HP CIFS Server 3.0f Administrator's Guide verison A.02.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

131

132

133

134

135

136

137

138

139

140

HP CIFS Server uses Kerberos security in a Windows Unified Domain setup. For more information on how

to join an HP CIFS Server to a Windows 200x Domain using Kerberos security, see Chapter 5 “Windows

2000/2003 Domains”.

Setting up the Unified Domain Model

You need to set up and configure the following components to deploy an Unified Domain Model using

Windows Services For UNIX (SFU):

• Windows 2000 or 2003 domain controller with Active Directory Service (ADS)

• LDAP-UX Integration software B.03.20 or later on HP CIFS member servers

• SFU 3.5 on Windows 2000 or 2003 Domain Controller

• Install, Configure and Join the HP CIFS Server to the SFU enabled Windows 200x domain. See

Chapter 5 “Windows 2000/2003 Domains” for details on configuting and joining the HP CIFS Server

to the Windows domain.

Setting up LDAP-UX Client Services on an HP CIFS Server

In the Unified domain model, you integrate HP CIFS domain member servers with the Windows 200x ADS

to centralize managemnt of user accounts databases. You must install the HP LDAP-UX integration software

B.03.20 or later, and configure the LDAP-UX client.This permits the consolidation of Posix and Windows

user accounts on the ADS directory.

You also need to configure the /etc/krb5.conffile to authenticate users using Kerberos.

Installing and Configuring LDAP-UX Client Services on an HP CIFS Server

The following summarizes major steps you need to take to install and configure an LDAP-UX Client Services.

For detailed instructions on how to install and configure LDAP-UX Client Services to work with Windows

2000 ADS, refer to chapter 2, "Installing LDAP-UX Client Services" in

LDAP-UX Client Services with Microsoft

Windows 2000 Active Directory Server Administrator's Guide

, available at

http://docs.hp.com

1. Install LDAP-UX Client Services on each HP CIFS member server.

2. Migrate your supported name service data to the directory. Refer to the section, "Importing Name Serice

Data into Your Directory" in

LDAP-UX Client Services with Microsoft Windows 2000 Active Directory

Server Administrator's Guide

, available at

http://docs.hp.com

3. Run the setup program to configure LDAP-UX Client Services on a client system. Setup does the following

for you:

• Extends your Active Directory schema with the configuration profile schema, if not already done.

• Creates a start-up file on the client. This enables each client to download the configuration profile.

• Creates a configuration profile of directory access information in the directory, to be shared by a

group of (or possibly all) clients.

• Downloads the configuration profile from the directory to the client.

• Starts the product daemon, ldapclientd.

4. Modify the files /etc/pam.conf and /etc/nsswitch.conf on the client to specify Kerberos

authentication and LDAP name service, respectively.

Configuring /etc/krb5.conf to Authenticate Using Kerberos

On your HP CIFS Server, you need to create the Kerberos configuration file, /etc/krb5.conf, which

specifies the default realm, the location of a Key Distribution Center (KDC) server and the logging file names.

The Kerberos client depends on the configuration to locate the realm's KDC. The following is an example

of /etc/krb5.conf which has the realm CIFSW2KSFU.ORG.HP.COM, and machine hostA.org.hp.com

as a KDC:

[libdefaults]

default_realm = CIFSW2KSFU.ORG.HP.COM #Samba Domain

default_tkt_enctypes = DES-CBC-CRC

default_tgs_enctypes = DES-CBC-CRC

ccache_type = 2

Unified Domain Model 137