dchunt Absent Member.
Absent Member.
2093 views

How to configure CIFS for AD auth and SMB2

I am trying to configure CIFS on an OES2015 SP1 server to use third party authentication - specifically to authenticate against our AD domain. I also want to use the SMB2 Dialect (protocol); not the older NT dialect. In iManager when I go to the CIFS authentication tab and try to put in the AD PDC's name and IP address it tells me "The parameters to CIFS_SetServerConfiguration are not valid for this server type". This error is listed in the Misc section of the troubleshooting docs for CIFS and it says:

If SMB2 is the current dialect, iManager plug-in prevents changing the authentication mode from 'Local' to 'Domain (Passthru)'. It throws the error message, "The parameters to CIFS_SetServerConfiguration are not valid for this server type".

So how do I set up CIFS so that it uses SMB2 for better security and yet authenticates users against AD? What am I missing?

Thanks,

Dan
Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: How to configure CIFS for AD auth and SMB2

Hello Dan,

please have a look at the documentation of OES2015SP1 especially the
"NSS AD Deployment and Administration Guide" (stor_nss_ad_lx.pdf, the
chapters 1 to 3). I am not able to tell the short story but you should
not try to configure the PDC's name in the CIFS-config of iManager.
You should configure CIFS in iManager just for eDirectory, install the
NSS AD Support software (from the OES2015SP1-DVD or any other
repository) and then after all prerequisites are met join the OES-Server
to the AD domain.

Regards

Burkhard Wiegand
OES-Admin
Debeka-Versicherungen
0 Likes
dchunt Absent Member.
Absent Member.

Re: How to configure CIFS for AD auth and SMB2

Burkhard, thanks for the reply. I did look at that documentation and am in fact setting up NSS AD on the server now as an alternative to CIFS. It looked to me like I could use either or both approaches. You feel that the NSS AD support is the preferred approach because it uses kerberos for authentication?

BTW, the docs say that for NSS AD support you have to have CIFS installed and working. Is it just necessary to have it installed on the server but not configured for authentication? See page 14 under section 2.2 in the column for "Installing NS AD post OES Server installation", where it says "Ensure that the the Novell CIFS service that AD users will access is configured and operational on the OES server."

How should it be configured then if I can't use SMB2 and AD authentication???

Thanks,

Dan
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: How to configure CIFS for AD auth and SMB2

Hello Dan,

so far accounts (untill OES11 SP3) for accessing oes-nss-volumes via
CIFS had to reside in edirectory. Configuring CIFS allows eDirecetory
users access to oes-nss-volumes without having a novell-client installed
on their clients. So "Ensure that the Novell CIFS service
that AD users will access is configured and operational on the OES
server." means that you should configure CIFS that eDir users are able
to access oes-nss-volumes as a neccessary test that CIFS is working
before you go on installing and configuring NSS-AD support.
The new "thing" of NSS-AD support in OES2015 is that now MS Active
Directory users can be taken to allow access to oes-nss-volumes. With
OES11 this was not possible.

Regards Burkhard
0 Likes
dchunt Absent Member.
Absent Member.

Re: How to configure CIFS for AD auth and SMB2

OK, so I try to configure CIFS to use the SMB2 protocol and third party authentication but it won't let me. Why not?

Dan
0 Likes
dchunt Absent Member.
Absent Member.

Re: How to configure CIFS for AD auth and SMB2

Or are you saying that even though CIFS says it supports third party authentication, what I should do is make it authenticate against eDirectory before installing OES2015 SP1 NSS AD integration?

Dan
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: How to configure CIFS for AD auth and SMB2

Hello Dan,

so far i have never dealed with third-party-authentication in iManager
(and it is not neccessary to set up for NSS-AD-Integration). It should
be possible for an edir-User to access the server via CIFS (as a first
test for CIFS) and then installing the OES-NSS-AD-Integration.

Regards Burkhard
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.