Manualshelf

HP CIFS Server 3.0g Administrator's Guide verison A.02.03.01

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
81828384858687888990
3. Select the tab Trusts, then click New Trusts. Click Next.
4. Specify the Samba PDC domain name and select Next. The Samba domain name is the
domain name specified in the “workgroup” parameter in smb.conf.
5. Select your choice of trust type, One-way: incoming, One-way: outgoing, or Two-way and
select Next.
6. Enter and confirm the trust password.
7. Review and select Next.
8. Select Yes and select Next, two more times.
9. Select Finish and then OK.
NOTE: Windows Server 2003 Service Pack 1 (SP1) may require the RestrictAnonymous
registry subkey to be set to 0 and the value of the RestrictNullSessAccess registry subkey
also to be set to 0. Run regedit from the start button and find RestrictNullSessAccess
under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
LanmanServer\Parameters. For more details, refer to “trusts RestrictNullSessAccess” on the
Microsoft TechNet at http://technet.microsoft.com.
To create the corresponding configuration of the Samba domain PDC for two way trust
relationship with the Windows domain, logon as root and execute the following steps:
1. Run the following command to start the winbind daemon:
startsmb -winbind
2. Add a trust account for the trusting Windows domain to /etc/passwd. Add the trusting
domain name with the “$” using the useradd command.
For example, the following command adds a trust account for the trusting Windows domain
name, windomainA, to /etc/passwd:
useradd windomainA$
Due to the maximum name length of 8 for the useradd command, you may need to edit
/etc/passwd to add the trusting Windows domain name account.
3. Run smbpasswd to add a trusting Windows domain Samba account to your trusted Samba
domain database and create a password for the trusting account. Use the same trusting
Windows domain name specified in step 1. This password is used by the trusting Windows
domain when it establishes the trust relationship.
For example, the following command adds the trusting Windows domain account,
windomainA, to the Samba domain database:
smbpasswd -a -i windomainA$
4. Run net rpc trustdom to establish the trust with the trusted Windows domain.
For example, the following command is used to establish the trust relationship with the
trusted windows domain name, windomainA:
net rpc trustdom establish windomainA
S <ADS domain controller server name> U windomainA\\Administrator%pw
5. Use the following command to verify the trust relationship:
net rpc trustdom list -U root/%pw
Trust Relationships 81