Manualshelf

HP CIFS Server 3.0g Administrator's Guide verison A.02.03.01

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
81828384858687888990
Establishing a Trust Relationship on an HP CIFS Member Server of a Windows
2000/2003 Domain
HP CIFS Servers will not automatically recognize all intra/inter-forest trusts. CIFS member servers
will recognize most parent-child and child-child relationships and shortcut trusts but you may
need to use Windows Administrators Tool Active Directory Domains and Trusts” to
establish explicit shortcut trusts where other trusts are desired.
In order for an HP CIFS Member of a Windows 2000/2003 Domain to recognize trusts established
by its Domain Server, its /etc/krb5.conf file must declare the trusted domains in the
[realms] section (only not [domain_realm]). For example, an HP CIFS member of Windows
2000/2003 Domain, mydom, which trusts trust1dom and trust2dom might have the
/etc/krb5.conf file as follows:
[libdefaults]
default_realm = MYDOM.ORG.HP.COM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
ccache_type = 2
[realms]
MYDOM.ORG.HP.COM = {
kdc = myserv.mydom.org.hp.com:88
admin_server = myserv.mydom.org.hp.com
}
TRUST1DOM.ORG.HP.COM = {
kdc = trust1serv.trust1dom.org.hp.com:88
admin_server = trust1serv.trust1dom.org.hp.com
}
TRUST2DOM.ORG.HP.COM = {
kdc = trust2serv.trust2dom.org.hp.com:88
admin_server = trust2serv.trust2dom.org.hp.com
}
[domain_realm]
.org.hp.com = MYDOM.ORG.HP.COM
[logging]
kdc = FILE:/var/opt/samba/log.krb5kdc
admin_server = FILE:/var/opt/samba/log.kadmin
default = FILE:/var/opt/samba/log.krb5lib
~
82 Windows 2000/2003 Domains