- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Urgent Samba issue - not permitted to access this ...
Operating System - HP-UX
1819805
Members
3273
Online
109607
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-18-2005 03:01 AM
тАО08-18-2005 03:01 AM
Urgent Samba issue - not permitted to access this share
No idea what went wrong....
No changes have been made to the Prod nor QA environment...
QA and Prod are configured the same way...exact same smb.conf except for the alias names...
Apparently, late yesterday afternoon - users could no longer access shares in the producton environment...
Running with winbind:
Samba version 3.0.7 based HP CIFS Server A.02.01.01
Snippet from my log:
[2005/08/18 08:40:11, 2] auth/auth.c:check_ntlm_password(300)
check_ntlm_password: authentication for user [GWILD] -> [GWILD] -> [gwild] succeeded
[2005/08/18 08:40:11, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 08:40:11, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 08:40:11, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 08:40:11, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 08:40:11, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 08:40:11, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 08:40:11, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 08:40:11, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 08:40:11, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 08:40:11, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
So, it appears authentication is working...
# cat /etc/opt/samba/smb.conf
# Global parameters
[global]
workgroup = $MYDOM
netbios aliases = PRDCI, PRDDB, PRDDBCI
interfaces = 192.168.176.30, 192.168.176.31, 127.0.0.1
bind interfaces only = Yes
security = DOMAIN
password server = MYDOMNS01, MYDOMNS02, MYDOMNS03, MYDOMNS04, MYDOMNS05, MYDOMNS06, MYDOMNS07, MYDOMNS08
log level = 2
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 10000
keepalive = 0
load printers = No
show add printer wizard = No
preferred master = No
domain master = No
wins server = 192.168.162.163
idmap uid = 10000-30000
idmap gid = 10000-30000
template primary group = users
winbind separator = +
valid users = $MYDOM+Geput, $MYDOM+gwild, $MYDOM+user1, $MYDOM+user2
read only = No
create mask = 0664
force create mode = 0664
directory mask = 0775
short preserve case = No
dos filetime resolution = Yes
[dserp]
path = /usr/sap/xfer/dserp
valid users = dserp, $MYDOM+gwild, $MYDOM+user1, $MYDOM+user2
force user = dserp
force group = sapsys
[podlosrcp]
path = /APPL/mm/podl/os_rcp
valid users = podlosrcp, $MYDOM+gwild, $MYDOM+user1
force user = podlosrcp
force group = sapsys
[IPC$]
path = /tmp
valid users = $MYDOM+gwild
hosts allow = 192.168.163.0/24, 127.0.0.1
hosts deny = 0.0.0.0/0
Got me stumped...I even re-joined the domain and have stopped/started samba a few times...
I know the Windows guys are feverously applying patches due to latest worms - but that shouldn't affect 1 samba server?
IE - why is QA working but not Prod?
Rgds...Geoff
No changes have been made to the Prod nor QA environment...
QA and Prod are configured the same way...exact same smb.conf except for the alias names...
Apparently, late yesterday afternoon - users could no longer access shares in the producton environment...
Running with winbind:
Samba version 3.0.7 based HP CIFS Server A.02.01.01
Snippet from my log:
[2005/08/18 08:40:11, 2] auth/auth.c:check_ntlm_password(300)
check_ntlm_password: authentication for user [GWILD] -> [GWILD] -> [gwild] succeeded
[2005/08/18 08:40:11, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 08:40:11, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 08:40:11, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 08:40:11, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 08:40:11, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 08:40:11, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 08:40:11, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 08:40:11, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 08:40:11, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 08:40:11, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
So, it appears authentication is working...
