HP CIFS Server 3.0i Administrator's Guide version A.02.03.03
1. Add the default_keytab_name parameter with the WRFILE attribute in the
/etc/krb5.conf file. HP-UX Kerberos Client version 1.3.5 is required for WRFILE.
An example of /etc/krb5.conf for HP CIFS Server keytab creation is as follows:
# Kerberos configuration
[libdefaults]
default_realm = MYREALM.HP.COM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
default_keytab_name = "WRFILE:/etc/krb5.keytab"
[realms]
MYREALM.HP.COM = {
kdc = HPWIN2K4.MYREALM.HP.COM:88
admin_server = HPWIN2K4.MYREALM.HP.COM
}
[domain_realm]
.hp.com = MYREALM.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
2. Run the net ads keytab create -U administrator command to generate an
/etc/krb5.keytab file.
3. To configure the HP CIFS Server to read /etc/krb5.keytab, set the use kerberos
keytab parameter in /etc/opt/samba/smb.conf to yes.
An example of /etc/opt/samba/smb.confis as follows:
[global]
workgroup = MYREALM
realm = MYREALM.HP.COM
netbios name = atcux5
server string = Samba Server
interfaces = 15.43.214.58
bind interfaces only = Yes
security = ADS
password server = HPATCWIN2K4.MYREALM.HP.COM
use kerberos keytab = yes
4. Validate your configuration by starting the HP CIFS Server, logging on to the domain with
clients, and mounting an HP CIFS share.
Now the HP CIFS Server can authorize the Windows client to access the server share, using
Kerberos in the Windows domain and the keytab file on the HP CIFS Server. However, an
HP-UX Internet Services user cannot gain system access using Kerberos with the system in
this state.
126 Kerberos Support