HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Operating System - Tru64 Unix
- >
- Re: tru64 with samba3.0.2 and active directory
Operating System - Tru64 Unix
1829576
Members
2983
Online
109992
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2004 03:10 AM
01-15-2004 03:10 AM
tru64 with samba3.0.2 and active directory
I am in the middle of implementing a windows 2003 active directory domain. The windows side of it is going fine but we are struggling to get samba working with the new domain properly.
I have 4 AD domain controllers all running integrated DNS and WINS. We joined one of our test Unix boxes running true64 and samba 3.0.2 to the new domain with no problems at all and set it's host domain to be that of the new domain. I can ping the unix box with no trouble as well as perform reverse lookups on it's IP address
The problem is that I can browse to the unix server and access the samba shares fine if I use \\xxx.xxx.xxx.xxx but if i try and browse to the machine using \\servername format i get numerous errors. If browsing via windows explorer i get prompted for a username and password and no matter what combination I use nothing works. If browsing via a net view command from the command prompt I get a system error 5 access is denied message.
The new win2k3 domain has a 2 way trust to our present live NT4 domain and any client on the NT4 domain has no trouble in browsing to the machine via \\servername or \\xxx.xxx.xxx.xxx.
The unix machine has joined the win2k3 domain with no trouble as I can see the machine account in the AD admin tool. I am out of ideas, can anybody help????
Here are a few of my config files that I have managed to get hold of from the unix machine.
krb5.conf
[logging]
default = FILE:/var/log/krb5/libs.log
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/krb5/admin.log
[libdefaults]
ticket_lifetime = 24000
default_realm = IM-SERV.COM
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
permitted_enctypes = des-cbc-crc des-cbc-md5
forwardable = true
proxiable = true
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
IM-SERV.COM = {
kdc = imserv-dc1-sc.im-serv.com:88
default_domain = im-serv.com
}
[domain_realm]
.im-serv.com = IM-SERV.COM
im-serv.com = IM-SERV.COM
smb.conf
#======================= Global Settings =====================================
[global]
workgroup = IM-SERV
realm = IM-SERV.COM
server string = Test Server - Bernie
security = ADS
password server = imserv-dc1-sc.im-serv.com
encrypt passwords = yes
username map = /etc/samba/smbusers
log file = /var/log/samba/log.%m
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
idmap uid = 10000-20000
idmap gid = 10000-20000
guest ok = yes
auth methods = guest winbind
map to guest = Bad User
wins server = 172.19.58.60
============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
guest ok = no
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
guest ok = yes
comment = Home Directories
browseable = no
writable = yes
guest ok = no
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
guest ok = yes
guest only = no
I have also tested the kerberos config using kinit and klist commands on the unix box.
bernie.im-serv.com> kinit ADMINISTRATOR@IM-SERV.COM
Password for ADMINISTRATOR@IM-SERV.COM:
bernie.im-serv.com> klist
Ticket cache: FILE:/tmp/krb5cc_p141667
Default principal: ADMINISTRATOR@IM-SERV.COM
Valid starting Expires Service principal
01/13/04 11:51:30 01/13/04 21:51:35 krbtgt/IM-SERV.COM@IM-SERV.COM
renew until 01/14/04 11:51:30
Kerberos 4 ticket cache: /tmp/tkt208
klist: You have no tickets cached
here's a testparm
bernie.im-serv.com> testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[tmp]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = IM-SERV
realm = IM-SERV.COM
server string = Test Server - Bernie
security = ADS
auth methods = guest, winbind
map to guest = Bad User
password server = imserv-dc1-sc.im-serv.com
username map = /etc/samba/smbusers
log file = /var/log/samba/log.%m
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind cache time = 10
guest ok = Yes
[homes]
comment = Home Directories
read only = No
guest ok = No
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
read only = No
wbinfo -u gives me
UKDCS_NT+Wolverton
UKDCS_NT+workshop
UKDCS_NT+Wyoming
UKDCS_NT+Y_Adeyem
UKDCS_NT+Y_Hussai
UKDCS_NT+YE01
UKDCS_NT+YE02
UKDCS_NT+YE03
UKDCS_NT+YE04
UKDCS_NT+Yellowstone
UKDCS_NT+Yonkers
UKDCS_NT+Yukon
UKDCS_NT+Z_Leonar
UKDCS_NT+Z_LeWarn
administrator
Guest
krbtgt
host/jennie
unix
UKDCS_NT$
aknight
host/bernie.im-serv.com
where UKDCS_NT is an NT4 domain which is trusted via a 2 way trust with the AD domain.
Anybody got any ideas how to fix this???
I have 4 AD domain controllers all running integrated DNS and WINS. We joined one of our test Unix boxes running true64 and samba 3.0.2 to the new domain with no problems at all and set it's host domain to be that of the new domain. I can ping the unix box with no trouble as well as perform reverse lookups on it's IP address
The problem is that I can browse to the unix server and access the samba shares fine if I use \\xxx.xxx.xxx.xxx but if i try and browse to the machine using \\servername format i get numerous errors. If browsing via windows explorer i get prompted for a username and password and no matter what combination I use nothing works. If browsing via a net view command from the command prompt I get a system error 5 access is denied message.
