Manualshelf

HP CIFS Server 3.0g Administrator's Guide verison A.02.03.01

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
71727374757677787980
5 Windows 2000/2003 Domains
Introduction
This chapter describes the process for joining an HP CIFS Server to a Windows 2000/2003 Domain
as an ADS Member Server. To join as a pre-Windows 2000 computer, see “Domain Member
Serverin Chapter 4, "NT Style Domains".
By default configuration, Windows 2000/2003 Servers utilize the Kerberos authentication protocol
for increased security. By joining an HP CIFS Server to the Windows 2000/2003 ADS domain as
a Member Server, HP CIFS Server can also participate in the increased security. The HP-UX
Kerberos Client software and LDAP-UX Integration software are required to enable HP CIFS
Server Windows 2000/2003 ADS domain member capability.
This chapter describes instructions for joining an HP CIFS Server to a Windows 2000/2003 ADS
Domain. For detailed information about Kerberos, see Chapter 8 “Kerberos Support” and white
paper, "HP CIFS Server and Kerberos" available at the following web site:
http://docs.hp.com/en/netcom.html#CIFS%20%28Common%20Internet%20File%20System%29
For detailed information about LDAP, see Chapter 6 “LDAP Integration Support”.
HP CIFS and Other HP-UX Kerberos Applications Co-existence
Because the HP CIFS Server stores the Kerberos secret key in
/var/opt/samba/private/secrets.tdb by default, the standard CIFS Kerberos
configuration can only be used by HP CIFS Server users. If other HP-UX applications use the
/etc/krb5.keytab file, a mismatch of keys occurs resulting in failure for CIFS or the other
applications depending upon which key is the latest. Moreover, HP-UX Internet Services users
cannot use system Kerberos libraries to access system resources because of a mismatch in Kerberos
libraries on the system. The Internet Services (IS) suite utilizes its own Kerberos library set which
is delivered with the Internet Services product.
If you wish to use Kerberos in your network for other products as well as HP CIFS Server, you
may generate an /etc/krb5.keytab file from an HP CIFS Server and configure HP CIFS Server
to access the secret key from the /etc/krb5.keytab file instead of the
/var/opt/samba/private/secrets.tdb file. This feature provides Kerberos interoperability between
HP CIFS Server users and HP-UX Internet Services users. See Chapter 8 “Kerberos Support”, for
proper configuration.
HP-UX Kerberos Client Software and LDAP Integration Software
Dependencies
Kerberos v5 Client with version 1.3.5 or later is required to support HP CIFS Server integration
with a Windows 2003 ADS Domain Controller (DC). Kerberos Client version 1.0 was originally
bundled on HP-UX 11i v1 and v2.
The following lists HP-UX Kerberos Client software dependencies:
Kerberos Client version 1.3.5 or later is required for keytab file support.
Kerberos Client version 1.3.5 or later is required for the encryption type RC4-HMAC support.
Kerberos Client version 1.3.5.03 requires Service Pack 1 on Windows 2003.
You can download the Kerberos v5 Client (KRB5CLIENT) product from the following Software
Depot web site:
http://www.hp.com/go/softwaredepot
Enter KRB5CLIENT in the search field.
Introduction 75