Samba Server version, AD Authentication and Kerbaros

Singh, Madhav Madhav.Singh at Honeywell.com
Fri Dec 15 07:59:31 UTC 2017 

Hi,

I am looking for some help with samba in our organization.  Below is the current installation of samba version and the operating systems which are almost out of support. We are planning to patch our AD servers with MS security patches and it is noted that those security patch might affect samba AD and Kerberos authentication.

I would need some help understanding if we can update/upgrade current samba from 3.x to 4.x on the below OS (RHEL, AIX, HP, SUN OS and Debian  etc) ? and if I we need to integrated them to AD/Kerberos authentication what are the steps.

OS

Samba Version

Total

Comments/Recommendations

RHEL 5

3.6.23;   4.6.2

9

Can 4.x samba be installed?

RHEL 6

3.6.23

9

Can 4.x samba be installed?

AIX 5.3

3.5.8

1

Can 4.x samba be installed?

AIX 6.x

3.2.x;     3.5.8

2

AIX 7.x

3.5.11;   3.5.8

2

HP UX 11.11

2.0.6;     3.0.2

3

Sun OS 5.8

3.4.2

1

Debian

3.0.2

1

Total

28










You help is greatly appreciated.

Thank you,
Madhav Singh,
Infrastructure Solution, Design & Delivery
Honeywell Enterprise IT
Plot 115, Nanakramguda,
Hyderabad-500019
Office  : +91-40-66543570  x 61154
Mobile: +91-9000203423
Email:Madhav.Singh at Honeywell.com

From: Singh, Madhav
Sent: Thursday, December 14, 2017 04:13 PM
To: 'abartlet at samba.org' <abartlet at samba.org<mailto:abartlet at samba.org>>
Subject: Samba Server version, AD Authentication and Kerbaros

Hi Abartlet,

I need some help with Samba having AD and Kerbaros authentication. The below is the current samba version and OS version we have in our infrastructure.

My Question is:

*         Can we upgrade/install samba 4.x on the below OS versions? Without upgrading the OS itself.

*         From which Samba version AD and Kerbaros authentication is added


OS

Samba Version

Total

Comments/Recommendations

RHEL 5

3.6.23;   4.6.2

9

Can 4.x samba be installed?

RHEL 6

3.6.23

9

Can 4.x samba be installed?

AIX 5.3

3.5.8

1

Can 4.x samba be installed?

AIX 6.x

3.2.x;     3.5.8

2

AIX 7.x

3.5.11;   3.5.8

2

HP UX 11.11

2.0.6;     3.0.2

3

Sun OS 5.8

3.4.2

1

Debian

3.0.2

1

Total

28










You help is greatly appreciated.

Thank you,
Madhav Singh,
Infrastructure Solution, Design & Delivery
Honeywell Enterprise IT
Plot 115, Nanakramguda,
Hyderabad-500019
Office  : +91-40-66543570  x 61154
Mobile: +91-9000203423
Email:Madhav.Singh at Honeywell.com

From: Feller, Loras
Sent: Tuesday, December 12, 2017 03:59 AM
To: Mcguire, Dennis <dennis.mcguire at capgemini.com<mailto:dennis.mcguire at capgemini.com>>; Nelson, Scott <Scott.W.Nelson at Honeywell.com<mailto:Scott.W.Nelson at Honeywell.com>>; Shah, Baiju (Enterprise IT) <Baiju.Shah at Honeywell.com<mailto:Baiju.Shah at Honeywell.com>>; Singh, Madhav <Madhav.Singh at Honeywell.com<mailto:Madhav.Singh at Honeywell.com>>; Van Ryswyk, Jason <Jason.VanRyswyk at Honeywell.com<mailto:Jason.VanRyswyk at Honeywell.com>>
Cc: Hogan, Bill <bill.hogan at capgemini.com<mailto:bill.hogan at capgemini.com>>; Yarbrough, David <david.yarbrough at capgemini.com<mailto:david.yarbrough at capgemini.com>>
Subject: RE: Samba Server and AD Authentication

Honeywell Internal

Dennis,
I see (5)Linux for Kerberos update.  And (3)AIX that can be updated to Kerberos, since they are AIX6 & AIX7 with Samba v3.5.
  ...for a total of (8)Kerberos, and (0)switch-to-local needs. There are 19 already on local authentication use.

