HP CIFS Server 3.0d Administrator's Guide version A.02.02 (Edition 5)
Windows 2000/2003 Domains
Joining an HP CIFS Server to a Windows 2000/2003 Domain
Chapter 5108
NOTE You must configure the port number :88 after the node name specified for
the kdc entry in the [realms] section. Kerberos v5 uses the port
number 88 for the KDC service.
For detailed information on how to configure the /etc/krb5.conf file,
refer to the krb5.conf(4) man page.
Step 3. Run the following commands to verify Kerberos configuration
log in as root
kinit <user> (e.g. Administrator@myrealm.xyz.com)
(add user and password to a Windows ADS DC if necessary)
The possible errors during verification are as follows:
• Pre-Authentication Failed means you have typed the password
incorrectly.
• Clock skew too great means the time on the HP-UX machine is
not synchronized with the Windows domain controller. Execute the
date command to reset the date or set TZ=GMT and try again.
• You may see the warning message, kinit: KDC has no support
for encryption type while getting initial credentials.You
must change your Administrator password at least once from the
original password that you used for Administrator when installing
your Windows 2000/2003 Domain.
• Check the content of the /etc/krb5.conf file for syntax or content
errors and ensure that port :88 has been added to the kdc entry in
the [Realms] section.
Step 4. Use the following procedures to configure the HP CIFS Server:
• For new installations, you can run /opt/samba/bin/samba_setup
and choose ADS Member Server.
For new installations, finish samba_setup commands and verify the
following smb.conf configuration items. samba_setup will then
perform the “net ads join -U Administrator%password”
command to join the ADS domain for you.