# cat /etc/opt/samba/smb.conf
# Global parameters
[global]
workgroup = $MYDOM
netbios aliases = PRDCI, PRDDB, PRDDBCI
interfaces = 192.168.176.30, 192.168.176.31, 127.0.0.1
bind interfaces only = Yes
security = DOMAIN
password server = MYDOMNS01, MYDOMNS02, MYDOMNS03, MYDOMNS04, MYDOMNS05, MYDOMNS06, MYDOMNS07, MYDOMNS08
log level = 2
syslog = 0
log file = /var/opt/samba/log.%m
max log size = 10000
keepalive = 0
load printers = No
show add printer wizard = No
preferred master = No
domain master = No
wins server = 192.168.162.163
idmap uid = 10000-30000
idmap gid = 10000-30000
template primary group = users
winbind separator = +
valid users = $MYDOM+Geput, $MYDOM+gwild, $MYDOM+user1, $MYDOM+user2
read only = No
create mask = 0664
force create mode = 0664
directory mask = 0775
short preserve case = No
dos filetime resolution = Yes
[dserp]
path = /usr/sap/xfer/dserp
valid users = dserp, $MYDOM+gwild, $MYDOM+user1, $MYDOM+user2
force user = dserp
force group = sapsys
[podlosrcp]
path = /APPL/mm/podl/os_rcp
valid users = podlosrcp, $MYDOM+gwild, $MYDOM+user1
force user = podlosrcp
force group = sapsys
[IPC$]
path = /tmp
valid users = $MYDOM+gwild
hosts allow = 192.168.163.0/24, 127.0.0.1
hosts deny = 0.0.0.0/0
Got me stumped...I even re-joined the domain and have stopped/started samba a few times...
I know the Windows guys are feverously applying patches due to latest worms - but that shouldn't affect 1 samba server?
IE - why is QA working but not Prod?
Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-18-2005 03:08 AM
тАО08-18-2005 03:08 AM
Re: Urgent Samba issue - not permitted to access this share
Geoff,
As I am almost a novice, let alone being an expert on the Redomond's Finest OS, take my words with a rock of salt, not just a grain. But doesn't Samba shares have something to do with the Windows Domain Controllers ? And from my experiences here, I know that point-n-click sysadmins start deploying critical patches from the production side of the shop, so you woes on the QA side may be pending to be unleashed on you ? Maybe it is time to have a come-to-jesus meeting with the admins of the dark side about not to do such things without running by you or your colleagues ?
As I am almost a novice, let alone being an expert on the Redomond's Finest OS, take my words with a rock of salt, not just a grain. But doesn't Samba shares have something to do with the Windows Domain Controllers ? And from my experiences here, I know that point-n-click sysadmins start deploying critical patches from the production side of the shop, so you woes on the QA side may be pending to be unleashed on you ? Maybe it is time to have a come-to-jesus meeting with the admins of the dark side about not to do such things without running by you or your colleagues ?
________________________________
UNIX because I majored in cryptology...
UNIX because I majored in cryptology...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-18-2005 04:52 AM
тАО08-18-2005 04:52 AM
Re: Urgent Samba issue - not permitted to access this share
I would suggest that the problem has been introduced by problems with the Windows Domain Controller, if the Primary Domain Controller is a windows box.
Unfortuneately the windows patches were rushed out the door due to the worm and may not be of good quality.
As to why one box is working and the other not, I'd ask if they are both working with the same windows PDC and then compare the two smb.conf files and then proceed.
SEP
Unfortuneately the windows patches were rushed out the door due to the worm and may not be of good quality.
As to why one box is working and the other not, I'd ask if they are both working with the same windows PDC and then compare the two smb.conf files and then proceed.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-18-2005 05:04 AM
тАО08-18-2005 05:04 AM
Re: Urgent Samba issue - not permitted to access this share
It's as Mel said - I just had to wait...
All env's now down...Prod, QA, Dev, and test...
I had a NT admin remove all from the domain - then rejoined them (from the samba servers with: /opt/samba/bin/net rpc join -U administrator )
Now - here's something really strange - I was able to connect - once - then when I closed - and went back in - I was denied:
[2005/08/18 10:51:34, 2] auth/auth.c:check_ntlm_password(300)
check_ntlm_password: authentication for user [GWILD] -> [GWILD] -> [$MYDOM+GWILD] succeeded
[2005/08/18 10:51:34, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:51:51, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:51:52, 2] smbd/uid.c:change_to_user(201)
change_to_user: SMB user (unix user smbnull, vuid 101) not permitted access to share IPC$.
