Manualshelf

HP CIFS Server 3.0g Administrator's Guide verison A.02.03.01

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
71727374757677787980
Consult “Installing LDAP-UX Client Services on an HP CIFS Serverin Chapter 6, "LDAP
Integration Support" if necessary.
2. On your HP CIFS Server, you need to create the Kerberos configuration file,
/etc/krb5.conf, which specifies the default realm, the location of a Key Distribution
Center (KDC) server and the logging file names. The Kerberos client depends on the
configuration to locate the realm's KDC.
If there is no /etc/krb5.conf file in existence at the time that
/opt/samba/bin/samba_setup is run, samba_setup will attempt to create and validate
an appropriately configured krb5.conf file based on the answers to the questions asked
when 'ads member server' is chosen.
The following is an example of /etc/krb5.conf which has the realm MYREALM.XYZ.COM,
and machine adsdc.myrealm.xyz.com as a KDC:
# Kerberos Configuration #
# #
# This krb5.conf file is intended as an example only. #
# See krb5.conf(4) for more details. #
#
# Please verify that you have created the directory /var/log.#
# #
# Replace MYREALM.XYZ.COM with your kerberos Realm. #
# Replace adsdc.myrealm.xyz.com with your Windows ADS DC full#
# domain name. #
# #
[libdefaults]
default_realm = MYREALM.XYZ.COM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
ccache_type = 2
[realms]
MYREALM.XYZ.COM = {
kdc = adsdc.myrealm.xyz.com:88
admin_server = adsdc.myrealm.xyz.com
}
[domain_realm]
.xyz.com = MYREALM.XYZ.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
NOTE: You must configure the port number :88 after the node name specified for the kdc
entry in the [realms]section. Kerberos v5 uses the port number 88 for the KDC service.
For detailed information on how to configure the /etc/krb5.conf file, refer to the
krb5.conf(4) man page.
3. Run the following commands to verify Kerberos configuration
log in as root
kinit <user> (e.g. Administrator@myrealm.xyz.com) (add user and password to a Windows
ADS DC if necessary)
78 Windows 2000/2003 Domains