Operating System - HP-UX

1822934 Members

3732 Online

109645 Solutions

smbclient access using Windows 2003 AD authentication

Hi All
I'm having a lot of problems restricting access to a samba share using Windows 2003 AD groups

I'm testing on the Samba server using smbclient. I've successfully joined the domain but can't get 'valid users' to work using AD groups. Any help or pointers appreciated.

root@adl0691 > ./smbd -V
Version 3.0.14a based HP CIFS Server A.02.02

root@adl0691 > uname -a
HP-UX adl0691 B.11.11 U 9000/800 733977695 unlimited-user license

root@adl0691 > swlist -l product|fgrep -i krb
KRB-Support B.11.11 Kerberos Support for HP-UX and DCE
KRB5-Client B.11.11 Kerberos V5 Client Version 1.0
KRBS-Support B.11.11.13 Kerberos Support v1.11
PHSS_33384 1.0 KRB5-Client Version 1.0 cumulative patch
krb5client C.1.3.5.03 Kerberos V5 Client Version 1.3.5.03

root@adl0691 > tail /etc/opt/samba/smb.conf
read only = no
force create mode = 777
valid users = +rostimpo
oplocks = no
strict locking = yes
[smbtest]
comment = "SAMBA test share on adl0691 using HAD authentication"
path = /home/xzpkv0
read only = yes
validusers = @"HAD\cad-corp"

root@adl0691 > klist -e -f
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: xzpkv0@HAD.SA.GOV.AU

Valid starting Expires Service principal
08/28/06 13:18:25 08/28/06 23:18:25 krbtgt/HAD.SA.GOV.AU@HAD.SA.GOV.AU
Flags: IA, Etype (skey, tkt): DES cbc mode with RSA-MD5, ArcFour with HMAC/md5
08/28/06 13:18:39 08/28/06 23:18:25 adl0691$@HAD.SA.GOV.AU
Flags: A, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc mode with RSA-MD5

root@adl0691 > ./smbclient -k //adl0691/smbtest
tree connect failed: NT_STATUS_ACCESS_DENIED

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

smbclient access using Windows 2003 AD authentication

smbclient access using Windows 2003 AD authentication