HPE Community
Operating System - HP-UX
1832547 Members
6307 Online
110043 Solutions
New Discussion

Re: Samba & AD

 
Pelephone System
Frequent Advisor

‎02-07-2007 02:56 AM

‎02-07-2007 02:56 AM

Samba & AD

Hello. I am trying to make my samba server that works with ADS to authenticate local ( unix ) users also. The authentication with the AD works fine, but local users are still been looked in the AD Domain( unsuccesfully ) .
Any suggestions would be appritiated.

Leonid.
HPUX sysadmin
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

‎02-07-2007 03:10 AM

‎02-07-2007 03:10 AM

Re: Samba & AD

Shalom Leonid,

a net join command is needed to join the ADS domain.

administrative rights on the ADS server are required to join.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Mark Fenton
Esteemed Contributor

‎02-07-2007 12:35 PM

‎02-07-2007 12:35 PM

Re: Samba & AD

Not sure what you're after here. If you are looking to use AD as the login authentication service for UNIX, then I think you need to look at the section in the latest CIFS manual that talks about extending the AD schema to incorporate POSIX elements necessary for UNIX accounts.
0 Kudos
Reply
Eric Raeburn
Trusted Contributor

‎02-07-2007 09:12 PM

‎02-07-2007 09:12 PM

Re: Samba & AD

I believe winbind provides the feature you are looking for.

-Eric
0 Kudos
Reply
Pelephone System
Frequent Advisor

‎02-08-2007 02:14 AM

‎02-08-2007 02:14 AM

Re: Samba & AD

What I am looking for is, authenticate samba with both local passwd and AD.
The samba already works with the AD ( net join ) , but I cant find the way to also authenticate with unix. Lets say I have a user Leonid on my AD , and I can map samba drive with it. I also want to map another samba drive on the same server, but to do it with local unix user , lets say root.
I guess what I need to do is to tell samba to search for users in the domain and also localy , that is where I am stuck.
Thanks.
HPUX sysadmin
0 Kudos
Reply
Heironimus
Honored Contributor

‎02-08-2007 03:17 AM

‎02-08-2007 03:17 AM

Re: Samba & AD

Using UNIX authentication on a Samba share is difficult (maybe impossible) with newer Windows clients. That requires disabling encrypted passwords on Samba and reconfiguring the client PCs to permit cleartext passwords. I'm not 100% sure that current Windows versions can even be configured to do that, but it's really not a good idea anyway.

As for using both local and AD auth, I think that probably won't work because you need encrypted passwords for AD and cleartext for local, you'd have to run two sambas with two configurations listening on two different names and IPs.

You might be able to combine a local smbpasswd file with domain authentication (leaving encrypted passwords on), but I've never tried it.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎02-08-2007 03:30 AM

‎02-08-2007 03:30 AM

Re: Samba & AD

Shalom again Leonid,

Here is how I'd approach the task.

I would add Microsoft Unix Services Version 3.5 to your Windows Primary Domain controller.

Then with some setup you can provide single source unix authentication.

Documents:
http://docs.hp.com/en/1408/ADSLDUX.pdf
http://docs.hp.com/en/B8725-90075/ch01s03.html

You may wish to contact me by email and then phone through this link:
http://www.isnamerica.com/contactsep.shtml

I am close by.

SEP
Jerusalem
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.