- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Samba/CIFS 3.01
Operating System - HP-UX
1748223
Members
4806
Online
108759
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2011 11:47 AM
тАО02-10-2011 11:47 AM
Samba/CIFS 3.01
Hi,
I encountered a (hopefully small) problem.
I downloaded Samba/CIFS A.03.01 on HP-UX 11.23. The CIFS server is a member of a Windows AD.
In the older A.02.04.02 version, I created a "krb5.keytab" file as described in the manual, and in the smb.conf configuration file I used the "use kerberos keytab = yes" option.
All was working nicely: users were authenticated through the Windows AD, and accessing their shares in the correct manner.
In the new release unfortunately the "use kerberos keytab" option doesn't exist anymore.
In this situation, Samba tries to return to the "old", "local" passwords, and none of the AD (non-local) users can access the shares anymore.
How to solve the problem ?
At present, I have restored the older release of Samba/CIFS.
Thank you
Enrico
I encountered a (hopefully small) problem.
I downloaded Samba/CIFS A.03.01 on HP-UX 11.23. The CIFS server is a member of a Windows AD.
In the older A.02.04.02 version, I created a "krb5.keytab" file as described in the manual, and in the smb.conf configuration file I used the "use kerberos keytab = yes" option.
All was working nicely: users were authenticated through the Windows AD, and accessing their shares in the correct manner.
In the new release unfortunately the "use kerberos keytab" option doesn't exist anymore.
In this situation, Samba tries to return to the "old", "local" passwords, and none of the AD (non-local) users can access the shares anymore.
How to solve the problem ?
At present, I have restored the older release of Samba/CIFS.
Thank you
Enrico
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2011 05:34 PM
тАО02-10-2011 05:34 PM
Re: Samba/CIFS 3.01
Have you updated this patch ? This is required patch for CIFS version 3.0i and above.
PHSS_33389 KRB5-Client version 1.0 cumulative patch.
Here is the steps taken from documentations. Have you followed these steps ?
Configuring kerb5.keytab
Here are the required components to configure HP CIFS Server with HP-UX Internet Services co-existence:
├в ┬в HP-UX Kerberos Client version 1.3.5 or newer
├в ┬в /etc/krb5.conf file
├в ┬в /etc/opt/samba/smb.conf file
├в ┬в /etc/krb5.keytab file
├в ┬в net ads keytab create command
The first task is to configure HP CIFS Server for Kerberos authentication and join it to a Windows domain. This configuration will disable HP-UX Internet Services access to the HP-UX system temporarily until all the configuration steps are completed. Use the following steps to generate a valid keytab file and to configure an HP CIFS Server to access the keytab file:
1. Add the default_keytab_name parameter with the WRFILE attribute in the
/etc/krb5.conf file. HP-UX Kerberos Client version 1.3.5 is required for WRFILE.
An example of /etc/krb5.conf for HP CIFS Server keytab creation is as follows:
# Kerberos configuration
[libdefaults]
default_realm = MYREALM.HP.COM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
default_keytab_name = "WRFILE:/etc/krb5.keytab"
[realms]
MYREALM.HP.COM = {
kdc = HPWIN2K4.MYREALM.HP.COM:88
admin_server = HPWIN2K4.MYREALM.HP.COM
}
[domain_realm]
.hp.com = MYREALM.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
2. Run the net ads keytab create -U administrator command to generate an
/etc/krb5.keytab file.
3. To configure the HP CIFS Server to read /etc/krb5.keytab, set the use kerberos
keytab parameter in /etc/opt/samba/smb.conf to yes.
An example of /etc/opt/samba/smb.confis as follows:
[global]
workgroup = MYREALM
realm = MYREALM.HP.COM
netbios name = atcux5
server string = Samba Server
interfaces = 15.43.214.58
bind interfaces only = Yes
security = ADS
password server = HPATCWIN2K4.MYREALM.HP.COM
use kerberos keytab = yes
4. Validate your configuration by starting the HP CIFS Server, logging on to the domain with clients, and mounting an HP CIFS share.
Now the HP CIFS Server can authorize the Windows client to access the server share, using Kerberos in the Windows domain and the keytab file on the HP CIFS Server. However, an HP-UX Internet Services user cannot gain system access using Kerberos with the system in this state.
PHSS_33389 KRB5-Client version 1.0 cumulative patch.
Here is the steps taken from documentations. Have you followed these steps ?
Configuring kerb5.keytab
Here are the required components to configure HP CIFS Server with HP-UX Internet Services co-existence:
├в ┬в HP-UX Kerberos Client version 1.3.5 or newer
├в ┬в /etc/krb5.conf file
├в ┬в /etc/opt/samba/smb.conf file
├в ┬в /etc/krb5.keytab file
├в ┬в net ads keytab create command
The first task is to configure HP CIFS Server for Kerberos authentication and join it to a Windows domain. This configuration will disable HP-UX Internet Services access to the HP-UX system temporarily until all the configuration steps are completed. Use the following steps to generate a valid keytab file and to configure an HP CIFS Server to access the keytab file:
1. Add the default_keytab_name parameter with the WRFILE attribute in the
/etc/krb5.conf file. HP-UX Kerberos Client version 1.3.5 is required for WRFILE.
An example of /etc/krb5.conf for HP CIFS Server keytab creation is as follows:
# Kerberos configuration
[libdefaults]
default_realm = MYREALM.HP.COM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
default_keytab_name = "WRFILE:/etc/krb5.keytab"
[realms]
MYREALM.HP.COM = {
kdc = HPWIN2K4.MYREALM.HP.COM:88
admin_server = HPWIN2K4.MYREALM.HP.COM
}
[domain_realm]
.hp.com = MYREALM.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
2. Run the net ads keytab create -U administrator command to generate an
/etc/krb5.keytab file.
3. To configure the HP CIFS Server to read /etc/krb5.keytab, set the use kerberos
keytab parameter in /etc/opt/samba/smb.conf to yes.
An example of /etc/opt/samba/smb.confis as follows:
[global]
workgroup = MYREALM
realm = MYREALM.HP.COM
netbios name = atcux5
server string = Samba Server
interfaces = 15.43.214.58
bind interfaces only = Yes
security = ADS
password server = HPATCWIN2K4.MYREALM.HP.COM
use kerberos keytab = yes
4. Validate your configuration by starting the HP CIFS Server, logging on to the domain with clients, and mounting an HP CIFS share.
Now the HP CIFS Server can authorize the Windows client to access the server share, using Kerberos in the Windows domain and the keytab file on the HP CIFS Server. However, an HP-UX Internet Services user cannot gain system access using Kerberos with the system in this state.
Regards
Shibin
Shibin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-11-2011 03:19 AM
тАО02-11-2011 03:19 AM
Re: Samba/CIFS 3.01
Thank you for the reply.
I don't have this specific patch, but another one (PHSS_41167) that supersedes it.
The documentation reported refers to the A.02.04.x version, that is the one I am currently running.
With this version, kerberos validation works perfectly, before and after the creation of the krb5.keytab file.
The problem is that with the later release (03.01) there isn't (already ?) such documentation. The installation guide simply reports that the "use kerberos keytab" isn't a valid option in samba's configuration file anymore.
I don't have this specific patch, but another one (PHSS_41167) that supersedes it.
The documentation reported refers to the A.02.04.x version, that is the one I am currently running.
With this version, kerberos validation works perfectly, before and after the creation of the krb5.keytab file.
The problem is that with the later release (03.01) there isn't (already ?) such documentation. The installation guide simply reports that the "use kerberos keytab" isn't a valid option in samba's configuration file anymore.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP