Hi Mark

That sounds like a really good RFE topic, if it isn't supported with EIM. I set up an RJS product for EIM/SSO several years ago and have forgot most of where the Kerberos stuff lives in the IFS - is it in PASE? I don't think so, but maybe.

I just did a quick look at the open source Samba option that is now available - it does say this -

"Samba is an open source SMB-based networking protocol for providing fast, stable, and secure file access. File serving, something we have had on IBM i for a long time is provided with IBM i NetServer IBM i NetServer has many great features when it comes to file serving, although in some instances performance has been an issue. Samba is a server that uses TCP/IP on IBM i to interact with Microsoft® Windows® clients or servers as if it is a Windows file and print server. Samba is not intended to be a full replacement for file serving on IBM i, but rather give customers an additional option. For example, *__Samba does not support Kerberos*__, automatic CCSID conversions, or integration with the IBM i QIBM_QPWFS_FILE_SERV exit point. For those features, IBM i NetServer is the best choice. But, if you require just basic file serving with performance, then Samba might be the choice for you. Consider the following key features:

* - A fast, modern, lightweight Common Internet File System (CIFS)
file server
* - An FTP style CIFS client (smbclient)

Now it does say it does NOT support Kerberos - but it also says it is CIFS - so is NetServer, right? So maybe there is a chance for an RFE to gain traction.

Vern

On 1/31/2020 9:39 AM, Mark Waterbury wrote:
Hi, Vern,

It seems that Samba does support various forms of Kerberos on other platforms ... see:

    https://www.google.com/search?q=does+samba+support+kerberos

My question was really about whether the "Samba" that IBM is distributing for IBM i (that runs in PASE) would work with the IBM i EIM/SSO that is built into the OS.

Mark S. Waterbury

On Friday, January 31, 2020, 10:33:04 AM EST, Vernon Hamberg <vhamberg@xxxxxxxxxxxxxxx> wrote:
I don't think it does - unless the way to connect with Samba uses
something else, like ssh? That Jack was talking about.

The Samba approach to NetServer does mean you don't have a lot of
management stuff that the QNTC support does. (I couldn't exactly
remember what is under the covers, so just used the term QNTC.)

Vern

On 1/31/2020 9:12 AM, Mark Waterbury wrote:
  Does SAMBA support Kerberos (EIM/SSO) on the IBM i?

      On Friday, January 31, 2020, 10:11:03 AM EST, Vernon Hamberg <vhamberg@xxxxxxxxxxxxxxx> wrote:
  I don't know - the OP said a fair amount about authentication in the
original email, and the subject speaks of it, kind of.

Good question, man!

Vern

On 1/31/2020 8:52 AM, midrangel@xxxxxxxxxxxxxxxxx wrote:
It can be Vern, but is authentication the real problem or is that a side
note?  I suspect it has more to do with other items.

--
Jim Oberholtzer
Agile Technology Architects

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Vernon
Hamberg
Sent: Friday, January 31, 2020 8:52 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Samba as alternative to NetServer - How to use USRPRF Password

I don't know if this applies - I seem to recall that Kerberos and EIM could
be set up for NetServer - maybe worth a look, other than other things are
involved, right?

Vern

On 1/31/2020 8:07 AM, midrangel@xxxxxxxxxxxxxxxxx wrote:
Is NFS a potential solution?  User authentication happens with the
PID/UID that is a part of the user profile so they are tied together.

You don't specify which level of IBM i your system runs, and if there
are SMB compatibility issues.  Could the SMB version on the desktop be
contradictory to the SMB version on the server?

--
Jim Oberholtzer
Agile Technology Architects

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Franz.Rauscher@xxxxxxxxxxx
Sent: Friday, January 31, 2020 5:59 AM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Samba as alternative to NetServer - How to use USRPRF
Password

Hi!

We are using IBM-i with NetServer for about 1.5 Years now.
Since the Beginning there where Problems with Access to Netserver over
WAN (IPSec Tunnel) .We had some Tickets with IBM and the made some
PTFs to fix various things. (MA47224, MA47302, Other Problems with
Starting exe Files where we received a Workaround wich shoots other
thngs as we found out
now))

But after all we are not really satisfied with the compatibility of
NetServer with Windows-10.

First of all: I dont want to store my files outside of out AS400. I
know all alternatives and i dont need any suggestions or discussion on
this ;-)

Whats the state now:

We are now considering using Samba on IBM-i but the problem i have is
that it has a seperate User Database which i really dont like.
Is someone of you using Samba on AS400 and how do you handle this problem.

I thought that when nothing other is possible i would register with
QIBM_QSY_VLD_PASSWRD and send new Passwords to a Job via DataQueue
which calls pdbedit to change the users in the samba-db. But this is
not a nice solution.

Any suggestions?

Greetings,
Franz


Systeminfo: IBM-i 7.4 TR1, Power-S812, No Virtualization, Single OS
Instance . Problems mostly over low latency Networks ( ca 10ms-20ms)

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link:
https://amazon.midrange.com



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.