HPE Community
Operating System - HP-UX
1820619 Members
1912 Online
109626 Solutions
New Discussion

Samba question: kerberos5 support?

 
Mark Landin
Valued Contributor

‎05-21-2004 06:22 AM

‎05-21-2004 06:22 AM

Samba question: kerberos5 support?

I posted the follwing at Ars Technica (http://episteme.arstechnica.com/eve/ubb.x?a=tpc&s=50009562&f=12009443&m=823006844631) when trying to solve a Samba problem. The response I got was that I needed to get a Samba client with kerberos5 support. Am I being steered in the right direction?

Copy of post:

Hey folks. Hope some Samba expert out there can see what I'm missing.

For a few years now I've run Samba 2.0.-whatever on a couple of HP-UX 11.11 systems. The HP systems were member of the domain, I had security=domain, and everything was grand.

Well, our Windows admins are eliminating the domain that these systems have joined to. I went to my first HP-UX box, stopped Samba, changed the workgroup name and password servers in the smb.conf file, built a new machine account for the system in the new domain, ran smbpasswd -j to join the domain, and restarted Samba. No joy.

My users cannot connect. In my log file we get:


[2004/05/21 10:12:36, 0] rpc_client/cli_netlogon.c:(157)
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2004/05/21 10:12:36, 0] rpc_client/cli_login.c:(74)
cli_nt_setup_creds: auth2 challenge failed
[2004/05/21 10:12:36, 0] smbd/password.c:(1335)
connect_to_domain_password_server: unable to setup the PDC credentials to mach
ine WEATHER. Error was : NT_STATUS_OK.
[2004/05/21 10:12:37, 0] rpc_client/cli_netlogon.c:(157)
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2004/05/21 10:12:37, 0] rpc_client/cli_login.c:(74)
cli_nt_setup_creds: auth2 challenge failed
[2004/05/21 10:12:37, 0] smbd/password.c:(1335)
connect_to_domain_password_server: unable to setup the PDC credentials to mach
ine SKY. Error was : NT_STATUS_OK.
[2004/05/21 10:12:38, 0] rpc_client/cli_netlogon.c:(157)
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2004/05/21 10:12:38, 0] rpc_client/cli_login.c:(74)
cli_nt_setup_creds: auth2 challenge failed
[2004/05/21 10:12:38, 0] smbd/password.c:(1335)
connect_to_domain_password_server: unable to setup the PDC credentials to mach
ine RAIN. Error was : NT_STATUS_OK.
[2004/05/21 10:12:38, 0] smbd/password.c:(1554)
domain_client_validate: Domain password server not available.
[2004/05/21 10:12:38, 0] passdb/pdb_smbpasswd.c:(1367)
unable to open passdb database.
[2004/05/21 10:12:38, 0] passdb/pdb_smbpasswd.c:(1367)
unable to open passdb database.



Here's my smb.conf:



# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = TDWILLIAMSON
netbios name = CATBERT

# server string is the equivalent of the NT Description field
server string = Catbert, HP-UX CAD server

# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/opt/samba/log.%m

# Put a capping on the size of the log files (in Kb).
max log size = 1000

# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = domain
# Use password server option only with security = server or domain
password server = RAIN

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = no
read only = no
preserve case = yes
short preserve case = no
dos filetime resolution = yes
syslog = 0

remote announce = 192.3.31.2 192.1.11.23 192.1.11.2

#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no

[tmp]
path = /tmp
read only = yes

0 Kudos
Reply
1 REPLY 1
Geoff Wild
Honored Contributor

‎05-21-2004 06:26 AM

‎05-21-2004 06:26 AM

Re: Samba question: kerberos5 support?

Try HP CIFS Server 3 Technology Preview:

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=CIFSTP3

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.