HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
• Downloads the configuration profile from the directory to the client.
• Starts the product daemon, ldapclientd.
4. Modify the files /etc/pam.conf and /etc/nsswitch.conf on the client to specify
Kerberos authentication and LDAP name service, respectively.
Configuring /etc/krb5.conf to authenticate using Kerberos
On your HP CIFS Server, you need to create the Kerberos configuration file, /etc/krb5.conf,
which specifies the default realm, the location of a Key Distribution Center (KDC) server and the
logging file names. The Kerberos client depends on the configuration to locate the realm's KDC.
The following is an example of /etc/krb5.conf which has the realm
CIFSW2KSFU.ORG.HP.COM, and machine hostA.org.hp.com as a KDC:
[libdefaults]
default_realm = CIFSW2KSFU.ORG.HP.COM #Samba Domain
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
ccache_type = 2
[realms]
CIFSW2KSFU.ORG.HP.COM = {
kdc = hostA.org.hp.com:88
admin_server = hostA.org.hp.com }
[domain_realm]
.org.hp.com = CIFSW2KSFU.ORG.HP.COM
[logging]
kdc = FILE: /var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/opt/KRB5lib.log
Installing SFU 3.5 on a Window 2000 or 2003 domain controller
POSIX accounts have some attributes, such as user ID, login shell, and home directory, which are
not used by Windows 2000 or 2003. To use Active Directory as a data repository for HP-UX users,
you must install SFU Version 3.5 on a Windows 2000 or 2003 domain controller. SFU is used to
extend the Active Directory schema to include the POSIX schema. For detailed installation instructions
for SFU 3.5, refer to Chapter 2 "Installing LDAP-UX Client Services", in LDAP-UX Client Services
with Windows 2000 Active Directory Server Administrator's Guide, available at http://docs.hp.com.
For more information on SFU, refer to the Microsoft web site at http://www.microsoft.com/
windows2000/sfu/.
NOTE: You need to install the LDAP-UX Client Services software on an HP CIFS member server
before installing SFU on a Windows 2000 or 2003 domain controller.
An example of the Unified Domain Model
Figure 9-10 shows an example of the Unified Domain Model which has the realm named
HPCIFSW2KSFU.ORG.HP.COM, an ADS domain controller machine hpntcdn, an HP CIFS Server
machinehostD acting as a member server and the Windows NT machine with IP address
1.13.112.166 as the WINs server.
130 HP CIFS deployment models