CIFS Server Administrator's Guide Version A.03.02.00 (5900-2578, January 2013)
In order for an HP CIFS Member of a Windows 2003 or Windows 2008 Domain to recognize
trusts established by its Domain Server, its /etc/krb5.conf file must declare the trusted domains
in the [realms] section (only – not [domain_realm]). For example, an HP CIFS member of
Windows 2003/2008 R2 ADS domain, mydom, which trusts trust1dom and trust2dom might
have the /etc/krb5.conf file as follows:
[libdefaults]
default_realm = MYDOM.ORG.HP.COM
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
ccache_type = 2
[realms]
MYDOM.ORG.HP.COM = {
kdc = myserv.mydom.org.hp.com:88
admin_server = myserv.mydom.org.hp.com
}
TRUST1DOM.ORG.HP.COM = {
kdc = trust1serv.trust1dom.org.hp.com:88
admin_server = trust1serv.trust1dom.org.hp.com
}
TRUST2DOM.ORG.HP.COM = {
kdc = trust2serv.trust2dom.org.hp.com:88
admin_server = trust2serv.trust2dom.org.hp.com
}
[domain_realm]
.org.hp.com = MYDOM.ORG.HP.COM
[logging]
kdc = FILE:/var/opt/samba/log.krb5kdc
admin_server = FILE:/var/opt/samba/log.kadmin
default = FILE:/var/opt/samba/log.krb5lib
~
80 Windows 2003 and Windows 2008 domains