Manualshelf

HP CIFS Server 3.0f Administrator's Guide verison A.02.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
61626364656667686970
the domain type and Windows 2000/2003 Domain trusts differ from NT Domain trusts. For more information
on trusts, consult the MS TechNet papers at http://technet.microsoft.com. For information on HP CIFS Server
trust relationships with Windows 2000/2003, see Chapter 5 “Windows 2000/2003 Domains”.
HP CIFS Server supports the following external trust relationships with NT Style Domains:
HP CIFS PDCs support external trusts between a Samba and an NT Domain. A CIFS Samba Domain
may be a trusting, trusted, or bi-directional trust (both trusting and trusted or “two way") domain with
an NT Domain.
HP CIFS PDCs support trusts between Samba Domains. A Samba Domain may be a trusting, trusted,
or bi-directional trust domain with another Samba Domain.
HP CIFS Member Servers of either a Samba Domain or an NT Domain will respect the trust relationships
established by their domain controller.
Transitive trusts, in which domain A trusts domain B which trusts domain C thereby domain A trusts domain
C, are not respected by HP CIFS Servers.
Configuring smb.conf for Trusted Users
HP CIFS Server requires an HP-UX local logon for all Samba users. Therefore, even a trusted Samba user
from another domain needs a matching local POSIX user. To allow POSIX users to be added on-the-fly, set
the add user script smb.conf configuration parameter. For Example,
add user script = /usr/sbin/useradd -g users -c "Auto_Account" \
-s /bin/false %u
Establishing a Trust Relationship on an HP CIFS PDC With Another Samba Domain
This section decribes the procedures used to establish a trust relationship on an HP CIFS PDC with anther
Samba Domain.
Logon as root and execute the following steps on the trusted domain PDC:
1. Add a trust account for the trusting domain to /etc/passwd. Add the domain name with the "$" using
useradd command as follows:
$ useradd <trusting domain name>$
Due to the maximum name length of 8 for the useradd command, you may need to edit /etc/passwd
to add the trusting domain name account.
2. Run smbpasswd to add a trusting domain Samba account to your trusted domain backend database
and create a password for the trusting account. This password is used by the trusting domain when it
establishes the trust relationship.
$ smbpasswd -a -i <trusting domain name>
Logon as root and execute the following steps on the trusting domain PDC:
Run net rpc trustdom to establish the trust and type the passoword that was created with the
smbpasswd command on the trusted domain PDC.
$ net rpc trustdom establish <trusted domain name>
Establishing a Trust Relationship on an HP CIFS PDC With an NT Domain
Trusting an NT Domain from a Samba Domain
Use the following steps to trust an NT domain from a Samba Domain:
1. On the NT domain controller, run the User Manager utility. Go to policies/trust relationship, add the
trusting Samba domain account for CIFS Server and establish a password.
2. Logon as root on the trusting Samba Domain PDC. Run net rpc trustdom to establish the trust
and type the password that was created with the User Manager utility on the trusted NT Domain PDC.
$ net rpc trustdom establish <trusted domain name>
68 NT Style Domains