HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
• Service Pack 1 is recommended for Windows 2003, and required for inter-operation with
Kerberos v5 Client D.1.6.2 or later on HP-UX 11i v2 or Kerberos v5 Client E.1.6.2 or later
on HP-UX 11i v3.
• HP-UX LDAP-UX Integration product
• Windows 2000, Windows 2003, or Windows 2008 Server domain.
• Windows 2000 or Windows XP Client
Configuring krb5.keytab
Here are the required components to configure HP CIFS Server with HP-UX Internet Services
co-existence:
• Kerberos v5 Client D.1.6.2 or later on HP-UX 11i v2 or Kerberos v5 Client E.1.6.2 or later
on HP-UX 11i v3.
• /etc/krb5.conf file
• /etc/opt/samba/smb.conf file
• /etc/krb5.keytab file
• net ads keytab create command
The first task is to configure HP CIFS Server for Kerberos authentication and join it to a Windows
domain.
Use the following steps to generate a valid keytab file and to configure an HP CIFS Server to access
the keytab file:
1. Add the default_keytab_name parameter with the FILE attribute in the /etc/krb5.conf
file. The Kerberos v5 Client D.1.6.2 or later on HP-UX 11i v2 or Kerberos v5 Client E.1.6.2
or later on HP-UX 11i v3 is required for the FILE attribute.
An example of /etc/krb5.conf for HP CIFS Server keytab creation is as follows:
# Kerberos configuration
[libdefaults]
default_realm = MYREALM.HP.COM
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
[realms]
MYREALM.HP.COM = {
kdc = HPWIN2K4.MYREALM.HP.COM:88
admin_server = HPWIN2K4.MYREALM.HP.COM
}
[domain_realm]
.hp.com = MYREALM.HP.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
2. To configure the HP CIFS Server to read /etc/krb5.keytab, set the Kerberos method
parameter in the /etc/opt/samba/smb.conf file to dedicated keytab = <keytab
file location>.
NOTE: You can also use the Kerberos method = system keytab parameter to
configure HP CIFS Server without specifying the dedicated keytab file parameter.
An example of /etc/opt/samba/smb.conf is as follows:
[global]
112 Kerberos support