[Samba] HPUX and Samba 3.023 question
eroseme at emonster.rose.hp.com
Tue Aug 12 20:08:13 GMT 2008
Ryan Novosielski wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Eric Roseme wrote:
>> Casey Dearcorn wrote:
>>> I am sorry if this sounds dumb, but I am sort of a newbie with samba.
>>> We have upgraded our active directory domain servers to 2008 and samba
>>> 3.07 will not bind to the directory anymore. I have been told that I
>>> need to upgrade past 3.022 in order to make it work? First of all is
>>> this true? Second, when I went to install it and run it there is an
>>> error that it can not find libldap-2.2.so. I am assuming this is for
>>> the HPUX IXOPENLDAP, but I am not sure. In either case I can not find
>>> this version to install. I don't want to mess my box up, but I would
>>> like to get my samba running correctly again. Can anyone give me any
>>> advice or information?
>> Hi Casey,
>> Are you using HP CIFS Server or Opensource Samba? I am guessing from
>> the library error that you were using CIFS Server and then tried to
>> install and run Opensource. What HP-UX version are you on?
>> If you are compiling/using Opensource, then you need to update past
>> 3.0.28, so you might as well get 3.0.31. You will also need to install
>> OpenLDAP to get the libraries. Go here and read the README:
>> If you are using HP CIFS Server, then the latest version is based upon
>> Samba 3.0.22a with fixes ported in from later versions up to 3.0.25a. So
>> it does not have the fix for joining a W2008 domain with "security =
>> ads". You can join W2008 with "security = domain", though.
>> Eric Roseme
> Is that also true of A.02.03.04? Looks like it is somewhat newer, but
> I'm not 100% sure how that affects the domain stuff.
> You probably know better than I, being from HP, but I've spent an
> inordinate amount of time on this recently, so I have the release notes
> memorized. :-P
> PS: utmp = yes causes PANIC's on A.02.03.03 and A.02.03.04.
Yes - unfortunately, it also holds true of A.02.03.04. Sorry that you
spent so much time on it.
I can send you a tool that will allow you to write the CIFS/Samba
computer object to the W2008 AD and generate a keytab file on the
CIFS/Samba server. When you start CIFS/Samba with "use kerberos keytab
= yes", your users can authenticate to and mount CIFS/Samba shares, but
any of the net commands that require auth-n will fail (including join).
winbind will not start either. Still working on this as a W/A. I do
not have a timeframe for 3.0.28 (or .31) for CIFS yet.
PS - the tool is "unsupported".
More information about the samba