HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Steps to download the CA certificates from Windows CA Server
Use the following steps to download the Certificate Authority certificates from a Windows 2003
CA Server using Mozilla browser 1.6.0.01.00:
1. You must install Mozilla browser on your HP-UX system.
2. Log in your HP CIFS Server machine as root.
3. Use the following command to setup your DISPLAY environment variable on your HP CIFS
Server machine:
export DISPLAY = your_machine_IP:0.0
4. Run the following command to start Mozilla browser:
/opt/mozilla/bin/mozilla &
5. Use Mozilla browser to connect to your Windows CA Server.
The following shows an example of using a link to connect to your Windows CA Server:
http://ADS CA Server name/Certsrv
6. Provide administrator and password information after you connect to your CA Server.
7. Click on the “Download a CA Certificate, Certificate Chain, or CRL” link.
8. Check “Base 64” in the Encoding method field.
9. Click on the “Download CA Certificate” link.
10. Check the “Trust this CA to identify web sites”, “Trust this CA to
identify email user”, and “Trust this CA to identify software
developers” check boxes in the Downloading Certificate window screen. Then click
the OK button.
11. Click the Open button when the file download window appears.
12. Check the “Install Certificate” button.
13. Click Next.
14. Use “Automatically select the certificate store based on the type of
certificate”. Then click the Next button.
15. Click the Finish button.
16. The CA certificates are downloaded to the following two files on your HP CIFS Server system:
/.mozilla/default/*.slt/cert8.db
/.mozilla/default/*.slt/key3.db
17. You can simply copy certificates to the file location you want. The default location of the
certificate database files is /etc/opt/ldapux. For example, the following commands copy
certificates from the /.mozilla/default/*.slt directory to the /etc/opt/samba
directory:
cd /.mozilla/default/*.slt
cp cert8.db /etc/opt/samba/cert8.db
cp key3.db /etc/opt/samba/key3.db
18. Run the following command to verify whether the certificates wok with a Windows ADS:
ldapsearch -h ADS_server_name -Z -P /etc/opt/samba/cert8.db -s base \
-b "" “(objectclass=*)”
The results from the command display if the certificates work.
Configuring HP CIFS Server to enable startTLS
To configure HP CIFS Server to enable startTLS in a Windows 2000/2003 domain, you must
configure the smb.conf file which specifies the name of ADS Kerberos realm, ADS security,
70 Windows 2003 and Windows 2008 domains