HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
NOTE: You must configure the port number :88 after the node name specified for the kdc
entry in the [realms]section. Kerberos v5 uses the port number 88 for the KDC service.
For detailed information on how to configure the /etc/krb5.conf file, refer to the
krb5.conf(4) man page.
3. Run the following commands to verify Kerberos configuration
log in as root
kinit <user> (e.g. Administrator@myrealm.xyz.com) (add user and password to a Windows
ADS DC if necessary)
The possible errors during verification are as follows:
• Pre-Authentication Failed means you have typed the password incorrectly.
• Clock skew too great means the time on the HP-UX machine is not synchronized
with the Windows domain controller. Execute the date command to reset the date or set
TZ=GMT and try again.
• You may see the warning message, kinit: KDC has no support for encryption
type while getting initial credentials. You must change your Administrator
password at least once from the original password that you used for Administrator when
installing your Windows 2000/2003 Domain.
This warning message is also displayed when you do not have appropriate encryption
methods set in the /etc/krb5.conf file.
• Check the content of the /etc/krb5.conf file for syntax or content errors and ensure
that port :88 has been added to the kdc entry in the [Realms] section.
4. Use the following procedures to configure the HP CIFS Server:
• For new installations, you can run /opt/samba/bin/samba_setup and choose ADS
Member Server.
For new installations, finish samba_setup commands and verify the following smb.conf
configuration items. samba_setup will then perform the "net ads join -U
Administrator%password" command to join the ADS domain for you.
[global]
workgroup = MYREALM # Domain Name
realm = MYREALM.XYZ.COM
security = ADS
domain master = no
encrypt passwords = yes
password server = adsdc.myrealm.xyz.com
netbios name = MYSERVER
• For existing installations, modify smb.conf configuration items as follows:
[global]
workgroup = MYREALM # Domain Name
realm = MYREALM.XYZ.COM
security = ADS
domain master = no
encrypt passwords = yes
password server = adsdc.myrealm.xyz.com
74 Windows 2003 and Windows 2008 domains