HP CIFS Server 3.0k Administrator's Guide version A.02.04

3. Run smbpasswd to add a trusting Windows domain Samba account to your trusted Samba
domain database and create a password for the trusting account. Use the same trusting
Windows domain name specified in step 1. This password is used by the trusting Windows
domain when it establishes the trust relationship.
For example, the following command adds the trusting Windows domain account,
windomainA, to the Samba domain database:
smbpasswd -a -i windomainA$
4. Run net rpc trustdom to establish the trust with the trusted Windows domain.
For example, the following command is used to establish the trust relationship with the
trusted windows domain name, windomainA:
net rpc trustdom establish windomainA
S <ADS domain controller server name> U windomainA\\Administrator%pw
5. Use the following command to verify the trust relationship:
net rpc trustdom list -U root/%pw
Establishing a Trust Relationship on an HP CIFS Member Server of a Windows 2003
or Windows 2008 Domain
HP CIFS Servers will not automatically recognize all intra/inter-forest trusts. CIFS member servers
will recognize most parent-child and child-child relationships and shortcut trusts but you may
need to use Windows Administrators Tool “Active Directory Domains and Trusts to
establish explicit shortcut trusts where other trusts are desired.
In order for an HP CIFS Member of a Windows 2003 or Windows 2008 Domain to recognize
trusts established by its Domain Server, its /etc/krb5.conf file must declare the trusted
domains in the [realms] section (only – not [domain_realm]). For example, an HP CIFS
member of Windows 2000/2003 Domain, mydom, which trusts trust1dom and trust2dom
might have the /etc/krb5.conf file as follows:
[libdefaults]
default_realm = MYDOM.ORG.HP.COM
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
ccache_type = 2
[realms]
MYDOM.ORG.HP.COM = {
kdc = myserv.mydom.org.hp.com:88
admin_server = myserv.mydom.org.hp.com
}
TRUST1DOM.ORG.HP.COM = {
kdc = trust1serv.trust1dom.org.hp.com:88
admin_server = trust1serv.trust1dom.org.hp.com
}
TRUST2DOM.ORG.HP.COM = {
kdc = trust2serv.trust2dom.org.hp.com:88
admin_server = trust2serv.trust2dom.org.hp.com
}
[domain_realm]
.org.hp.com = MYDOM.ORG.HP.COM
[logging]
kdc = FILE:/var/opt/samba/log.krb5kdc
admin_server = FILE:/var/opt/samba/log.kadmin
default = FILE:/var/opt/samba/log.krb5lib
~
84 Windows 2003 and Windows 2008 Domains