search

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
eric roseme
Respected Contributor

‎09-24-2004 09:49 AM

‎09-24-2004 09:49 AM

Re: New samba question.

Hi Jeffery,

I did a presentation on this at HPWorld last month. If you want the slide deck, email me. My email is in my profile (another poster warned me not to post my address).

I listed what revs you need, and how to set up smb.conf in relation to krb5.conf, and that kind of stuff. It should be pretty complete.

2003 has a couple of gotchas (mentioned above) that make it different than 2000.

Eric Roseme
0 Kudos
Reply
Jeffrey F. Goldsmith
Super Advisor

‎09-24-2004 10:02 AM

‎09-24-2004 10:02 AM

Re: New samba question.

Eric, I didnt see any e-mail address listed under your profile. here is mine.

** email address edited **
0 Kudos
Reply
eric roseme
Respected Contributor

‎09-24-2004 10:42 AM

‎09-24-2004 10:42 AM

Re: New samba question.

Okay - I got an email request from another reader, so it must be out there (I checked my profile and it is listed). In any case - check's in the mail.

Eric
0 Kudos
Reply
Darren Prior
Honored Contributor

‎09-27-2004 04:16 AM

‎09-27-2004 04:16 AM

Re: New samba question.

Hi Jeffrey,

I've edited out your email address as I've seen that Eric has already noted it. One reason for avoiding posting your email address is the risk of it being harvested by spammers.

regards,

Darren.
Calm down. It's only ones and zeros...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.