Manualshelf

HP CIFS Server 3.0k Administrator's Guide version A.02.04

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
71727374757677787980
5 Windows 2003 and Windows 2008 Domains
Introduction
This chapter describes the process for joining an HP CIFS Server to a Windows 2003 or Windows
2008 Domain as an ADS Member Server. To join as a pre-Windows 2000 computer, see “Domain
Member Serverin Chapter 4, "NT Style Domains".
By default configuration, Windows 2003 and Windows 2008 Servers utilize the Kerberos
authentication protocol for increased security. By joining an HP CIFS Server to the Windows
2003 and Windows 2008 ADS domain as a Member Server, HP CIFS Server can also participate
in the increased security. The HP-UX Kerberos Client software and LDAP-UX Integration software
are required to enable HP CIFS Server Windows 2003 and Windows 2008 ADS domain member
capability.
This chapter describes instructions for joining an HP CIFS Server to a Windows 2003 and Windows
2008 ADS Domain. For detailed information about Kerberos, see Chapter 8 “Kerberos Support
and white paper, "HP CIFS Server and Kerberos" available at the following web site:
http://docs.hp.com/en/netcom.html#CIFS%20%28Common%20Internet%20File%20System%29
For detailed information about LDAP, see Chapter 6 “LDAP Integration Support”.
HP CIFS and Other HP-UX Kerberos Applications Co-existence
Because the HP CIFS Server stores the Kerberos secret key in
/var/opt/samba/private/secrets.tdb by default, the standard CIFS Kerberos
configuration can only be used by HP CIFS Server users. If other HP-UX applications use the
/etc/krb5.keytab file, a mismatch of keys occurs resulting in failure for CIFS or the other
applications depending upon which key is the latest. Moreover, HP-UX Internet Services users
cannot use system Kerberos libraries to access system resources because of a mismatch in Kerberos
libraries on the system. The Internet Services (IS) suite utilizes its own Kerberos library set which
is delivered with the Internet Services product.
If you wish to use Kerberos in your network for other products as well as HP CIFS Server, you
may generate an /etc/krb5.keytab file from an HP CIFS Server and configure HP CIFS Server
to access the secret key from the /etc/krb5.keytab file instead of the
/var/opt/samba/private/secrets.tdb file. This feature provides Kerberos interoperability between
HP CIFS Server users and HP-UX Internet Services users. See Chapter 8 “Kerberos Support”, for
proper configuration.
HP-UX Kerberos Client Software and LDAP Integration Software
Dependencies
Kerberos v5 Client D.1.6.2 or later for HP-UX 11i v2 is required to support HP CIFS Server
integration with a Windows 2003 ADS Domain Controller (DC). Kerberos Client version 1.0 was
originally bundled on HP-UX 11i v2.
The following lists HP-UX Kerberos Client software dependencies:
Kerberos v5 Client D.1.6.2 or later for HP-UX 11i v2 is required for keytab file support.
Kerberos v5 Client D.1.6.2 or later for HP-UX 11i v2 is required for the encryption type
RC4-HMAC support.
Kerberos v5 Client D.1.6.2 requires Service Pack 1 on Windows 2003.
You can download the Kerberos v5 Client (KRB5CLIENT) product from the following Software
Depot web site:
http://www.hp.com/go/softwaredepot
Enter KRB5CLIENT in the search field.
Introduction 75