HP CIFS Server 3.0g Administrator's Guide verison A.02.03.01

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

You can connect to the share on the HP CIFS Server if you succeed to run the smbclient

command.

Trust Relationships

Trust relationships enable pass-through authentication to users of one domain in another. A

trusting domain permits logon authentication to users of a trusted domain. There are various

forms of trusts, depending on the domain type and Windows 2000/2003 Domain trusts differ

from NT Domain trusts. For more information on trusts, consult the MS TechNet papers at

http://technet.microsoft.com. For information on HP CIFS Server trust relationships with NT

Domains, see Chapter 4 “NT Style Domains”.

Windows 2000/2003 Domain trusts can take many forms. HP CIFS Server can support some but

not all Windows 2000/2003 trusts as described below:

• HP CIFS PDCs can support external trusts which include trust relationships established

between CIFS Samba Domains and Windows 2000/2003, including incoming, outgoing, and

two-way trusts.

• HP CIFS Member Servers do not support all Windows 2000/2003 Domain intra/inter-forest

trusts. Most parent-child and child-child trusts are recognized appropriately and shortcut

trusts are supported. Shortcut trusts can be established explicitly between Windows 2000/2003

domains to ensure HP CIFS Servers recognized forest configurations where necessary.

Transitive trusts, in which domain A trusts domain B which trusts domain C thereby domain A

trusts domain C, are not respected by HP CIFS Servers.

Establishing External Trust Relationships between HP CIFS PDCs and Windows

2000/2003 Domains

To configure the Windows domain controller for the trust relationship with the Samba domain

PDC, perform one of the following procedures as appropriate for the server in your domain.

For an Windows 2000 domain controller, use the Administrative Tools utility to perform

the following steps:

1. From the Start menu, select Programs -> Administrative Tools -> Active

Directory Domains and Trusts

2. Right click on the desired Windows domain name, and select Properties

3. Select the tab Trusts

4. Perform one of the following actions as desired:

• To add Windows 2000 as a trusting domain, click the Add button next to the box titled

“Domains trusted by this domain”. For “Trusted Domain”, enter the Samba

PDC domain name. The Samba domain name is the domain name specified in the

“workgroup” parameter of smb.conf. Enter and confirm the trust password and select

OK.

• To add Windows 2000 as a trusted domain, click the Add button next to the box titled

“Domains that trust this domain”. For “Trusting Domain”, enter the Samba

PDC domain name. Enter and confirm the trust password and select OK.

5. When prompted, review the confirmation and select Yes.

6. Enter the administrator name and password.

7. Select Finish, and then OK.

For an Windows 2003 domain controller, use the Administrative Tools utility to perform

the following steps:

1. From the Start menu, select Programs -> Administrative Tools -> Active

Directory Domains and Trusts.

2. Right click on the desired Active Directory domain name and select Properties.

80 Windows 2000/2003 Domains