Installing the IBM Security Samba Integration Components

This section explains how to install the Verify Privilege Server Suite adbindproxy package. You install the adbindproxy package on your Linux and UNIX computers so that the DirectControl agent works with Samba.

Installation Process Overview

Your Linux or UNIX computer can be in one of three main states regarding Samba and Verify Privilege Server Suite:

The installation process varies slightly depending on what kind of environment you’re currently using.

Installation Overview for Computers New to both Verify Privilege Server Suite and Samba

If you’re configuring a computer that does not yet have either Samba working nor the DirectControl agent, here’s an overview of what you need to do.

Software Tasks
Make sure that you have the software you need. Make sure that you have the latest version of the DirectControl agent, the Centrify adbindproxy package, and the open source Samba files.
Install the DirectControl agent. Refer to the Verify Privilege Server Suite documentation for instructions.
Install open source Samba. All major UNIX and Linux distributions have Samba as a native package. See your distributor’s package or port system for a native install of Samba on your system. You can also visit https://samba.plus/ which offers Samba packages for Red Hat Linux, SUSE Linux Enterprise Server, and Debian.
Install the Verify Privilege Server Suite adbindproxy package.

See Installing the adbindproxy Components.

You can run the following command, pkg install -g *.p5p security/centrifydc-adbindproxy to install the IPS package on Solaris. For more information, see

Run the adbindproxy.pl script. See Configuring the Samba Integration
Modify the Samba configuration file, as needed. See Modifying the Samba smb.conf Configuration File.
Test and verify the configuration. See Verifying the Samba Integration

Installation Overview for Computers New to Verify Privilege Server Suite

If you’re configuring a computer that has Samba configured but that does not yet have the DirectControl agent installed, here’s an overview of what you need to do.

Software Tasks
Make sure that you have the software you need. Make sure that you have the latest version of the DirectControl agent, the Centrify adbindproxy package, and the open source Samba files.
Install the DirectControl agent. Refer to the Verify Privilege Server Suite documentation for instructions.
Make a backup copy of your smb.conf file.
Install the Centrify adbindproxy package. See Installing the adbindproxy Components
Migrate Samba users to Active Directory. See Migrating Existing Samba Users to Verify Privilege Server Suite
Note: If you’re using Auto Zone or Verify Privilege Server Suite Express, user migration is not supported.
Run the adbindproxy.pl script. See Configuring the Samba Integration
Modify the Samba configuration file, as needed. See Modifying the Samba smb.conf Configuration File.
Test and verify the configuration. See Verifying the Samba Integration

Upgrade Overview for Computers with Verify Privilege Server Suite-Enabled Samba

Beginning in calendar year 2016, we neither provide nor support the Verify Privilege Server Suite-enabled version of Samba that was available earlier. Instead, we now provide a standalone adbindproxy package containing the components that are necessary for Verify Privilege Server Suite to integrate with open-source Samba.

If you are currently using Verify Privilege Server Suite-enabled Samba with Verify Privilege Server Suite 2013.3 or later (Verify Privilege Server Suite), not only do you need to upgrade to the latest DirectControl agent but there are some additional steps to migrate your users and settings. Below is an overview of what you need to do on each agent-controlled Linux and UNIX computer that was integrated with Samba.

Software Tasks
Make sure that you have the software you need. Make sure that you have the latest version of the DirectControl agent, the Centrify adbindproxy package, and the open source Samba files.
Make a backup copy of your smb.conf file.
Uninstall Verify Privilege Server Suite-enabled Samba. For example, on most Linux variants you would issue the following command: rpm -e CentrifyDC-samba
Upgrade the DirectControl agent so that it’s either the latest version or a version later than 2013.3. Refer to the Verify Privilege Server Suite documentation for instructions.
Install open source Samba. All major UNIX and Linux distributions have Samba as a native package. See your distributor’s package or port system for a native install of Samba on your system. You can also visit https://samba.plus/ which offers Samba packages for Red Hat Linux, SUSE Linux Enterprise Server, and Debian.
Install the Verify Privilege Server Suite adbindproxy package. See Installing the adbindproxy Components
Migrate Samba users to Active Directory. See Migrating Existing Samba Users to Verify Privilege Server Suite
Note: If you’re using Auto Zone or Verify Privilege Server Suite Express, user migration is not supported.
Run the adbindproxy.pl script. See Configuring the Samba Integration
Modify the Samba configuration file, as needed. See Modifying the Samba smb.conf Configuration File.
Test and verify the configuration. See Verifying the Samba Integration.

What’s in the adbindproxy Package

After you download and extract the Centrify adbindproxy package, you’ll see the following files: ./Centrify-Adbindproxy-Release-Notes.html./CentrifyDC-adbindproxy-*release*-rhel5-x86_64.rpm

The software bundle has a name in this format: centrify-adbindproxy-release-rhel5-x86_64.rpm and it contains these components:

  • adbindproxy (adbindd) module: The adbindproxy module uses the adbindd daemon. Unless otherwise noted, adbindproxy and adbindd are used interchangeably in the documentation. The adbindproxy (adbindd) module intercepts Samba UNIX ID mapping requests and reroutes them to the DirectControl agent for processing. This module ensures that Samba and the DirectControl agent agree on the UNIX attribute values.
  • adbindproxy.pl PERL configuration script: This script automates most of the setup process and designates the DirectControl agent as the manager of the shared computer object.

