Manualshelf

CIFS Server Administrator's Guide Version A.03.02.00 (5900-2578, January 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
71727374757677787980
netbios name = MYSERVER
Then join the ADS domain by manually executing the "net ads join -U
Administrator%password" command.
NOTE: If you use the startTLS feature for strong authentication support, see “Configuring HP
CIFS Server to Enable startTLS” section for more information about smb.conf configuration.
5. Use the following command to start your HP CIFS Server:
/opt/samba/bin/startsmb
6. Run the following command to verify Kerberos authentication. In the following command, the
-k option is required to force the use of Kerberos security:
smbclient -W <Window Domain> -U <user name in domain>
-k //<HP CIFS Server name>/<share> <password for user>
You can connect to the share on the HP CIFS Server if you succeed to run the smbclient
command.
Trust relationships
Trust relationships enable pass-through authentication to users of one domain in another. A trusting
domain permits logon authentication to users of a trusted domain. There are various forms of trusts,
depending on the domain type and Windows 2003/2008 R2 ADS domain trusts differ from NT
Domain trusts. For more information on trusts, consult the MS TechNet papers at http://
technet.microsoft.com. For information on HP CIFS Server trust relationships with NT Domains, see
“Windows style domains” (page 57).
Windows 2003/2008 R2 ADS domain trusts can take many forms. HP CIFS Server can support
some but not all Windows 2003/2008 R2 trusts as described below:
HP CIFS PDCs can support external trusts which include trust relationships established between
CIFS Samba Domains and Windows 2003/2008 R2, including incoming, outgoing, and
two-way trusts.
HP CIFS Member Servers do not support all Windows 2003/2008 R2 ADS domain
intra/inter-forest trusts. Most parent-child and child-child trusts are recognized appropriately
and shortcut trusts are supported. Shortcut trusts can be established explicitly between Windows
2003/2008 R2 ADS domain to ensure HP CIFS Servers recognized forest configurations
where necessary.
Transitive trusts, in which domain A trusts domain B which trusts domain C thereby domain A trusts
domain C, are not respected by HP CIFS Servers.
Establishing external trust relationships between HP CIFS PDCs and Windows 2003
and Windows 2008 domains
To configure the Windows domain controller for the trust relationship with the Samba domain PDC,
perform one of the following procedures as appropriate for the server in your domain.
For a Windows 2003 domain controller, use the Administrative Tools utility to perform the
following steps:
1. From the Start menu, select Programs -> Administrative Tools -> Active
Directory Domains and Trusts.
2. Right click on the desired Active Directory domain name and select Properties.
3. Select the tab Trusts, then click New Trusts. Click Next.
4. Specify the Samba PDC domain name and select Next. The Samba domain name is the
domain name specified in the “workgroup” parameter in smb.conf.
5. Select your choice of trust type, One-way: incoming, One-way: outgoing, or Two-way and
select Next.
78 Windows 2003 and Windows 2008 domains