HP CIFS Server 3.0b Administrator's Guide version A.02.01.01

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

221

222

223

224

225

226

227

228

229

230

HP CIFS Deployment Models

Uniﬁed Domain Model

Chapter 9 213

Conﬁguring /etc/krb5.conf to Authenticate Using Kerberos

On your HP CIFS Server, you need to create the Kerberos conﬁguration

ﬁle, /etc/krb5.conf, which speciﬁes the default realm, the location of a

Key Distribution Center (KDC) server and the logging ﬁle names. The

Kerberos client depends on the conﬁguration to locate the realm’s KDC.

The following is an example of /etc/krb5.conf which has the realm

CIFSW2KSFU.CUP.HP.COM, and machine hostA.cup.hp.com as a KDC:

[libdefaults]

default_realm = CIFSW2KSFU.CUP.HP.COM #Samba Domain

default_tkt_enctypes = DES-CBC-CRC

default_tgs_enctypes = DES-CBC-CRC

ccache_type = 2

[realms]

CIFSW2KSFU.CUP.HP.COM = {

kdc = hostA.cup.hp.com:88

admin_server = hostA.cup.hp.com

}

[domain_realm]

.cup.hp.com = CIFSW2KSFU.CUP.HP.COM

[logging]

kdc = FILE: /var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmin.log

default = FILE:/var/opt/KRB5lib.log

Installing SFU 3.5 on a Window 2000 or 2003 Domain

Controller

POSIX accounts have some attributes, such as user ID, login shell, and

home directory, which are not used by Windows 2000 or 2003. To use

Active Directory as a data repository for HP-UX users, you must install

SFU Version 3.5 on a Windows 2000 or 2003 doman controller. SFU is

used to extend the Active Directory schema to include the POSIX

schema. For detailed installation instructions for SFU 3.5, refer to

Chapter 2 “Installing LDAP-UX Client Services”, in LDAP-UX Client

Services with Windows 2000 Active Directory Server Administrator’s

Guide, available at http://docs.hp.com.

For more information on SFU, refer to the Microsoft web site at

http://www.microsoft.com/windows2000/sfu/.