HP CIFS Server 3.0i Administrator's Guide version A.02.03.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

121

122

123

124

125

126

127

128

129

130

Components for Kerberos Configuration

The following is a list of the various components that are necessary to configure HP CIFS Server

for Kerberos authentication:

• HP CIFS Server: Version A.02.01 and later (Based upon Samba 3.0.7 and later)

• HP-UX 11i v1 or HP-UX 11i v2

• HP-UX Kerberos Client

— Version 1.3.5 (required for newer Windows 2000/2003 versions, keytab feature)

• Patches required for HP-UX Kerberos Client version 1.3.5 for HP-UX 11i v1 are shown in

table 8-1. For HP-UX 11i v2, you must install patches listed in table 8-2.

Table 8–1 shows below:

Table 8-1 Required Patches on HP-UX 11i v1

DescriptionPatch Number

libc cumulative patch.PHCO_24400

libc cumulative header file patch.PHCO_24402

libnsss_dns DNS backend patch.PHNE_27796

GSS-API version 1.0 cumulative patch.PHSS_29487

KRB5-Client version 1.0 cumulative patch.PHSS_33384

Table 8–2 shows below:

Table 8-2 Required Patch on HP-UX 11i v2

DescriptionPatch Number

KRB5-Client version 1.0 cumulative patch.PHSS_33389

You can download patches from the IT Resource Center (ITRC) patch and firmware database

available on the following web site:[LINEBREAK] http://itrc.hp.com/

• Service Pack 1 is recommended for Windows 2003, and required for interoperation with

HP-UX Kerberos Client 1.3.5.03

• HP-UX LDAP-UX Integration product

• Windows 2000/2003 Server domain

• Windows 2000 or XP Client

Configuring kerb5.keytab

Here are the required components to configure HP CIFS Server with HP-UX Internet Services

co-existence:

• HP-UX Kerberos Client version 1.3.5 or newer

• /etc/krb5.conf file

• /etc/opt/samba/smb.conf file

• /etc/krb5.keytab file

• net ads keytab create command

The first task is to configure HP CIFS Server for Kerberos authentication and join it to a Windows

domain. This configuration will disable HP-UX Internet Services access to the HP-UX system

temporarily until all the configuration steps are completed.

Use the following steps to generate a valid keytab file and to configure an HP CIFS Server to

access the keytab file:

HP-UX Kerberos Application Co-existence 125