Installing the adbindproxy Components

Perform the following steps to install the integration components from the adbindproxy package. In these steps, the file name CentrifyDC-adbindproxy-*.rpm is used in place of the full file name. You can use the wildcard symbol (*) to substitute for a portion of the file name if there are no conflicting files in the directory.

If you are upgrading from a previous version of Verify Privilege Server Suite-enabled Samba, see Upgrade overview for computers with Centrify-enabled Samba before proceeding.

Be sure to enter the full path name in the command line if multiple versions of the same file exist in the same directory.

To install the IBM Security Samba integration components

  1. Run the appropriate command for your platform to install the centrifydc-adbindproxy package.

    The following table shows sample commands using the common package installers for each platforms.

    For This Platform You Can Run
    Linux-based computers Red Hat Enterprise Linux For 64-bit systems:
    rpm -Uvh CentrifyDC-adbindproxy-*release*-rhel5.x86_64.rpm
    For PowerPC systems:
    rpm -Uvh CentrifyDC-adbindproxy-*release*-rhel5.ppc64.rpm
    For Little-endian PowerPC systems (PPCLE):
    rpm -Uvh CentrifyDC-adbindproxy-*release*-rhel7.ppc64le.rpm
    Oracle Solaris using SVR4 package manager On SPARC systems, for example:
    gunzip delinea-adbindproxy-*release*-sol10-sparc-local.tgz
    tar -xf delinea-adbindproxy-*release*-sol10-sparc-local.tar
    pkgadd -d delinea-adbindproxy
    For other Solaris versions and platforms, the commands are the same but the filenames are different. For example, on a 64-bit system: delinea-adbindproxy-*release*-sol10-x86-local.tgz
    Oracle Solaris using IPS package manager

    For SPARC systems, for example:
    gunzip delinea-adbindproxy-*release*-sol11-sparc.tgz
    tar -xf delinea-adbindproxy-*release*-sol11-sparc.tar
    pkg install -g centrifydc-adbindproxy-*release*-sol11-sparc.p5p security/centrifydc-adbindproxy
    For other Solaris versions and platforms, the commands are the same, but the filenames are different. For example, on a 64-bit system: delinea-adbindproxy- *release*-sol11-i386.tgz.
    You can also reference KB-010444 here: https://support.delinea.com/s/article/KB-010444-How-to-install-the-IPS-adbindproxy-package-on-Solaris

    HP-UX For HP-UX 11.31 on PA-RISC:
    gunzip centrifydc-adbindproxy-*release*-hp11.31-pa.depot.gz
    swinstall -s /path/centrifydc-adbindproxy-*release*-hp11.31-pa.depot CentrifyDC-adbindproxy
    For other HP-UX versions and platforms the commands are the same but the file names are different. For example on HP-UX 11.31 Itanium 64-bit systems:
    centrifydc-adbindproxy-*release*-hp11.31-ia64.depot.gz
    IBM AIX For AIX 7.1 or later:
    gunzip centrifydc-adbindproxy-*release*-aix7.1-ppc-bff.gz
    inutoc
    installp -aY -d centrifydc-adbindproxy-*release*-aix7.1-ppc-bff CentrifyDC.adbindproxy
    Debian Linux Ubuntu Linux Check that you have libcupsys2-gnutls10 (1.1.23-1 or later) installed If you have the required libraries, run the following command to install:
    dpkg –i centrifydc-adbindproxy-*release*-deb8-x86_64.deb
    SuSE Linux OpenSuSE Linux For 64-bit systems:
    rpm -ivh CentrifyDC-adbindproxy-*release*-suse11.x86_64.rpm

  2. (Optional) Join the computer to a zone using the adjoin command.

    This concludes the installation of the adbindproxy package.

    If you have existing Samba users to migrate, go to Migrating Existing Samba Users to Verify Privilege Server Suite. Otherwise, go to Configuring the Samba Integration to continue.

Updating the Samba Files

After you've installed the Verify Privilege Server Suite adbindproxy package, you might need to update your version of Samba. When you update the Samba files, the update will replace smb.conf and also restart Samba with its own startup script instead of the adbindd script.

Before you update your version of Samba, it's a good practice to make a backup copy of your smb.conf file.

After you update your version of Samba, perform the following tasks so that you can keep the Verify Privilege Server Suite adbindproxy package working.

To keep the Verify Privilege Server Suite adbindproxy package working after updating Samba:

  • Do one of the following:

    • Run adbindproxy.pl to reconfigure the centrifydc-samba service (Recommended)

      After adbindproxy.pl finishes the setup, you may want to add back the customized settings from the smb.conf backup to the new smb.conf file. Restart the centrifydc-samba service after the change. Note that the commands to restart the service are different on different platforms.

    • Manually replace the smb.conf with the backup.

      After replacing the smb.conf file, restart the centrifydc-samba service. Note that the commands to restart the service are different on different platforms.

      This method may not work because the Samba upgrade may affect the configurations of the centrifydc-samba service and the Samba service itself.