Manualshelf

HP CIFS Server 3.0g Administrator's Guide verison A.02.03.01

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
919293949596979899100
For detailed instructions on how to install Certification Authority's certificate on your
LDAP-UX client system, see "Configuring LDAP Clients to Use SSL" section of the "Installing
LDAP-UX Client Services" chapter in LDAP-UX Client Services B.03.20 Administrator's Guide
at http://docs.hp.com
2. Configure the LDAP-UX client services to use SSL by running the setup program. For
detailed instructions on how to run the setup program to enable SSL on LDAP-UX client
services, see " Custom Configuration" subsection of the "Installing LDAP-UX Client Services"
chapter in LDAP-UX Client Services B.03.20 Administrator's Guide at http://docs.hp.com.
If the LDAP-UX client services has already been set up, modify the authenticationMethod
and preferredServerList attributes in the /etc/opt/ldapux/ldapux_profile file
as follows:
Modify the authenticationMethod attribute to add the transport layer security
authentication method, tls:, in front of the original authentication method, simple.
For example, without SSL enabled, the original authenticationMethod entry is
authenticationMethod: simple. With SSL enabled, the authenticationMethod entry
will be authenticationMethod: tls:simple.
Modify the preferredServerList attribute to change the regular LDAP port number,
389, to the SSL port number, 636.
For example, without SSL enabled, the original preferredServerList entry is
preferredServerList: 1.2.5.20:389. With SSL enabled, the preferredServerList entry
will be preferredServerList: 1.2.5.20:636.
Configuring HP CIFS Server to enable SSL
Configure the following smb.conf parameters to enable SSL:
For HP CIFS Server A.02.* versions, set the following parameter in the [Global] section of
the smb.conf file:
passwd backend = ldapsam:ldaps://<directory server name>
Where <directory server name> is the fully qualified name of the target directory server.
HP CIFS Server A.02.03 or later supports the start_tls option to the ldap_ssl parameter.
To enable SSL connections to the directory server, set the following parameters one of the
two ways shown below in the [Global] section of the smb.conf file:
To use the SSL port 636 set:
ldap ssl = yes
ldap port = 636
If you choose to use the Start TLS option with port 389 set:
ldap ssl = start_tls
ldap port = 389
For detailed information on how to enable SSL on the HP CIFS Server, see “LDAP Configuration
Parameters”.
Enabling Secure Sockets Layer (SSL) 93