Hpux and samba4 ad

Linusolaradm1 · December 25, 2014, 7:53pm

I'm tryng to setup hpux samba,i use this smb.conf

    [global]
            workgroup = DOMINIO
        realm = DOMINIO.COM
        server string = ""
        netbios name = HPUX2
            security = ads
            hosts allow = 192.168.0.0/24 127.0.0.1
            debug level = 10
            log file = /var/opt/samba4/log/%m.log
            max log size = 50
            log level = 1
            syslog = 0
            template shell = /usr/local/bin/bash
            template homedir = /home/%U
            winbind separator = /
            winbind enum users = yes
            winbind enum groups = yes
            winbind use default domain = yes
            encrypt passwords = yes
            invalid users = root
            local master = yes
            domain master = no
            preserve case = yes
            short preserve case = no
            default case = lower
            case sensitive = no
          map to guest = never
           restrict anonymous = 2
        hide dot files = yes
        guest account = smbnull
    
    
    [Pubblica]
       comment = Dir pubblica
       browseable = yes
       guest ok = yes
       guest only = no
       public = yes
       path = /var/pubblica
       writable = yes

When i try to join AD(samba4) it create the hpux computer on computers ou
of AD,but fail with this error

   Failed to join domain: failed to connect to AD: Cannot contact any KDC for requested realm

Kinit works fine,and krb5.conf are ok
I see also spn entries were created
but wbinfo -g and wbinfo -u report fail
On server log i see

      receive_smb_raw_talloc failed for client ipv4:192.168.0.16:51845 read error = NT_STATUS_END_OF_FILE.

I try both samba4 compiled by me and cifs-server of hpux

For help this is the krb5.conf

    [libdefaults]
     default_realm = DOMINIO.COM
     dns_lookup_realm = true
     dns_lookup_kdc = true
     ticket_lifetime = 24h
     renew_lifetime = 7d
     forwardable = true
     allow_weak_crypto = true
    
    [realms]
     DOMINIO.COM = {
     }
    
    [domain_realm]
     .dominio.com = DOMINIO.COM
     dominio.com = DOMINIO.COM

Someone can help?Thanks

---------- Post updated 25-12-14 at 07:53 PM ---------- Previous update was 24-12-14 at 08:09 PM ----------

Solution found,compiled krb5 mit and samba3
now join the ads and show winbind users
Only one problem

If i try to load winbind

/usr/lib/hpux32/dld.so: Unsatisfied code symbol '_nss_winbind_initgroups_dyn' in load module '/usr/lib/hpux32/libnss_winbind.so.1'. Killed

I have copied nss_winbind.so from source in
/usr/lib/hpux32/libnss_winbind.so.1

Linusolaradm1 · December 29, 2014, 11:46am

Solution found for missing symbol,must modify configure of samba hpux line must be

        *hpux11*)
                NSSSONAMEVERSIONSUFFIX=".1"
                WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_solaris.o \
                    ../nsswitch/winbind_nss_linux.o"

instead of

        *hpux11*)
                NSSSONAMEVERSIONSUFFIX=".1"
                WINBIND_NSS_EXTRA_OBJS="../nsswitch/winbind_nss_solaris.o"

Compile fine,launch winbindd ok,but id doensn't report the user (same thing for pwget),i have configured good nsswitch.conf probably something bad in nsswitch wrapper code.
I will wait next release..

Linusolaradm1 · December 31, 2014, 5:26pm

Solution found: work fine (the official hp cifs server)
only on 11.23,probably kerberos of 11.31 doesn't like
samba4 kerberos server.