The new win2k3 domain has a 2 way trust to our present live NT4 domain and any client on the NT4 domain has no trouble in browsing to the machine via \\servername or \\xxx.xxx.xxx.xxx.
The unix machine has joined the win2k3 domain with no trouble as I can see the machine account in the AD admin tool. I am out of ideas, can anybody help????
Here are a few of my config files that I have managed to get hold of from the unix machine.
krb5.conf
[logging]
default = FILE:/var/log/krb5/libs.log
kdc = FILE:/var/log/krb5/kdc.log
admin_server = FILE:/var/log/krb5/admin.log
[libdefaults]
ticket_lifetime = 24000
default_realm = IM-SERV.COM
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
permitted_enctypes = des-cbc-crc des-cbc-md5
forwardable = true
proxiable = true
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
IM-SERV.COM = {
kdc = imserv-dc1-sc.im-serv.com:88
default_domain = im-serv.com
}
[domain_realm]
.im-serv.com = IM-SERV.COM
im-serv.com = IM-SERV.COM
smb.conf
#======================= Global Settings =====================================
[global]
workgroup = IM-SERV
realm = IM-SERV.COM
server string = Test Server - Bernie
security = ADS
password server = imserv-dc1-sc.im-serv.com
encrypt passwords = yes
username map = /etc/samba/smbusers
log file = /var/log/samba/log.%m
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
idmap uid = 10000-20000
idmap gid = 10000-20000
guest ok = yes
auth methods = guest winbind
map to guest = Bad User
wins server = 172.19.58.60
============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
guest ok = no
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
guest ok = yes
comment = Home Directories
browseable = no
writable = yes
guest ok = no
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
guest ok = yes
guest only = no
I have also tested the kerberos config using kinit and klist commands on the unix box.
bernie.im-serv.com> kinit ADMINISTRATOR@IM-SERV.COM
Password for ADMINISTRATOR@IM-SERV.COM:
bernie.im-serv.com> klist
Ticket cache: FILE:/tmp/krb5cc_p141667
Default principal: ADMINISTRATOR@IM-SERV.COM
Valid starting Expires Service principal
01/13/04 11:51:30 01/13/04 21:51:35 krbtgt/IM-SERV.COM@IM-SERV.COM
renew until 01/14/04 11:51:30
Kerberos 4 ticket cache: /tmp/tkt208
klist: You have no tickets cached
here's a testparm
bernie.im-serv.com> testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[tmp]"
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = IM-SERV
realm = IM-SERV.COM
server string = Test Server - Bernie
security = ADS
auth methods = guest, winbind
map to guest = Bad User
password server = imserv-dc1-sc.im-serv.com
username map = /etc/samba/smbusers
log file = /var/log/samba/log.%m
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = +
winbind cache time = 10
guest ok = Yes
[homes]
comment = Home Directories
read only = No
guest ok = No
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
read only = No
wbinfo -u gives me
UKDCS_NT+Wolverton
UKDCS_NT+workshop
UKDCS_NT+Wyoming
UKDCS_NT+Y_Adeyem
UKDCS_NT+Y_Hussai
UKDCS_NT+YE01
UKDCS_NT+YE02
UKDCS_NT+YE03
UKDCS_NT+YE04
UKDCS_NT+Yellowstone
UKDCS_NT+Yonkers
UKDCS_NT+Yukon
UKDCS_NT+Z_Leonar
UKDCS_NT+Z_LeWarn
administrator
Guest
krbtgt
host/jennie
unix
UKDCS_NT$
aknight
host/bernie.im-serv.com
where UKDCS_NT is an NT4 domain which is trusted via a 2 way trust with the AD domain.
Anybody got any ideas how to fix this???
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2004 03:58 AM
01-15-2004 03:58 AM
Re: tru64 with samba3.0.2 and active directory
this is a samba related os independent problem, so please post it on a samba forum!
Help() { FirstReadManual(urgently); Go_to_it;; }
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2004 04:52 AM
01-15-2004 04:52 AM
Re: tru64 with samba3.0.2 and active directory
thanks for your "constructive" input my friend. Anybody else got anything of a more helpful nature?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2004 07:15 AM
01-15-2004 07:15 AM
Re: tru64 with samba3.0.2 and active directory
sorry, but your question is totally Tru64 independant and a real samba 3.x configuration issue.
So why asking it in a Tru64 forum and not in one of the official samba newsgroups - maybe there is a chance to receive much better inputs?
HP doesn't support samba 3.x so there is no forum within the itrc.
So why asking it in a Tru64 forum and not in one of the official samba newsgroups - maybe there is a chance to receive much better inputs?
HP doesn't support samba 3.x so there is no forum within the itrc.
Help() { FirstReadManual(urgently); Go_to_it;; }
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP