Wednesday, November 16, 2011

Quest Samba on Solaris 10 using AD authentication

Download Quest packages from:
http://rc.quest.com/downloads.php?release=quest-samba-3.0.34

Disable existing samba:
# svcs -a | grep samba
disabled Oct_13 svc:/network/samba:default

For Solaris 10, we need these packages
bash-3.00# uname -a
SunOS mdc2ps005 5.10 Generic_141444-09 sun4v sparc SUNW,SPARC-Enterprise-T5120 Solaris

#1. QSFTsmb-3.0.34-2-sparc.pkg
#2. QSFTidmap-1.2.2-sparc.pkg


Install QSFTsmb
bash-3.00# pkgadd -d /home/pkg/QSFTsmb-3.0.34-2-sparc.pkg

Output of installation:
The following packages are available:
1 QSFTsmb quest-samba 3.0.34
(sparc) 3.0.34

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Processing package instance from

quest-samba 3.0.34(sparc) 3.0.34
(c) 2006 Samba Team, (c) 2006 Quest Software Inc. All rights rsvd

Do you want to install the development files [y,n,?,q] y

Do you want to install nmbd-quest service [y,n,?,q] y

Do you want to install smbd-quest service [y,n,?,q] y

Do you want to install winbindd-quest service [y,n,?,q] y
## Processing package information.
## Processing system information.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
/opt/quest/man/man1
/opt/quest/man/man5
* /opt/quest/man/man8

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
## Checking for setuid/setgid programs.

This package contains scripts which will be executed with super-user
permission during the process of installing this package.

Do you want to continue with the installation of [y,n,?] y

Installing quest-samba 3.0.34 as

## Installing part 1 of 1.
/opt/quest/include/libmsrpc.h
/opt/quest/include/libsmbclient.h
[ verifying class ]
/etc/init.d/nmbd-quest
/etc/init.d/samba-quest
/etc/init.d/d-quest
/etc/init.d/winbindd-quest
/etc/opt/quest/samba/smb.conf
/lib/security/pam_smbpass.so
/lib/security
/opt/quest/bin/eventlogadm
/opt/quest/bin/findsmb
/opt/quest/bin/net
/opt/quest/bin/nmblookup
/opt/quest/bin/ntlm_auth
/opt/quest/bin/pdbedit
/opt/quest/bin/profiles
/opt/quest/bin/rpcclient
/opt/quest/bin/smbcacls
/opt/quest/bin/smbclient
/opt/quest/bin/smbcontrol
/opt/quest/bin/smbcquotas
/opt/quest/bin/smbget
/opt/quest/bin/smbpasswd
/opt/quest/bin/smbspool
/opt/quest/bin/smbstatus
/opt/quest/bin/smbtar
/opt/quest/bin/smbtree
/opt/quest/bin/tdbbackup
/opt/quest/bin/tdbdump
/opt/quest/bin/tdbtool
/opt/quest/bin/testparm
/opt/quest/bin/wbinfo
/opt/quest/lib/samba/auth/script.so
/opt/quest/lib/samba/charset/CP437.so
/opt/quest/lib/samba/charset/CP850.so
/opt/quest/lib/samba/de.msg
/opt/quest/lib/samba/en.msg
/opt/quest/lib/samba/fi.msg
/opt/quest/lib/samba/fr.msg
/opt/quest/lib/samba/it.msg
/opt/quest/lib/samba/ja.msg
/opt/quest/lib/samba/libmsrpc.so
/opt/quest/lib/samba/libsmbclient.so
/opt/quest/lib/samba/libsmbsharemodes.so
/opt/quest/lib/samba/lowcase.dat
/opt/quest/lib/samba/nl.msg
/opt/quest/lib/samba/pl.msg
/opt/quest/lib/samba/tr.msg
/opt/quest/lib/samba/upcase.dat
/opt/quest/lib/samba/valid.dat
/opt/quest/lib/samba/vfs/audit.so
/opt/quest/lib/samba/vfs/cap.so
/opt/quest/lib/samba/vfs/default_quota.so
/opt/quest/lib/samba/vfs/expand_msdfs.so
/opt/quest/lib/samba/vfs/extd_audit.so
/opt/quest/lib/samba/vfs/fake_perms.so
/opt/quest/lib/samba/vfs/full_audit.so
/opt/quest/lib/samba/vfs/netatalk.so
/opt/quest/lib/samba/vfs/readahead.so
/opt/quest/lib/samba/vfs/readonly.so
/opt/quest/lib/samba/vfs/recycle.so
/opt/quest/lib/samba/vfs/shadow_copy.so
/opt/quest/man/man1/findsmb.1
/opt/quest/man/man1/log2pcap.1
/opt/quest/man/man1/nmblookup.1
/opt/quest/man/man1/ntlm_auth.1
/opt/quest/man/man1/profiles.1
/opt/quest/man/man1/rpcclient.1
/opt/quest/man/man1/smbcacls.1
/opt/quest/man/man1/smbclient.1
/opt/quest/man/man1/smbcontrol.1
/opt/quest/man/man1/smbcquotas.1
/opt/quest/man/man1/smbget.1
/opt/quest/man/man1/smbstatus.1
/opt/quest/man/man1/smbtar.1
/opt/quest/man/man1/smbtree.1
/opt/quest/man/man1/testparm.1
/opt/quest/man/man1/vfstest.1
/opt/quest/man/man1/wbinfo.1
/opt/quest/man/man5/lmhosts.5
/opt/quest/man/man5/smb.conf.5
/opt/quest/man/man5/smbgetrc.5
/opt/quest/man/man5/smbpasswd.5
/opt/quest/man/man7/libsmbclient.7
/opt/quest/man/man7/pam_winbind.7
/opt/quest/man/man7/samba.7
/opt/quest/man/man8/cifs.upcall.8
/opt/quest/man/man8/eventlogadm.8
/opt/quest/man/man8/idmap_ad.8
/opt/quest/man/man8/idmap_ldap.8
/opt/quest/man/man8/idmap_nss.8
/opt/quest/man/man8/idmap_rid.8
/opt/quest/man/man8/idmap_tdb.8
/opt/quest/man/man8/mount.cifs.8
/opt/quest/man/man8/net.8
/opt/quest/man/man8/nmbd.8
/opt/quest/man/man8/pdbedit.8
/opt/quest/man/man8/smbd.8
/opt/quest/man/man8/smbpasswd.8
/opt/quest/man/man8/smbspool.8
/opt/quest/man/man8/swat.8
/opt/quest/man/man8/tdbbackup.8
/opt/quest/man/man8/tdbdump.8
/opt/quest/man/man8/tdbtool.8
/opt/quest/man/man8/umount.cifs.8
/opt/quest/man/man8/vfs_audit.8
/opt/quest/man/man8/vfs_cacheprime.8
/opt/quest/man/man8/vfs_cap.8
/opt/quest/man/man8/vfs_catia.8
/opt/quest/man/man8/vfs_commit.8
/opt/quest/man/man8/vfs_default_quota.8
/opt/quest/man/man8/vfs_extd_audit.8
/opt/quest/man/man8/vfs_fake_perms.8
/opt/quest/man/man8/vfs_full_audit.8
/opt/quest/man/man8/vfs_gpfs.8
/opt/quest/man/man8/vfs_netatalk.8
/opt/quest/man/man8/vfs_notify_fam.8
/opt/quest/man/man8/vfs_prealloc.8
/opt/quest/man/man8/vfs_readahead.8
/opt/quest/man/man8/vfs_readonly.8
/opt/quest/man/man8/vfs_recycle.8
/opt/quest/man/man8/vfs_shadow_copy.8
/opt/quest/man/man8/vfs_xattr_tdb.8
/opt/quest/man/man8/winbindd.8
/opt/quest/sbin/nmbd
/opt/quest/sbin/smbd
/opt/quest/sbin/swat
/opt/quest/sbin/winbindd
[ verifying class ]
## Executing postinstall script.
/etc/rc2.d/S98nmbd-quest
/etc/rcS.d/K30nmbd-quest
/etc/rc0.d/K30nmbd-quest
/etc/rc1.d/K30nmbd-quest
/etc/rc2.d/S98smbd-quest
/etc/rcS.d/K30smbd-quest
/etc/rc0.d/K30smbd-quest
/etc/rc1.d/K30smbd-quest
/etc/rc2.d/S98winbindd-quest
/etc/rcS.d/K30winbindd-quest
/etc/rc0.d/K30winbindd-quest
/etc/rc1.d/K30winbindd-quest
Installation of was successful.




Install vasidmap
bash-3.00# pkgadd -d /home/pkg/QSFTidmap-1.2.2-sparc.pkg

The following packages are available:
1 QSFTidmap quest-vasidmap 1.2.2
(sparc) 1.2.2

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:

Processing package instance from

quest-vasidmap 1.2.2(sparc) 1.2.2
Copyright 2010 Quest Software, Inc. All rights reserved.
## Processing package information.
## Processing system information.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

This package contains scripts which will be executed with super-user
permission during the process of installing this package.

Do you want to continue with the installation of [y,n,?] y

Installing quest-vasidmap 1.2.2 as

## Installing part 1 of 1.
/etc/init.d/vasidmapd
/opt/quest/bin/vasidmap
/opt/quest/libexec/vas-set-samba-password
/opt/quest/libexec/vasidmap-status
/opt/quest/sbin/vas-krb5-config
/opt/quest/sbin/vas-samba-config
/opt/quest/sbin/vasidmapd
/opt/quest/share/man/man1/vas-krb5-config.1
/opt/quest/share/man/man1/vas-samba-config.1
/opt/quest/share/man/man1/vasidmap.1
/opt/quest/share/man/man8/vas-set-samba-password.8
/opt/quest/share/man/man8
/opt/quest/share/man/man8/vasidmapd.8
/opt/quest/share/quest-vasidmap/vasidmap-common.sh
/opt/quest/share/quest-vasidmap
[ verifying class ]
## Executing postinstall script.
Registering vasidmapd with SMF

Installation of was successful.

Configure krb and update smb config:
bash-3.00#/opt/quest/sbin/vas-samba-config
bash-3.00# /opt/quest/sbin/vas-krb5-config


Copy the right smb config file
/etc/opt/quest/samba/smb.conf
Sample smb.conf below....

Start samba services:
/etc/init.d/vasidmapd start
/etc/init.d/samba-quest start



-------------------------------------------
# cat smb.conf
[global]
workgroup = PANKAJGAUTAM
server string = PG Samba Server
security = ads
realm = PANKAJGAUTAMG.COM
auth methods = winbind guest sam
use kerberos keytab = yes
winbind refresh tickets = true
use spnego = yes
machine password timeout = 0

# winbind configuration
# winbind separator is default set to '' - so it is fine

winbind normalize names = yes
#winbind separator = +
winbind use default domain = no
winbind enum users = yes
winbind enum groups = yes
#winbind nss info = template
winbind nss info = sfu

idmap domains = PANKAJGAUTAM

idmap config PANKAJGAUTAM:backend = rid
idmap config PANKAJGAUTAM:base_rid = 500
#idmap config PANKAJGAUTAM:default = yes
idmap config PANKAJGAUTAM:readonly = yes
idmap config PANKAJGAUTAM:range = 100000 - 19999999999999
idmap uid = 1000 - 5999999999
idmap gid = 1000 - 5999999999
idmap config PANKAJGAUTAM:schema = rfc 2307
idmap alloc backend = tdb
idmap alloc config:range = 1000 - 1000000000


ldap admin dn = CN=VasIdmapAdmin

username map script = /opt/quest/bin/vasidmap

invalid users = root bin daemon lp sys tty

log file = /var/samba/log/log.%m
log level = 3 printdrivers: 0 lanman: 0 smb: 1 rpc_parse: 0 rpc_srv: 0 rpc_cl
i: 0 passdb: 1 sam: 0 auth: 5 winbind: 5 vfs: 0 idmap: 0 quota: 0 acls: 0 loc
king: 0 msdfs: 0 dmapi: 0

max log size = 1024

#============================ Share Definitions ==============================

;--- begin options added by vasidmap-config (20110930) ---
idmap backend = ldap:ldap://localhost
;--- end options added by vasidmap-config (20110930) ---

idmap cache time = 300 # Expire the tdb cache every 5 minutes

;--- begin options added by vas-samba-config (20110930) ---
domain master = no
domain logons = no
obey pam restrictions = yes
;--- end options added by vas-samba-config (20110930) ---


;--- begin options added by vas-samba-config (20111115) ---
winbind nested groups = no
;--- end options added by vas-samba-config (20111115) ---

[Data]
comment = Data Stuff
path = /var/data/
public = yes
writable = yes
printable = no
force grcup = dam
directory mask = 775
force create mode = 775
force directory mode = 775

Posted by at No comments:
Subscribe to: Posts (Atom)