HPE Community
Operating System - HP-UX
1821541 Members
2348 Online
109633 Solutions
New Discussion юеВ

Samba-3 and Active Directory

 
SOLVED
Go to solution
dev44
Regular Advisor

тАО12-15-2004 04:33 AM

тАО12-15-2004 04:33 AM

Samba-3 and Active Directory

Hi Folks,

I am required to get our HPUX boxes authenticating through Active Directory. Apparently, Samba 3.0x does that and CIFS does not. The documentation that I found says that MIT Krb5 development libraries and OpenLDAP libraries are required.

Has anyone setup Samba with Active Directory support? Did you download the MIT Krb5 and OpenLDAP libraries and install them, or did you install HP CIFS which says that it includes them? Or are they even required at all (the only docs I found were for Linux)?

Thanks all,
SD
whatever
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

тАО12-15-2004 04:37 AM

тАО12-15-2004 04:37 AM

Re: Samba-3 and Active Directory

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=CIFSTP3

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=CIFSTP22

These are not production code releases. But they are based on Samba 3 and can do ADS authentication.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Xavier Gutierrez_2
Frequent Advisor

тАО12-15-2004 04:40 AM

тАО12-15-2004 04:40 AM

Solution

Re: Samba-3 and Active Directory

Hi, Sally.

You only need the CIFS server.

The client part (which has the LDAP and the KBR stuff) is not needed at all, as the authentication will be done on the AD servers.

I installed the following product on 8 of our servers:
CIFS-Server A.01.10 HP CIFS Server (Samba) File and Print Server

You'll have to create an entry in the AD for your unix server and setup the file /etc/opt/samba/smb.conf as following (I just paste the Global part...):

# Global parameters
[global]
workgroup = <-- your AD domain name
server string =
security = DOMAIN
encrypt passwords = Yes
password server = <-- Your AD controllers
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 1000
keepalive = 0
local master = No
wins server = <-- Your WINS server
guest account =
read only = No
short preserve case = No
dos filetime resolution = Yes


Hope this helps,

Javier.
Reply
Rodney Hills
Honored Contributor

тАО12-15-2004 04:47 AM

тАО12-15-2004 04:47 AM

Re: Samba-3 and Active Directory

If you are only doing password authentication against a Win2000 ADS server, then you can use "pam".

Add entries to /etc/pam.conf, specifically-
login auth required /usr/lib/security/libpam_ntlm.1

You will need to create ADS users on the Win2000 server that match the unix login. If you have a name that can't match, their is a usermap file to map a unix login to a windows login.

HTH

-- Rod Hills
There be dragons...
0 Kudos
Reply
Xavier Gutierrez_2
Frequent Advisor

тАО12-15-2004 05:18 AM

тАО12-15-2004 05:18 AM

Re: Samba-3 and Active Directory

Hi, Sally.

For the user access part to the different shared directories, we have used the group approach:

You create a unix group, let's say, smbusers that is allowed to see the samba share(s) through the smb.conf file.

Then you add a unix user per windows user that needs to access the share. These users must belong to the group smbusers (as primary or as secondary group)

UNIX accounts for users that were added on purpose for the samba share can be disabled so that they cannot perform UNIX login but they will still be able to access the share as the authentication is AD based.

And that's it...


Regards,

Javier.
0 Kudos
Reply
rmueller58
Valued Contributor

тАО12-16-2004 12:41 AM

тАО12-16-2004 12:41 AM

Re: Samba-3 and Active Directory

FWIW,

I just went through some Samba configurations. If you download the source avoid 3.0.9. I had problems with it recognizing ADS auth, I rolled back to 3.0.8 even though there is one Errata and It worked fine.
http://us1.samba.org/samba/ftp/old-versions/samba-3.0.8.tar.gz


Also, Webmin (the lastest rev) makes configuring and managing Samba a lot easier.



Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.