Manualshelf

HP CIFS Server 3.0d Administrator's Guide version A.02.02 (Edition 5)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
111112113114115116117118119120
Windows 2000/2003 Domains
Joining an HP CIFS Server to a Windows 2000/2003 Domain
Chapter 5 105
Joining an HP CIFS Server to a Windows
2000/2003 Domain
HP CIFS Server only supports the following Kerberos encryption types:
DES-CBC-MD5
DES-CBC-CRC
RC4-HMAC
You must configure one of these encryption types in the /etc/krb5.conf
file as shown below. HP recommends you set the encrption type to
DES-CBC-MD5 in /etc/krb5.conf unless you have other kerberos
enabled applications on the HP server that require one of the other
supported encryption types.
WARNING Do not add your machine name to the ADS Server with the
Windows Server Manager.
If your machine has already been added to the ADS with the Windows
Server Manager GUI, you may simply use Window Server Manager to
delete the machine account. Then, follow the instructions to run the
"kinit" and "net ads join" commands as described below in
“Step-by-step Procedure” on page 106.
Another way to resolve this problem is to *AND* the
"userAccountControl" attribute value for the CIFS member server with
the ADS_UF_USE_DES_KEY_ONLY (2097152 or 0x2000000) flag in the ADS.
This can be accomplished by using the "adsiedit.msc" tool from the
Windows 2000 or 2003 CD or using the ldapmodify command.
NOTE If an HP CIFS Server is currently joined to the domain as a pre-Windows
2000 member server, please first remove the server from the domain
before adding an HP CIFS Server to a Windows domain as a ADS
member server.