HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
For the latest LDAP Integration software, download the product from the following web site:
http://www.hp.com/go/softwaredepot
Enter LDAP-UX Integration for HP-UX in the search field.
Strong authentication support
When you enable LDAP server signing with required signing for strong authentication support on
a Windows 2000/2003 ADS Domain Controller (DC), you can enable an extended operation of
Transport Layer Security (TLS) protocol called startTLS on an HP CIFS Server to provide signing
negotiation with a Windows ADS DC. The SSL/TLS protocol provides secure communication
between an HP CIFS Server and a Windows 2000/2003 ADS DC. You have flexibility to use an
un-encrypted port, 389, to establish an encrypted connection when using the startTLS feature.
If you want to enable startTLS for strong authentication support, you must perform the following
tasks before you follow the instructions to run the kinit and net ads join commands as
described in “Step-by-step procedure” (page 73) to join an HP CIFS Server to a Windows
2000/2003 ADS domain as a domain member server:
• Install Certification Authority (CA) on a Windows ADS Server.
• Download and install the certificate database files, cert8.db and key3.db on the HP CIFS
Server machine from a Windows CA Server.
• Configure HP CIFS Server to enable the startTLS feature.
Steps to install Certification Authority (CA) on a Windows ADS server
You need to install SSL/TLS Certification Authority (CA) on a Windows ADS Server before you
download the certificate database file, cert8.db and key3.db, on your HP CIFS Server machine.
If you have installed MS IIS Service, you must stop and restart MS IIS Service while installing CA.
NOTE: If a previous CA has been installed on your Windows ADS Server and the CA services
do not work, you must remove them before you reinstall CA. For detailed information on how to
manually remove Windows Certificate Authority from a Windows 2000/2003 domain, refer to
a document from Microsoft at:
http://support.microsoft.com/kb/555151/en-us
The following steps show you how to install MS CA on a Windows ADS Server using MS Certificate
Service Installation Wizard:
1. Select Control Panel -> ADD-Remove Programs -> Add-Remove Windows
Components.
2. Check Certificate Service.
3. Check Application Server.
4. Click Next button.
5. Select Enterprise Root Certificate Authority .
6. Provide a common name (CN) for the system. It must be a fully qualified domain name.
7. Specify Certificate database settings log location. For example,
C:\Windows\system32\CertLog.
8. To install CA services, you must temperately stop MS IIS Service if you have installed it. Then,
restart it after installation of CA services is completed.
9. Run Certificate Services in Administrator Tools to verify that installation of Windows Certificate
Authority succeeds.
10. Access web browser at http://ads_CA_server/certsrv.
Strong authentication support 69