Manualshelf

HP CIFS Server 3.0g Administrator's Guide verison A.02.03.01

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
71727374757677787980
The Kerberos v5 Client product requires that you install the patches on your HP-UX 11i v1 and
v2 systems. Refer to HP CIFS Server 3.0d Release Notes version A.02.02 for detailed patch information.
For the latest LDAP Integration software, download the product from the following web site:
http://www.hp.com/go/softwaredepot
Enter LDAP-UX Integration for HP-UX in the search field.
Joining an HP CIFS Server to a Windows 2000/2003 Domain
HP CIFS Server only supports the following Kerberos encryption types:
DES-CBC-MD5
DES-CBC-CRC
RC4-HMAC
You must configure one of these encryption types in the /etc/krb5.conf file as shown below.
HP recommends you set the encrption type to DES-CBC-MD5 in /etc/krb5.conf unless you
have other kerberos enabled applications on the HP server that require one of the other supported
encryption types.
WARNING! Do not add your machine name to the ADS Server with the Windows Server
Manager.
If your machine has already been added to the ADS with the Windows Server Manager GUI,
you may simply use Window Server Manager to delete the machine account. Then, follow the
instructions to run the "kinit" and "net ads join" commands as described below in
“Step-by-step Procedure”.
Another way to resolve this problem is to *AND* the "userAccountControl" attribute value
for the CIFS member server with the ADS_UF_USE_DES_KEY_ONLY (2097152 or 0x2000000) flag
in the ADS. This can be accomplished by using the "adsiedit.msc" tool from the Windows 2000
or 2003 CD or using the ldapmodify command.
NOTE: If an HP CIFS Server is currently joined to the domain as a pre-Windows 2000 member
server, please first remove the server from the domain before adding an HP CIFS Server to a
Windows domain as a ADS member server.
Configuration Parameters
The following is a description of the smb.conf paramters shown in “Step-by-step Procedure”:
realm This parameter specifies the name of the ADS kerberos realm which
has the fully qualified domain name. It must be set the same as the
kerberos realm value in krb5.conf.
workgroup This parameter specifies the name of domain in which the HP CIFS
Server is a domain member server.
security When the HP CIFS Server joins to Windows 2000/2003 native mode
domain as a member server, you must set this parameter to ADS.
password server This parameter defines the NetBIOS name or IP address of the
Windows ADS PDC machine that performs the user name
authentication and validation. The default setting of this parameter
is *. If set to the character *, then Samba will attempt to automatically
locate the Primary Domain Controllers.
encrypt passwords
It is an optional parameter. If this parameter is set to yes, the
passwords used to authenticate users are encrypted. The default
value is yes.
76 Windows 2000/2003 Domains