Manualshelf

HP CIFS Server 3.0f Administrator's Guide verison A.02.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
71727374757677787980
The following is an example of /etc/krb5.conf which has the realm MYREALM.XYZ.COM, and
machine adsdc.myrealm.xyz.com as a KDC:
# Kerberos Configuration #
# #
# This krb5.conf file is intended as an example only. #
# See krb5.conf(4) for more details. #
#
# Please verify that you have created the directory /var/log.#
# #
# Replace MYREALM.XYZ.COM with your kerberos Realm. #
# Replace adsdc.myrealm.xyz.com with your Windows ADS DC full#
# domain name. #
# #
[libdefaults]
default_realm = MYREALM.XYZ.COM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
ccache_type = 2
[realms]
MYREALM.XYZ.COM = {
kdc = adsdc.myrealm.xyz.com:88
admin_server = adsdc.myrealm.xyz.com
}
[domain_realm]
.xyz.com = MYREALM.XYZ.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
NOTE: You must configure the port number :88 after the node name specified for the kdc entry in
the [realms]section. Kerberos v5 uses the port number 88 for the KDC service.
For detailed information on how to configure the /etc/krb5.conf file, refer to the krb5.conf(4)
man page.
3. Run the following commands to verify Kerberos configuration
log in as root
kinit <user> (e.g. Administrator@myrealm.xyz.com) (add user and password to a Windows ADS DC
if necessary)
The possible errors during verification are as follows:
Pre-Authentication Failed means you have typed the password incorrectly.
Clock skew too great means the time on the HP-UX machine is not synchronized with the
Windows domain controller. Execute the date command to reset the date or set TZ=GMT and try
again.
You may see the warning message, kinit: KDC has no support for encryption type
while getting initial credentials. You must change your Administrator password at
least once from the original password that you used for Administrator when installing your Windows
2000/2003 Domain.
Check the content of the /etc/krb5.conf file for syntax or content errors and ensure that port
:88 has been added to the kdc entry in the [Realms] section.
Joining an HP CIFS Server to a Windows 2000/2003 Domain 73