Manualshelf

CIFS Server Administrator's Guide Version A.03.02.00 (5900-2578, January 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
71727374757677787980
6. Enter and confirm the trust password.
7. Review and select Next.
8. Select Yes and select Next, two more times.
9. Select Finish and then OK.
NOTE: Windows Server 2003 Service Pack 1 (SP1) may require the RestrictAnonymous
registry subkey to be set to 0 and the value of the RestrictNullSessAccess registry subkey
also to be set to 0. Run regedit from the start button and find RestrictNullSessAccess
under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ LanmanServer\
Parameters. For more details, refer to “trusts RestrictNullSessAccess” on the Microsoft TechNet
at http://technet.microsoft.com.
Alternatively, if you do not want to change the registry on Windows Server 2003 Service Pack 1
(SP1), you can use the --set-auth-user option of the wbinfo command to set a domain user
account and password for the winbind service. Using this option enables the winbind service to
authenticate itself with a valid domain user account while accessing the user and group information
from the Windows 2003 Server.
To create the corresponding configuration of the Samba domain PDC for two way trust relationship
with the Windows domain, logon as root and execute the following steps:
1. Run the following command to start the winbind daemon:
startsmb -winbind
2. Add a trust account for the trusting Windows domain to /etc/passwd. Add the trusting
domain name with the “$” using the useradd command.
For example, the following command adds a trust account for the trusting Windows domain
name, windomainA, to /etc/passwd:
useradd windomainA$
Due to the maximum name length of 8 for the useradd command, you may need to edit
/etc/passwd to add the trusting Windows domain name account.
3. Run smbpasswd to add a trusting Windows domain Samba account to your trusted Samba
domain database and create a password for the trusting account. Use the same trusting
Windows domain name specified in step 1. This password is used by the trusting Windows
domain when it establishes the trust relationship.
For example, the following command adds the trusting Windows domain account,
windomainA, to the Samba domain database:
smbpasswd -a -i windomainA$
4. Run net rpc trustdom to establish the trust with the trusted Windows domain.
For example, the following command is used to establish the trust relationship with the trusted
windows domain name, windomainA:
net rpc trustdom establish windomainA
S <ADS domain controller server name> U windomainA\\Administrator%pw
5. Use the following command to verify the trust relationship:
net rpc trustdom list -U root/%pw
Establishing a trust relationship on an HP CIFS member server of a Windows 2003
or Windows 2008 domain
HP CIFS Servers will not automatically recognize all intra/inter-forest trusts. CIFS member servers
will recognize most parent-child and child-child relationships and shortcut trusts but you may need
to use Windows Administrators Tool Active Directory Domains and Trusts to establish
explicit shortcut trusts where other trusts are desired.
Trust relationships 79