HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Samba to support multiple NT domains/active direct...
Operating System - HP-UX
1833867
Members
1969
Online
110063
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2004 02:28 AM
09-13-2004 02:28 AM
We currently have a number of Unix servers (HP and others) running older versions of Samba (2.2/2.3) which authenticate users on our current NT4 domain via the PDC (security=share, though I think this is probably bad practice anyway).
Our existing NT4 domain and that of another company are shortly to be migrated to a new Active Directory 'Forest' which will require that the Samba services can be accessed by users both on the existing NT4 domains and the new AD domain during the transition. I believe that the latest stable version of Samba V3.06 support AD and multiple domains; has anybody any experience with such a setup or any general pointers which may help us on our way ?
Also as currently authentication is pass through (ie. the users unix username matches the NT4 domain username) we have an issue as the project calls for the new AD domain usernames to be of the format user.name@domain. Will this format cause a problem in terms of changing the unix username to match ? Alternately can we use some sort of username mapping to translate the new usernames to the old unix names ?
I have a mountain of documentation to look at on Samba 3.06 and AD but any general advice from anybody who has already been down this route would be greatly appreciated.
Our existing NT4 domain and that of another company are shortly to be migrated to a new Active Directory 'Forest' which will require that the Samba services can be accessed by users both on the existing NT4 domains and the new AD domain during the transition. I believe that the latest stable version of Samba V3.06 support AD and multiple domains; has anybody any experience with such a setup or any general pointers which may help us on our way ?
Also as currently authentication is pass through (ie. the users unix username matches the NT4 domain username) we have an issue as the project calls for the new AD domain usernames to be of the format user.name@domain. Will this format cause a problem in terms of changing the unix username to match ? Alternately can we use some sort of username mapping to translate the new usernames to the old unix names ?
I have a mountain of documentation to look at on Samba 3.06 and AD but any general advice from anybody who has already been down this route would be greatly appreciated.
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2004 03:02 AM
09-13-2004 03:02 AM
Solution
Hi Ian,
1. CIFS/Samba can only join one domain, because the domain trust password is kept in the secrets.tdb file, of which there can only be one (in case you were thinking of using an smb.conf include for multiple server profiles).
2. CIFS/Samba honors Windows domain trusts. It seems likely that in this migration your NT4 domains will be trusted by your ADS domains (and/or vice-versa), so you should have CIFS/Samba access.
3. "security=share" does not utilize domain membership for pass-through auth-n. You would need "security=domain" for that. If your server(s) are "security=share", then the auth-n is usually by unencrypted password to smbpasswd. So check to see if you are really domain members (unless you have some very customized config).
4. I have a slideset from HPworld that I gave for CIFS/Samba 3.0.5 config and mgt. Let me know if you want it.
4. You will not be able to use implicit username mapping with a user.name Windows username. You can either map them manually in the usermap file, or use winbind (automatic mapping process). If you are running multiple CIFS/Samba servers, then you need to check out the above-mentioned slide set to understand the winbind mapping issues related to that config.
HP CIFS Server will be released on Samba 3.0.5-3.0.6 (not sure which one yet) in November. We have a test version out at: http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=CIFSTP3
Eric Roseme
1. CIFS/Samba can only join one domain, because the domain trust password is kept in the secrets.tdb file, of which there can only be one (in case you were thinking of using an smb.conf include for multiple server profiles).
2. CIFS/Samba honors Windows domain trusts. It seems likely that in this migration your NT4 domains will be trusted by your ADS domains (and/or vice-versa), so you should have CIFS/Samba access.
3. "security=share" does not utilize domain membership for pass-through auth-n. You would need "security=domain" for that. If your server(s) are "security=share", then the auth-n is usually by unencrypted password to smbpasswd. So check to see if you are really domain members (unless you have some very customized config).
4. I have a slideset from HPworld that I gave for CIFS/Samba 3.0.5 config and mgt. Let me know if you want it.
4. You will not be able to use implicit username mapping with a user.name Windows username. You can either map them manually in the usermap file, or use winbind (automatic mapping process). If you are running multiple CIFS/Samba servers, then you need to check out the above-mentioned slide set to understand the winbind mapping issues related to that config.
HP CIFS Server will be released on Samba 3.0.5-3.0.6 (not sure which one yet) in November. We have a test version out at: http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=CIFSTP3
Eric Roseme
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2005 08:16 PM
01-18-2005 08:16 PM
Re: Samba to support multiple NT domains/active directory
Thanks for the info Eric. Apologies for the delay in assigning points and closing the thread.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP