HP CIFS Server 3.0f Administrator's Guide verison A.02.03

subsection of the

"Installing LDAP-UX Client Services

" chapter in

LDAP-UX Client Services B.03.20

Administrator's Guide

http://docs.hp.com

If the LDAP-UX client services has already been set up, modify the authenticationMethod and

preferredServerList attributes in the /etc/opt/ldapux/ldapux_profile file as follows:

• Modify the authenticationMethod attribute to add the transport layer security authentication

method, tls:, in front of the original authentication method, simple.

For example, without SSL enabled, the original authenticationMethod entry is

authenticationMethod: simple. With SSL enabled, the authenticationMethod entry will be

authenticationMethod: tls:simple.

• Modify the preferredServerList attribute to change the regular LDAP port number, 389, to

the SSL port number, 636.

For example, without SSL enabled, the original preferredServerList entry is

preferredServerList: 1.2.5.20:389. With SSL enabled, the preferredServerList entry will be

preferredServerList: 1.2.5.20:636.

Configuring HP CIFS Server to enable SSL

Configure the following smb.conf parameters to enable SSL:

• For HP CIFS Server A.02.* versions, set the following parameter in the [Global] section of the smb.conf

file:

passwd backend = ldapsam:ldaps://<directory server name>

Where <directory server name> is the fully qualified name of the target directory server.

• HP CIFS Server A.02.03 or later supports the start_tls option to the ldap_ssl parameter. To

enable SSL connections to the directory server, set the following parameters one of the two ways shown

below in the [Global] section of the smb.conf file:

To use the SSL port 636 set:

ldap ssl = yes

ldap port = 636

If you choose to use the Start TLS option with port 389 set:

ldap ssl = start_tls

ldap port = 389

For detailed information on how to enable SSL on the HP CIFS Server, see “LDAP Configuration Parameters”.

Enabling Secure Sockets Layer (SSL) 87