HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
10. Once the selected user is presented in the Enter the object name to select list,
click the OK button to get in the permission entry for Computers window.
11. In the Permissions dialog box, check Create Computer Objects and Delete
Computer Objects selections.
12. Click on the OK button
13. Click on the Apply button.
14. Click on the OK button on the Advanced Security Setting for Computers window.
15. Click on the OK button on the Computers Properties window.
Step-by-step procedure
Use the following instructions to join an HP CIFS Server to a Windows 2000/2003 ADS Domain
as a member server:
1. Verify that LDAP-UX Integration product has been installed on your HP CIFS Server:
swlist | grep J4269AA
Consult “Installing LDAP-UX Client Services on an HP CIFS Server” (page 82) in Chapter 6,
"LDAP Integration Support" if necessary.
2. On your HP CIFS Server, you need to create the Kerberos configuration file, /etc/krb5.conf,
which specifies the default realm, the location of a Key Distribution Center (KDC) server and
the logging file names. The Kerberos client depends on the configuration to locate the realm's
KDC.
If there is no /etc/krb5.conf file in existence at the time that
/opt/samba/bin/samba_setup is run, samba_setup will attempt to create and validate
an appropriately configured krb5.conf file based on the answers to the questions asked
when 'ads member server' is chosen.
The following is an example of /etc/krb5.conf which has the realm MYREALM.XYZ.COM,
and machine adsdc.myrealm.xyz.com as a KDC:
# Kerberos Configuration #
# #
# This krb5.conf file is intended as an example only. #
# See krb5.conf(4) for more details. #
#
# Please verify that you have created the directory /var/log.#
# #
# Replace MYREALM.XYZ.COM with your kerberos Realm. #
# Replace adsdc.myrealm.xyz.com with your Windows ADS DC full#
# domain name. #
# #
[libdefaults]
default_realm = MYREALM.XYZ.COM
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
ccache_type = 2
[realms]
MYREALM.XYZ.COM = {
kdc = adsdc.myrealm.xyz.com:88
admin_server = adsdc.myrealm.xyz.com
}
[domain_realm]
.xyz.com = MYREALM.XYZ.COM
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
Joining an HP CIFS Server to a Windows 2000, Windows 2003, and Windows 2008 domain 73