HP CIFS Server 3.0f Administrator's Guide verison A.02.03
# Kerberos configuration
[libdefaults]
default_realm = MYREALM.HP.COM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
default_keytab_name = "WRFILE:/etc/krb5.keytab"
[realms]
MYREALM.HP.COM = {
kdc = HPWIN2K4.MYREALM.HP.COM:88
admin_server = HPWIN2K4.MYREALM.HP.COM
}
[domain_realm]
.hp.com = MYREALM.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
2. Run the net ads keytab create -U administrator command to generate an
/etc/krb5.keytab file.
3. To configure the HP CIFS Server to read /etc/krb5.keytab, set the use kerberos keytab
parameter in /etc/opt/samba/smb.conf to yes.
An example of /etc/opt/samba/smb.confis as follows:
[global]
workgroup = MYREALM
realm = MYREALM.HP.COM
netbios name = atcux5
server string = Samba Server
interfaces = 15.43.214.58
bind interfaces only = Yes
security = ADS
password server = HPATCWIN2K4.MYREALM.HP.COM
use kerberos keytab = yes
4. Validate your configuration by starting the HP CIFS Server, logging on to the domain with clients, and
mounting an HP CIFS share.
Now the HP CIFS Server can authorize the Windows client to access the server share, using Kerberos
in the Windows domain and the keytab file on the HP CIFS Server. However, an HP-UX Internet Services
user cannot gain system access using Kerberos with the system in this state.
118 Kerberos Support