The oltengsvc1 Samba must not be used, since it is Samba v3.4, and smb.conf still identifies as binding to Global.

Thanks, Loras


From: Nelson, Scott
Sent: Monday, December 11, 2017 12:12 PM
To: Mcguire, Dennis <dennis.mcguire at capgemini.com<mailto:dennis.mcguire at capgemini.com>>; Shah, Baiju (Enterprise IT) <Baiju.Shah at Honeywell.com<mailto:Baiju.Shah at Honeywell.com>>; Singh, Madhav <Madhav.Singh at Honeywell.com<mailto:Madhav.Singh at Honeywell.com>>; Van Ryswyk, Jason <Jason.VanRyswyk at Honeywell.com<mailto:Jason.VanRyswyk at Honeywell.com>>; Feller, Loras <Loras.Feller at Honeywell.com<mailto:Loras.Feller at Honeywell.com>>
Cc: Hogan, Bill <bill.hogan at capgemini.com<mailto:bill.hogan at capgemini.com>>; Yarbrough, David <david.yarbrough at capgemini.com<mailto:david.yarbrough at capgemini.com>>
Subject: RE: Samba Server and AD Authentication

Adding Loras

From: McGuire, Dennis W [mailto:dennis.mcguire at capgemini.com]
Sent: Monday, December 11, 2017 10:11 AM
To: Shah, Baiju (Enterprise IT) <Baiju.Shah at Honeywell.com<mailto:Baiju.Shah at Honeywell.com>>; Singh, Madhav <Madhav.Singh at Honeywell.com<mailto:Madhav.Singh at Honeywell.com>>; Nelson, Scott <Scott.W.Nelson at Honeywell.com<mailto:Scott.W.Nelson at Honeywell.com>>; Van Ryswyk, Jason <Jason.VanRyswyk at Honeywell.com<mailto:Jason.VanRyswyk at Honeywell.com>>
Cc: Hogan, Bill <bill.hogan at capgemini.com<mailto:bill.hogan at capgemini.com>>; Yarbrough, David <david.yarbrough at capgemini.com<mailto:david.yarbrough at capgemini.com>>
Subject: RE: Samba Server and AD Authentication

Samba Server list, affected servers.
Those that do not bind to global (green) do not require any modifications.
Those that do (red, yellow and orange) will need modifications.
Those in yellow currently have an AD upgrade path.
Those in orange, were working on an upgrade path, or a path is possible.
Those in red have no upgrade path.

Dennis McGuire
Senior Consultant - UNIX Clusters SME
Capgemini NA
(505) 907-6432
dennis.mcguire at capgemini.com<mailto:dennis.mcguire at capgemini.com>
Website: www.capgemini.com<http://www.capgemini.com/>

People matter, results count.
_______________________________________________________________________
Connect with Capgemini:
[cid:image001.gif at 01D32F9B.509A9260][cid:image001.jpg at 01D375A8.9CE5AE90]<http://www.capgemini.com/insights-and-resources/blogs>[cid:image002.gif at 01D32F9B.509A9260][cid:image002.jpg at 01D375A8.9CE5AE90]<http://www.twitter.com/capgemini>[cid:image003.gif at 01D32F9B.509A9260][cid:image003.jpg at 01D375A8.9CE5AE90]<http://www.facebook.com/Capgemini>[cid:image004.gif at 01D32F9B.509A9260][cid:image004.jpg at 01D375A8.9CE5AE90]<http://www.linkedin.com/company/capgemini>[cid:image005.gif at 01D32F9B.509A9260][cid:image005.jpg at 01D375A8.9CE5AE90]<http://www.slideshare.net/capgemini>[cid:image006.gif at 01D32F9B.509A9260][cid:image006.jpg at 01D375A8.9CE5AE90]<http://www.youtube.com/capgeminimedia>


-----Original Appointment-----
From: Shah, Baiju (Enterprise IT) [mailto:Baiju.Shah at Honeywell.com]
Sent: Wednesday, December 6, 2017 1:18 PM
To: Shah, Baiju (Enterprise IT); McGuire, Dennis W; Singh, Madhav; Nelson, Scott; Van Ryswyk, Jason
Subject: Samba Server and AD Authentication
When: Monday, December 11, 2017 8:00 AM-8:30 AM (UTC-07:00) Arizona.
Where: Skype Meeting


Honeywell Internal



.........................................................................................................................................

--> Join Skype Meeting<https://Collaborate.Honeywell.com/Meet/baiju.shah/959NCQVS>

Trouble Joining? Try Skype Web App<https://Collaborate.Honeywell.com/Meet/baiju.shah/959NCQVS?sl=1>

Join by phone



------------------ IF NOT ONLINE ------------------<tel:+------------------%20IF%20NOT%20ONLINE%20------------------,5501472%23> (North America)                    English (United States)

USA   -   302 669 4979<tel:+USA%20%20%20-%20%20%20302%20669%204979,5501472%23> (North America)                          English (United States)

USA   -   302 669 0333<tel:+USA%20%20%20-%20%20%20302%20669%200333,5501472%23> (North America)                          English (United States)

USA   -   602 794 0088<tel:+USA%20%20%20-%20%20%20602%20794%200088,5501472%23> (North America)                          English (United States)

USA   -   480 293 9588<tel:+USA%20%20%20-%20%20%20480%20293%209588,5501472%23> (North America)                          English (United States)

Canada   -   1 888 974 2915<tel:+Canada%20%20%20-%20%20%201%20888%20974%202915,5501472%23> (North America)                 English (United States)

Canada (French)   -   1 888 974 2916<tel:+Canada%20(French)%20%20%20-%20%20%201%20888%20974%202916,5501472%23> (North America)                 French (Canada)

China   -   00 1 602 794 0088<tel:+China%20%20%20-%20%20%2000%201%20602%20794%200088,5501472%23> (North America)                               English (United States)

France   -   04 8912 5511<tel:+France%20%20%20-%20%20%2004%208912%205511,5501472%23> (North America)                      French (France)

Germany   -   069 222 280 666<tel:+Germany%20%20%20-%20%20%20069%20222%20280%20666,5501472%23> (North America)                            German (Germany)

India   -   00 1 602 794 0088<tel:+India%20%20%20-%20%20%2000%201%20602%20794%200088,5501472%23> (North America)                                English (United Kingdom)

Mexico   -   001 855 251 4207<tel:+Mexico%20%20%20-%20%20%20001%20855%20251%204207,5501472%23> (North America)                             Spanish (Mexico)

United Kingdom   -   016 9860 8166<tel:+United%20Kingdom%20%20%20-%20%20%20016%209860%208166,5501472%23> (North America)                  English (United Kingdom)



Find a local number<https://Collaborate.Honeywell.com/Dialin?id=5501472>



Conference ID: 5501472

Forgot your dial-in PIN?<https://Collaborate.Honeywell.com/Dialin> |Help<https://o15.officeredir.microsoft.com/r/rlidLync15?clid=1033&p1=5&p2=2009>





Honeywell Cisco/Tandberg Rooms: Connect by Dialing the Skype Conference ID.  External Participants using Jabber/standard Video Rooms (SIP/H.323): Connect by Dialing the Skype <Conference ID>@honeywell.com

[!OC([1033])!]

.........................................................................................................................................


<< Message: RE: Samba Server  >>

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 899 bytes
Desc: image001.jpg
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171215/d636c709/image001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 889 bytes
Desc: image002.jpg
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171215/d636c709/image002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 934 bytes
Desc: image003.jpg
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171215/d636c709/image003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 955 bytes
Desc: image004.jpg
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171215/d636c709/image004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 917 bytes
Desc: image005.jpg
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171215/d636c709/image005.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 940 bytes
Desc: image006.jpg
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171215/d636c709/image006.jpg>

More information about the samba-technical mailing list