[2005/08/18 10:51:52, 0] smbd/service.c:make_connection_snum(570)
Can't become connected user!
[2005/08/18 10:51:52, 1] smbd/service.c:make_connection_snum(648)
gwild (192.168.163.69) connect to service dschq initially as user dschq (uid=29391, gid=6801) (pid 4082)
[2005/08/18 10:53:06, 1] smbd/service.c:close_cnum(835)
gwild (192.168.163.69) closed connection to service dschq
[2005/08/18 10:53:06, 2] smbd/server.c:exit_server(571)
Closing connections
[2005/08/18 10:53:42, 2] auth/auth.c:check_ntlm_password(300)
check_ntlm_password: authentication for user [GWILD] -> [GWILD] -> [gwild] succeeded
[2005/08/18 10:53:42, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:53:42, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 10:53:42, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:53:42, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 10:53:42, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:53:42, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 10:53:42, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:53:42, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 10:53:42, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:53:42, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 10:54:38, 2] smbd/server.c:exit_server(571)
Closing connections
Notice that the first time I was authenticated with the domain:
authentication for user [GWILD] -> [GWILD] -> [$MYDOM+GWILD]
but the failure I wasn't!
authentication for user [GWILD] -> [GWILD] -> [gwild] succeeded
Very strange...
Rgds...Geoff
All env's now down...Prod, QA, Dev, and test...
I had a NT admin remove all from the domain - then rejoined them (from the samba servers with: /opt/samba/bin/net rpc join -U administrator )
Now - here's something really strange - I was able to connect - once - then when I closed - and went back in - I was denied:
[2005/08/18 10:51:34, 2] auth/auth.c:check_ntlm_password(300)
check_ntlm_password: authentication for user [GWILD] -> [GWILD] -> [$MYDOM+GWILD] succeeded
[2005/08/18 10:51:34, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:51:51, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:51:52, 2] smbd/uid.c:change_to_user(201)
change_to_user: SMB user (unix user smbnull, vuid 101) not permitted access to share IPC$.
[2005/08/18 10:51:52, 0] smbd/service.c:make_connection_snum(570)
Can't become connected user!
[2005/08/18 10:51:52, 1] smbd/service.c:make_connection_snum(648)
gwild (192.168.163.69) connect to service dschq initially as user dschq (uid=29391, gid=6801) (pid 4082)
[2005/08/18 10:53:06, 1] smbd/service.c:close_cnum(835)
gwild (192.168.163.69) closed connection to service dschq
[2005/08/18 10:53:06, 2] smbd/server.c:exit_server(571)
Closing connections
[2005/08/18 10:53:42, 2] auth/auth.c:check_ntlm_password(300)
check_ntlm_password: authentication for user [GWILD] -> [GWILD] -> [gwild] succeeded
[2005/08/18 10:53:42, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:53:42, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 10:53:42, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:53:42, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 10:53:42, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:53:42, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 10:53:42, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:53:42, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 10:53:42, 2] lib/access.c:check_access(322)
Allowed connection from (192.168.163.69)
[2005/08/18 10:53:42, 2] smbd/service.c:make_connection_snum(314)
user 'gwild' (from session setup) not permitted to access this share (IPC$)
[2005/08/18 10:54:38, 2] smbd/server.c:exit_server(571)
Closing connections
Notice that the first time I was authenticated with the domain:
authentication for user [GWILD] -> [GWILD] -> [$MYDOM+GWILD]
but the failure I wasn't!
authentication for user [GWILD] -> [GWILD] -> [gwild] succeeded
Very strange...
Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-18-2005 05:42 AM
тАО08-18-2005 05:42 AM
Re: Urgent Samba issue - not permitted to access this share
Okay - I think I found the real issue - Windows admins updated the first 2 Domain Controllers in my password server = to
Windows Server 2003 sp1
Others are Windows 2000....
Seems to be a compatbility issue with Windows Server 2003 sp1....sigh.......
Rgds...Geoff
Windows Server 2003 sp1
Others are Windows 2000....
Seems to be a compatbility issue with Windows Server 2003 sp1....sigh.......
Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-19-2005 01:36 AM
тАО08-19-2005 01:36 AM
Re: Urgent Samba issue - not permitted to access this share
Here's the latest - somehow - I got my production to work (FM) - Others are not working...
So...on my test box, I have HP's latest CIFS installed...and have re-joined the domain withe security=ads (I know - prettty scary stuff).
Anyways...followed instructions in chapter 5:
http://www.docs.hp.com/en/B8725-90079/B8725-90079.pdf
Joined ads with success!:
# /opt/samba/bin/net ads join -U administrator
administrator's password:
The workgroup in smb.conf does not match the short
domain name obtained from the server.
Using the name [$MYDOM] from the server.
You should set "workgroup = $MYDOM" in smb.conf.
Using short domain name -- $MYDOM
Joined 'SHA1' to realm 'MYDOMCORP.NET'
Okay - so I updated the workgroup line...
stop/restart
/opt/samba/bin/stopsmb -w
/opt/samba/bin/startsmb -w
So far so good - tried to connect...
[2005/08/19 07:02:16, 1] smbd/sesssetup.c:reply_spnego_kerberos(174)
Failed to verify incoming ticket!
Drat...so close...
Anyone out there have any experience with Samba and ADS?
# swlist | grep J4269AA
J4269AA B.03.30 LDAP-UX Integration
# swlist | grep CIFS
B8725AA A.02.01.02 HP CIFS Server
# swlist |grep Kerb
KRB5CLIENT C.1.3.5.01 Kerberos V5 Client Version 1.3.5.01
Rgds...Geoff
So...on my test box, I have HP's latest CIFS installed...and have re-joined the domain withe security=ads (I know - prettty scary stuff).
Anyways...followed instructions in chapter 5:
http://www.docs.hp.com/en/B8725-90079/B8725-90079.pdf
Joined ads with success!:
# /opt/samba/bin/net ads join -U administrator
administrator's password:
The workgroup in smb.conf does not match the short
domain name obtained from the server.
Using the name [$MYDOM] from the server.
You should set "workgroup = $MYDOM" in smb.conf.
Using short domain name -- $MYDOM
Joined 'SHA1' to realm 'MYDOMCORP.NET'
Okay - so I updated the workgroup line...
stop/restart
/opt/samba/bin/stopsmb -w
/opt/samba/bin/startsmb -w
So far so good - tried to connect...
[2005/08/19 07:02:16, 1] smbd/sesssetup.c:reply_spnego_kerberos(174)
Failed to verify incoming ticket!
Drat...so close...
Anyone out there have any experience with Samba and ADS?
# swlist | grep J4269AA
J4269AA B.03.30 LDAP-UX Integration
# swlist | grep CIFS
B8725AA A.02.01.02 HP CIFS Server
# swlist |grep Kerb
KRB5CLIENT C.1.3.5.01 Kerberos V5 Client Version 1.3.5.01
Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-24-2005 08:56 AM
тАО08-24-2005 08:56 AM
Re: Urgent Samba issue - not permitted to access this share
After working with HP for a couple of days - I resolved this by moving to SECURITY = ADS
Yes...Active Directory and samba can play in the same sandbox.
In case anyone wants it - here's the info:
You need to be at CIFS version A.02.01.01 or higher (I used A.02.01.02 - latest from HP).
You need LDAP-UX installed and Kerberos:
J4269AA B.03.30 LDAP-UX Integration
and
# swlist |grep -i ker
KRB5CLIENT C.1.3.5.01 Kerberos V5 Client Version 1.3.5.01
Then:
ave NT admin remove server from Server Manager or Active Directory
File Clean Up:
rm /var/opt/samba/log.*
rm /var/opt/samba/locks/winbindd_cache.tdb
rm /var/opt/samba/locks/winbindd_idmap.tdb
rm /var/opt/samba/private/secrets.tdb
Need NT Admin for following - as it prompts for their password:
setup /etc/krb5.conf
smb.conf global settings:
[global]
workgroup = WINDOMAIN
realm = ADREALM.SOMETHING
security = ADS
password server = ACTIVEDIR1, ACTIVEDIR2
log level = 2
syslog = 0
log file = /var/opt/samba/log.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
max log size = 10000
keepalive = 0
load printers = No
show add printer wizard = No
preferred master = No
local master = No
domain master = No
wins server = ACTIVEDIR1, ACTIVEDIR2
idmap uid = 10000-30000
idmap gid = 10000-30000
template primary group = users
winbind separator = +
winbind enum users = No
winbind enum groups = No
read only = No
create mask = 0664
force create mode = 0664
directory mask = 0775
short preserve case = No
dos filetime resolution = Yes
client schannel = No
/opt/samba/bin/net ads join -U administrator
Check Kerberos:
kinit gwild
klist
Start it up:
/opt/samba/bin/startsmb -w
/opt/samba/bin/wbinfo --set-auth-user=services
/opt/samba/bin/wbinfo --get-auth-user
/opt/samba/bin/wbinfo --domain YOURDOMAIN -u
/opt/samba/bin/smbstatus
Try smbclient:
smbclient -L SAMBASERVER -U YOUR-NT-ID
Chapter 5 of this doc is great:
http://www.docs.hp.com/en/B8725-90079/B8725-90079.pdf
Rgds...Geoff
Yes...Active Directory and samba can play in the same sandbox.
In case anyone wants it - here's the info:
You need to be at CIFS version A.02.01.01 or higher (I used A.02.01.02 - latest from HP).
You need LDAP-UX installed and Kerberos:
J4269AA B.03.30 LDAP-UX Integration
and
# swlist |grep -i ker
KRB5CLIENT C.1.3.5.01 Kerberos V5 Client Version 1.3.5.01
Then:
ave NT admin remove server from Server Manager or Active Directory
File Clean Up:
rm /var/opt/samba/log.*
rm /var/opt/samba/locks/winbindd_cache.tdb
rm /var/opt/samba/locks/winbindd_idmap.tdb
rm /var/opt/samba/private/secrets.tdb
Need NT Admin for following - as it prompts for their password:
setup /etc/krb5.conf
smb.conf global settings:
[global]
workgroup = WINDOMAIN
realm = ADREALM.SOMETHING
security = ADS
password server = ACTIVEDIR1, ACTIVEDIR2
log level = 2
syslog = 0
log file = /var/opt/samba/log.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
max log size = 10000
keepalive = 0
load printers = No
show add printer wizard = No
preferred master = No
local master = No
domain master = No
wins server = ACTIVEDIR1, ACTIVEDIR2
idmap uid = 10000-30000
idmap gid = 10000-30000
template primary group = users
winbind separator = +
winbind enum users = No
winbind enum groups = No
read only = No
create mask = 0664
force create mode = 0664
directory mask = 0775
short preserve case = No
dos filetime resolution = Yes
client schannel = No
/opt/samba/bin/net ads join -U administrator
Check Kerberos:
kinit gwild
klist
Start it up:
/opt/samba/bin/startsmb -w
/opt/samba/bin/wbinfo --set-auth-user=services
/opt/samba/bin/wbinfo --get-auth-user
/opt/samba/bin/wbinfo --domain YOURDOMAIN -u
/opt/samba/bin/smbstatus
Try smbclient:
smbclient -L SAMBASERVER -U YOUR-NT-ID
Chapter 5 of this doc is great:
http://www.docs.hp.com/en/B8725-90079/B8725-90079.pdf
Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP