Using vendor Samba with Quest Authentication Services
Although Quest Software provides convenience packages for
Quest Samba,
some customers may be required by policy to use a vendor-supplied
native Samba
.
This document describes the vendor-supplied Samba packages tested by
Quest Software with Quest Authentication Services, and what
configuration was required for them to work.
The following table summarizes the platforms and vendor packages examined:
| OS Type | Platform | Samba version | Compatible with Quest Authentication Services |
|---|---|---|---|
| Solaris | 2.6 | - | - |
| Solaris | 7 | - | - |
| Solaris | 8 | - | - |
| Solaris | 9 | Samba 2.2.8a | no |
| Solaris | 10 | Samba 3.0.11 (SUNWsmb...) | no (not compiled to support AD) |
| AIX | 4.3.3 | Samba 2.2.7 | no |
| AIX | 5.1 | Samba 2.2.7 | no |
| AIX | 5.2 | Samba 2.2.7 | no |
| AIX | 5.3 | Samba 2.2.7 | no |
| RedHat | Linux 7.3 | Samba 2.2.3a | no |
| RedHat | Linux 8.0 | Samba 2.2.5 | no |
| RedHat | Linux 9.0 | Samba 2.2.7a | no |
| RedHat | Enterprise 2.1 | Samba 2.2.10 | no |
| RedHat | Enterprise 3.0 | Samba 3.0.9 | yes (Configuration details) |
| RedHat | Enterprise 4.0 | Samba 3.0.10 | yes (Configuration details) |
| RedHat | Enterprise 5.0 | Samba 3.0.23c | yes (Configuration details) |
| CentOS | 2 | Samba 2.2.7 | no |
| CentOS | 3 | Samba 3.0.9 | yes (Configuration details) |
| CentOS | 4 | Samba 3.0.10 | yes (Configuration details) |
| Fedora | Core 1 | Samba 3.0.0 | yes (Configuration details) |
| Fedora | Core 2 | Samba 3.0.3 | yes (Configuration details) |
| Fedora | Core 3 | Samba 3.0.8 | yes (Configuration details) |
| Fedora | Core 4 | Samba 3.0.14a | yes (Configuration details) |
| Fedora | Core 5 | Samba 3.0.21b | yes (Configuration details) |
| SuSE | Desktop 8.0 | Samba 2.2.3a | no |
| SuSE | Desktop 8.1 | Samba 2.2.5 | no |
| SuSE | Desktop 8.2 | Samba 2.2.7 | no |
| SuSE | Desktop 9.0 | Samba 2.2.8a | no |
| SuSE | Desktop 9.1 | Samba 3.0.2 | yes (Configuration details) |
| SuSE | Desktop 9.2 | Samba 3.0.7 | yes (Configuration details) |
| SuSE | Desktop 9.3 | Samba 3.0.12 | yes (Configuration details) |
| SuSE | OpenSuSE 10 | Samba 3.0.22 | yes (Configuration details) |
| SuSE | OpenSuSE 10.1 | Samba 3.0.22 | yes (Configuration details) |
| SuSE | Enterprise Server 8 | Samba 2.2.5 | no |
| SuSE | Enterprise Server 9 | Samba 3.0.4 | yes (Configuration details) |
| SuSE | Enterprise Server 10 | Samba 3.0.22 | yes (Configuration details) |
| Debian/Ubuntu | Debian Linux 3.1 | Samba 3.0.14a | yes (Configuration details) |
| Tru64 | Tru64 5.1 and above | Internet Express for Tru64 Unix | Not tested; details |
| SGI IRIX | 6.5.22 | Samba for IRIX v2.2. software suite (Samba for IRIX 3.0.11) | Not tested; details |
| VMware ESX | 2.1.3 | Samba 2.2.12 | no |
| VMware ESX | 2.5.0 | Samba 2.2.7 | no |
| VMware ESX | 2.5.1 | Samba 2.2.7 | no |
| VMware ESX | 2.5.2 | Samba 2.2.7 | no |
| VMware ESX | 2.5.3 | Samba 2.2.12 | no |
| VMware ESX | 3 | Samba 3.0.9 | yes (Configuration details) |
| VMware ESX | 3.0.1 | Samba 3.0.9 | yes (Configuration details) |
| HP-UX | 11.00 | HP CIFS Server A.01.11.05 | yes (Configuration details) |
| HP-UX | 11.11 | HP CIFS Server A.02.03.02 | yes (Configuration details) |
| HP-UX | 11.22 | HP CIFS Server A.02.03.02 | yes (Configuration details) |
| HP-UX | 11.23 | HP CIFS Server A.02.03.02 | yes (Configuration details) |
| Macintosh | OS X 10.4 | Samba 3.0.10 | no |
The rest of this document contains configuration notes for packages in the above table.
Linux
Linux systems that come with a Samba package of version greater than 3.0.0 should work with Quest Authentication Services and Active Directory authentication. The configuration for these systems are similar:
- Red Hat Linux and derivatives (e.g. CentOS, Fedora, Whitebox)
- SuSE Linux
- Debian Linux and derivatives (e.g. Ubuntu)
Please see your installation media, or use online package management tools to find and install the latest version of Samba available for your system.
Configuration
- Install the vasidmap package.
- Configure Kerberos to interoperate with Quest Authentication Services
# /opt/quest/sbin/vas-krb5-config
- Configure Samba to interoperate with Quest Authentication Services
# /opt/quest/sbin/vas-samba-config -b /usr
Verification
Please see the section below on verifying the Samba share.
HP-UX
Install HP CIFS package
HP-UX CIFS (Common Internet File System) server packages can be found at HP Software Download Site. The package will be installed under /opt/samba.
We tested CIFS A.02.03.02 with Quest Authentication Services.
Configuration
- Install the vasidmap package.
- Configure Kerberos to interoperate with Quest Authentication Services
# /opt/quest/sbin/vas-krb5-config
- Configure Samba to interoperate with Quest Authentication Services
# /opt/quest/sbin/vas-samba-config -b /opt/samba
- Start the Samba service using its startup script:
# /opt/samba/script/startsmb
Verification
You can verify the Samba server by accessing files on the server through a Windows client. Login to a Windows workstation as a test user, choose Start | Run... and enter the UNC to the home directory share of the user:
Open: \\server.example.com\userUnder Linux/Unix, a simple verification can be made using the smbclient tool:
$ vastool kinit Password for user@example.com: password $ smbclient -k //server.example.com/user Domain=[EXAMPLE] OS=[UNIX] Server=[Samba 3.0.10-1.4E] smb: \> ls
— Wei Hu and David Leonard